ocornut/meka

VirusTotal warnings again

LeonisX opened this issue ยท 8 comments

https://www.virustotal.com/gui/file/bef1057e26ca839e07e32e64c5c96e6022f43b948300badccc87c35bbcb413da

24 security vendors flagged this file as malicious.

Latest release : https://github.com/ocornut/meka/releases/tag/meka-20210726

I understand that this is a false positive, but the search engines will pessimize the smspover.org website and this repository too. Need to do something.

well, as i see, the only problem is that Meka has a executable file, which is Meka.exe, and that is what the security vendors are flagging as malicious. I saw it happening while tried to add some zipped attachments to gmail, some time ago.

for me there are two quick-and-dirty solutions:

  • Not distribute the executable, forcing the user to complile it from source
  • Try to mask the executable, either by renaming the extension, zipping it or other way. I once was able to send exe using gmail by zipping it and renaming the file to .zap

It can be also a minGW issue:
https://stackoverflow.com/questions/62364507/compiled-c-executable-is-detected-as-a-virus-by-windows-defender

@lucianoloder great link ๐Ÿ‘

Windows users are unlikely to compile the emulator on their own, this is not a trivial task.

Another option is to put a password on the archive.

It seems a painful manual process to report false positives. Example: https://service.mcafee.com/?articleId=TS103032&page=shell&shell=article-view

At this point in time it appears antiviruses are the malware themselves.
eg https://twitter.com/doctorow/status/1478479483585933312?s=21

The "debug" build is not flagged by all the scanners just one, it seems to be something the compiler does in "release" mode. But i guess more software should be hit by the compiler optimizations.

May be try to use mingw-w64/CodeBlock's MinGW instead of mingw.org, as suggested here https://stackoverflow.com/questions/62364507/compiled-c-executable-is-detected-as-a-virus-by-windows-defender

I think the releases are built with MSVC.

It's a bad experience for normal users to get a warning on the file when they try to run it (as Windows does by default now). A virus checker pop up should stop them running it at all. We hate antivirus because it is malware but we can't hate our users...