Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(SOLVED) VirusTotal 10 engines detect Malware in Windows installation zip #140

Closed
brie0 opened this issue Nov 24, 2017 · 3 comments
Closed

Comments

@brie0
Copy link

brie0 commented Nov 24, 2017

Hello,

First time using github. I was looking for an open source alternative to RescueTime and stumbled on ActivityWatch via Alternativeto.net.

I plugged the file into VirusTotal.com and 10 engines have flagged it as unsafe, including AVG and Avast.

I don't have a grasp of how softwares work, but I know ActivityWatch requires certain access that might cause its files to be flagged by antivirus softwares for malware and such.

What I'd like to know is if the file is still safe? Is there a checksum available we can compare to ensure the integrity of the files downloaded?

Thanks,
Brie

@ErikBjare
Copy link
Member

ErikBjare commented Nov 24, 2017

Hi @brie0, thanks for reaching out.

We've had someone ask us about this before but then only one engine reported it as unsafe. The sha256 hash of the file is 320a3ed29ee87fa9de5b497f396f597ce51b74d91a5bbb9673d68ad5b7cbdb8b and the md5 is 3027b08f3afd863ac716a3bdce43e858 so that's the same as the file you submitted to VirusTotal.

In general, we expect some antivirus systems to suspect ActivityWatch of being malware since it does things like inspect window titles and listen to mouse & keyboard activity (some engines seem to indicate that they are indeed just guessing by reporting the threat type as "heuristic" and "suspicious"). This would be the reasonable thing to do for them until they learn that we're not doing anything sketchy.

Another possibility is that the method we use to build the zips, PyInstaller, is also presumably used to build spyware, and the antivirus engines might have learned that and therefore think ActivityWatch is also malware (which might also be why they report "Malware-gen"). I hope this situation will improve over time.

So this should be nothing to worry about, let us know if you have any more questions.

@ErikBjare
Copy link
Member

Closing this for now, as there isn't much we can do about it.

@brie0
Copy link
Author

brie0 commented Nov 24, 2017

Hi @ErikBjare,

The sha256 and md5 is indeed the same. I also get to learn a little something about antivirus systems, how ActivityWatch works, and the existence of PyInstaller.

It's going to be a good day for me.

Thanks for the super speedy reply and detailed explanation,
Brie

@brie0 brie0 changed the title VirusTotal 10 engines detect Malware in Windows installation zip (SOLVED) VirusTotal 10 engines detect Malware in Windows installation zip Nov 24, 2017
vasuemme111 pushed a commit to vasuemme111/activitywatch that referenced this issue Mar 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants