Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keka is being flagged by 2 vendors on Virus Total #1470

Closed
paul-cossey opened this issue Jun 19, 2024 · 6 comments
Closed

Keka is being flagged by 2 vendors on Virus Total #1470

paul-cossey opened this issue Jun 19, 2024 · 6 comments
Assignees
@aonez
Labels
bug core fixed
Milestone
macOS-1.4.1

Comments

@paul-cossey
Copy link

Configuration

  • Keka version: 1.4.0
  • macOS version: N/A

Describe the bug

Hi, folks

This isn't really a bug, but not sure where else to submit.

We use AutoPkg to download and automatically upload files to Virus Total for scanning before we add any updated software to our repo for installation on client computers. If Virus Total scans have 2 or more flags by a security vendor, it'll immediately halt the automation for investigation.

The latest version of Keka has been flagged by two vendors which you can see via this URL: https://www.virustotal.com/gui/file/0097bef454b341daaf2cf218c1c527287b4d38500daa35ccb345c7b30a8835fe/detection

I'm pretty sure there are false positives, as the detections look like they're windows based malware.
Trojan.Win32.Save.a
Win.MxResIcn.Heur.Gen

Raising as you may wish to work with the vendors to resolve the detections.

To Reproduce

Steps to reproduce the behavior:

  1. Download latest Keka from the Git Hub Releases page
  2. Upload to https://www.virustotal.com

Expected behavior

Keka passes all vendor detections on https://www.virustotal.com

Screenshots

Screenshot 2024-06-19 at 11 42 43

Additional context

N/A
@aonez
Copy link
Owner

aonez commented Jun 19, 2024 via email

@aonez aonez added this to the macOS-1.4.1 milestone Jun 20, 2024
@aonez
Copy link
Owner

aonez commented Jun 20, 2024

Just figured it out, the detected files are 7z.sfx and Rar.sfx. They are new to v1.4.0 and add the ability to create self-extraction files for Windows.

Most probably the detection is caused by the UPX size reduction I've applied to this modules, so will use the uncompressed original versions instead to prevent this kind false positive.

Will release v1.4.1 to fix this right as soon as possible. Thanks again for the feedback @paul-cossey.

@paul-cossey
Copy link
Author

paul-cossey commented Jun 20, 2024
edited
Loading

Thanks for the swift fix, @aonez 😄

@aonez
Copy link
Owner

aonez commented Jun 20, 2024

Sadly all official 7z.sfx modules are flagged by 2-4 not that well known antivirus.

@aonez
Copy link
Owner

aonez commented Jun 24, 2024

I've added the affected modules compressed and encrypted. They're only extracted and used if needed (by enabling the SFX options on 7Z or RAR). The updated version is scheduled for tomorrow. Thanks again @paul-cossey!

@aonez aonez closed this as completed Jun 25, 2024
@paul-cossey
Copy link
Author

Thanks, @aonez 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aonez aonez

Labels
bug core fixed
Projects
None yet
Milestone
macOS-1.4.1
Development

No branches or pull requests
2 participants
@aonez @paul-cossey