Text only | Text with Images

Avidemux Forum

Avidemux => Main version 2.6 => Topic started by: andrewk8 on March 22, 2019, 10:15:28 PM

Title: 2.7.3 Virus - real or false positive?
Post by: andrewk8 on March 22, 2019, 10:15:28 PM
When you run the installer, you get the splash screen for a few seconds.  Then it closes.  .exe setup file is gone.

Found the .exe in my Avast virus chest.  Avast flags it containing IDP.ARES.Generic.

Downloaded Windows x64 from fosshub.
Title: Re: 2.7.3 Virus - real or false positive?
Post by: eumagga0x2a on March 22, 2019, 11:52:16 PM
https://www.virustotal.com/gui/file/eb2e264b261d023d3b6891877dd8b5f9b6e32300ab363c2e04a60b5085ba4051/detection (https://www.virustotal.com/gui/file/eb2e264b261d023d3b6891877dd8b5f9b6e32300ab363c2e04a60b5085ba4051/detection)

No scanner detected anything, including Avast. Did you verify the checksum of the file?
Title: Re: 2.7.3 Virus - real or false positive?
Post by: andrewk8 on March 23, 2019, 01:03:27 AM
If the file on fosshub is infected, then all I'm doing is verifying my signature with the infected signature on fosshub???

My MD5SUM matches fosshub signature. You gave a SHA256 that matches fosshub signature.  So the two files are the same.  Was your virustotal link from fosshub binary or compiled from source?

Scanning the .exe with Avast gives no threats found.  It is only after the installer starts that Avast aborts the install and throws the binary in its virus chest.

Two things have changed, right.  Since 2.7.2, ADM was compiled with MSVC++ (instead of mingw?)??  I installed 2.7.2 without issue.  Second, 2.7.3 is new.  What's different?
Title: Re: 2.7.3 Virus - real or false positive?
Post by: eumagga0x2a on March 23, 2019, 01:23:22 AM
The SHA256 checksum verifies that VirusTotal analysed the binary uploaded to fosshub (the SHA256 checksum is the part of the URL), it is also how this service fingerprints the files it scans. I don't have setup to compile Avidemux on Windows yet.

I assume that it is a usual false positive (I had also no issues installing and running the officially released binary). It is also impossible to identify which factors triggered a particular detection. All code changes are listed on https://github.com/mean00/avidemux2/commits/ffmpeg4x


Title: Re: 2.7.3 Virus - real or false positive?
Post by: andrewk8 on March 26, 2019, 01:47:49 AM
Saturday, I uploaded the installer to Avast.  This morning they said they fixed their issue.  Today I was able to install it.

I'm using their free product. Not even a paid subscriber.  Kudos to Avast.  Less than 48 hour response.

QuoteThank you for reporting this.

Our virus specialists have been working on this problem and the provided file has been whitelisted.

For future reference you might also find the following article to be useful: https://support.avast.com/en-ww/article/Threat-Lab-clean-guideline

Best Regards,
Prokop
The Avast Support Team
Text only | Text with Images