Author Topic: 2.7.3 Virus - real or false positive?  (Read 961 times)

andrewk8

  • Jr. Member
  • **
  • Posts: 50
2.7.3 Virus - real or false positive?
« on: March 22, 2019, 10:15:28 PM »
When you run the installer, you get the splash screen for a few seconds.  Then it closes.  .exe setup file is gone.

Found the .exe in my Avast virus chest.  Avast flags it containing IDP.ARES.Generic.

Downloaded Windows x64 from fosshub.

eumagga0x2a

  • Moderator
  • Hero Member
  • *****
  • Posts: 4063
Re: 2.7.3 Virus - real or false positive?
« Reply #1 on: March 22, 2019, 11:52:16 PM »
https://www.virustotal.com/gui/file/eb2e264b261d023d3b6891877dd8b5f9b6e32300ab363c2e04a60b5085ba4051/detection

No scanner detected anything, including Avast. Did you verify the checksum of the file?

andrewk8

  • Jr. Member
  • **
  • Posts: 50
Re: 2.7.3 Virus - real or false positive?
« Reply #2 on: March 23, 2019, 01:03:27 AM »
If the file on fosshub is infected, then all I'm doing is verifying my signature with the infected signature on fosshub???

My MD5SUM matches fosshub signature. You gave a SHA256 that matches fosshub signature.  So the two files are the same.  Was your virustotal link from fosshub binary or compiled from source?

Scanning the .exe with Avast gives no threats found.  It is only after the installer starts that Avast aborts the install and throws the binary in its virus chest.

Two things have changed, right.  Since 2.7.2, ADM was compiled with MSVC++ (instead of mingw?)??  I installed 2.7.2 without issue.  Second, 2.7.3 is new.  What's different?

eumagga0x2a

  • Moderator
  • Hero Member
  • *****
  • Posts: 4063
Re: 2.7.3 Virus - real or false positive?
« Reply #3 on: March 23, 2019, 01:23:22 AM »
The SHA256 checksum verifies that VirusTotal analysed the binary uploaded to fosshub (the SHA256 checksum is the part of the URL), it is also how this service fingerprints the files it scans. I don't have setup to compile Avidemux on Windows yet.

I assume that it is a usual false positive (I had also no issues installing and running the officially released binary). It is also impossible to identify which factors triggered a particular detection. All code changes are listed on https://github.com/mean00/avidemux2/commits/ffmpeg4x



andrewk8

  • Jr. Member
  • **
  • Posts: 50
Re: 2.7.3 Virus - real or false positive?
« Reply #4 on: March 26, 2019, 01:47:49 AM »
Saturday, I uploaded the installer to Avast.  This morning they said they fixed their issue.  Today I was able to install it.

I'm using their free product. Not even a paid subscriber.  Kudos to Avast.  Less than 48 hour response.

Quote
Thank you for reporting this.

Our virus specialists have been working on this problem and the provided file has been whitelisted.

For future reference you might also find the following article to be useful: https://support.avast.com/en-ww/article/Threat-Lab-clean-guideline

Best Regards,
Prokop
The Avast Support Team