News:

--

Main Menu

2.7.3 Virus - real or false positive?

Started by andrewk8, March 22, 2019, 10:15:28 PM

Previous topic - Next topic

andrewk8

When you run the installer, you get the splash screen for a few seconds.  Then it closes.  .exe setup file is gone.

Found the .exe in my Avast virus chest.  Avast flags it containing IDP.ARES.Generic.

Downloaded Windows x64 from fosshub.

eumagga0x2a


andrewk8

If the file on fosshub is infected, then all I'm doing is verifying my signature with the infected signature on fosshub???

My MD5SUM matches fosshub signature. You gave a SHA256 that matches fosshub signature.  So the two files are the same.  Was your virustotal link from fosshub binary or compiled from source?

Scanning the .exe with Avast gives no threats found.  It is only after the installer starts that Avast aborts the install and throws the binary in its virus chest.

Two things have changed, right.  Since 2.7.2, ADM was compiled with MSVC++ (instead of mingw?)??  I installed 2.7.2 without issue.  Second, 2.7.3 is new.  What's different?

eumagga0x2a

The SHA256 checksum verifies that VirusTotal analysed the binary uploaded to fosshub (the SHA256 checksum is the part of the URL), it is also how this service fingerprints the files it scans. I don't have setup to compile Avidemux on Windows yet.

I assume that it is a usual false positive (I had also no issues installing and running the officially released binary). It is also impossible to identify which factors triggered a particular detection. All code changes are listed on https://github.com/mean00/avidemux2/commits/ffmpeg4x



andrewk8

Saturday, I uploaded the installer to Avast.  This morning they said they fixed their issue.  Today I was able to install it.

I'm using their free product. Not even a paid subscriber.  Kudos to Avast.  Less than 48 hour response.

QuoteThank you for reporting this.

Our virus specialists have been working on this problem and the provided file has been whitelisted.

For future reference you might also find the following article to be useful: https://support.avast.com/en-ww/article/Threat-Lab-clean-guideline

Best Regards,
Prokop
The Avast Support Team