got response: ” There are three downloads available for 10.7 The SHA256 of those files should be
Vistumbler_v10-7.exe - ECA2ACE14102F623E1C2490257FB645611314C918E45A845AE7337CEFA6FFD01 Vistumbler_v10-7.zip - 7CC806B74131BCCA5AE11EE81E39152DBC61F1477108FFDE7E416927C196DBA0 Vistumbler_v10-7_Portable.zip - F729B9BBAEADFF288D78655B996102CC4274CB2D5527F58A1464EEF3BE9D636C All 3 should contain the same files. - the non portable zip is just vistumbler with default settings (storing data in your profile temp directory and documents folder) - the exe file is just the zip file packed into an installer with NSIS ( https://nsis.sourceforge.io/Main_Page ) - the portable version has different settings which cause temp files and save files to be stored inside the same directory as the program (better for portable use) instead of inside your windows profile. I went and reanalyzed the file you submitted to virus total and it looks like bitdefender no longer considers them viruses, so it seems they consider it a false positive. You can see if you go to the link you posted above, https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detectionbitdefender has removed the detection” Eero On Thu 8. Apr 2021 at 17.02, Andrew C Aitchison via clamav-users < clamav-users@lists.clamav.net> wrote: > > On Thu, 8 Apr 2021, Eero Volotinen wrote: > > > > https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe > > > > Looks like this is (vistumbler) detected as false positive. > > and > > On Thu, 8 Apr 2021, Arnaud Jacques wrote: > > At first look, ClamAV is not the only one that flags it as malware : > > > https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection > > and https://vistumbler.en.lo4d.com/virus-malware-tests > but that has a different sha256sum. > Hmm. > > If I feed the github URL into virustotal it comes up clean > > https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection > > but if I download the file and give that to virustotal I get > > https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection > (the bit between file/ and /detection matches the sha256sum of my file and > that on https://vistumbler.en.lo4d.com/virus-malware-tests ). > > Initially that page reported > 19 security vendors flagged this file as malicious > Size 6.92 MB > direct-cpu-clock-access invalid-signature > nsis overlay peexe runtime-modules signed > but when I asked virustotal to rescan, "19 security vendors" changed to > "16 security vendors". > > I have put my copy at: > > https://www.aitchison.me.uk/Vistumbler_v10-7.eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01.exe > > I think this means that raw.github.com has given out at least three > different versions of this file. Eero, could you pass this back to > the Vistumbler developer "Andrew" (Calcutt?) please ? > > # file Vistumbler_v10-7.exe > Vistumbler_v10-7.exe: PE32 executable (GUI) Intel 80386, for MS Windows, > Nullsoft Installer self-extracting archive > > # host raw.github.com > raw.github.com has address 185.199.108.133 > raw.github.com has address 185.199.109.133 > raw.github.com has address 185.199.110.133 > raw.github.com has address 185.199.111.133 > > On Thu, 8 Apr 2021, Eero Volotinen wrote: > > > comment from developer > > > > "Unfortunately autoit, which vistumbler is written in, gets flagged > > as a false positive a lot. Vistumbler has struggled with this since > > the beginning. > > > > I recently submitted the 10.7 release files to microsoft for false > > detection and they removed the false detection, so i think these > > files are fine. However I have also just submitted a false positive > > report to bitdefender, so we can see if they remove it too. > > > > If vistumbler gets flagged by your AV company, my suggestion is to > > submit it as a false positive to them. I really don't have the time > > to chase down all these AV companies. > > > > -Andrew" > > Not sure about this as it is open source, but if I were paying for > the software I would expect them to liase with the AV companies. > > -- > Andrew C. Aitchison Kendal, UK > and...@aitchison.me.uk > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
