Anyway, according to the official website "Vistumbler is wireless
network scanner", aka a hack tool and should be detected as PUA at minimum.
https://www.clamav.net/documents/potentially-unwanted-applications-pua
Le 09/04/2021 à 05:59, Eero Volotinen a écrit :
got response:
” There are three downloads available for 10.7 The SHA256 of those files
should be
Vistumbler_v10-7.exe -
ECA2ACE14102F623E1C2490257FB645611314C918E45A845AE7337CEFA6FFD01
Vistumbler_v10-7.zip -
7CC806B74131BCCA5AE11EE81E39152DBC61F1477108FFDE7E416927C196DBA0
Vistumbler_v10-7_Portable.zip -
F729B9BBAEADFF288D78655B996102CC4274CB2D5527F58A1464EEF3BE9D636C
All 3 should contain the same files.
* the non portable zip is just vistumbler with default settings
(storing data in your profile temp directory and documents folder)
* the exe file is just the zip file packed into an installer with NSIS
( https://nsis.sourceforge.io/Main_Page
<https://nsis.sourceforge.io/Main_Page> )
* the portable version has different settings which cause temp files
and save files to be stored inside the same directory as the program
(better for portable use) instead of inside your windows profile.
I went and reanalyzed the file you submitted to virus total and it looks
like bitdefender no longer considers them viruses, so it seems they
consider it a false positive. You can see if you go to the link you
posted above,
https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detection
<https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detection>bitdefender
has removed the detection”
Eero
On Thu 8. Apr 2021 at 17.02, Andrew C Aitchison via clamav-users
<clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
wrote:
On Thu, 8 Apr 2021, Eero Volotinen wrote:
>
https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe
<https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe>
>
> Looks like this is (vistumbler) detected as false positive.
and
On Thu, 8 Apr 2021, Arnaud Jacques wrote:
> At first look, ClamAV is not the only one that flags it as malware :
>
https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection
<https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection>
and https://vistumbler.en.lo4d.com/virus-malware-tests
<https://vistumbler.en.lo4d.com/virus-malware-tests>
but that has a different sha256sum.
Hmm.
If I feed the github URL into virustotal it comes up clean
https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection
<https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection>
but if I download the file and give that to virustotal I get
https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection
<https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection>
(the bit between file/ and /detection matches the sha256sum of my
file and that on https://vistumbler.en.lo4d.com/virus-malware-tests
<https://vistumbler.en.lo4d.com/virus-malware-tests> ).
Initially that page reported
19 security vendors flagged this file as malicious
Size 6.92 MB
direct-cpu-clock-access invalid-signature
nsis overlay peexe runtime-modules signed
but when I asked virustotal to rescan, "19 security vendors" changed
to "16 security vendors".
I have put my copy at:
https://www.aitchison.me.uk/Vistumbler_v10-7.eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01.exe
<https://www.aitchison.me.uk/Vistumbler_v10-7.eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01.exe>
I think this means that raw.github.com <http://raw.github.com> has
given out at least three
different versions of this file. Eero, could you pass this back to
the Vistumbler developer "Andrew" (Calcutt?) please ?
# file Vistumbler_v10-7.exe
Vistumbler_v10-7.exe: PE32 executable (GUI) Intel 80386, for MS Windows,
Nullsoft Installer self-extracting archive
# host raw.github.com <http://raw.github.com>
raw.github.com <http://raw.github.com> has address 185.199.108.133
raw.github.com <http://raw.github.com> has address 185.199.109.133
raw.github.com <http://raw.github.com> has address 185.199.110.133
raw.github.com <http://raw.github.com> has address 185.199.111.133
On Thu, 8 Apr 2021, Eero Volotinen wrote:
> comment from developer
>
> "Unfortunately autoit, which vistumbler is written in, gets flagged
> as a false positive a lot. Vistumbler has struggled with this since
> the beginning.
>
> I recently submitted the 10.7 release files to microsoft for false
> detection and they removed the false detection, so i think these
> files are fine. However I have also just submitted a false positive
> report to bitdefender, so we can see if they remove it too.
>
> If vistumbler gets flagged by your AV company, my suggestion is to
> submit it as a false positive to them. I really don't have the time
> to chase down all these AV companies.
>
> -Andrew"
Not sure about this as it is open source, but if I were paying for
the software I would expect them to liase with the AV companies.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk <mailto:and...@aitchison.me.uk>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
<https://lists.clamav.net/mailman/listinfo/clamav-users>
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
<https://github.com/vrtadmin/clamav-faq>
http://www.clamav.net/contact.html#ml
<http://www.clamav.net/contact.html#ml>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Signatures for ClamAV antivirus : http://ow.ly/LqfdL
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
