Well, wifi scanning tool is not really hacking tool. Eero
On Fri 9. Apr 2021 at 15.59, Arnaud Jacques <webmas...@securiteinfo.com> wrote: > Anyway, according to the official website "Vistumbler is wireless > network scanner", aka a hack tool and should be detected as PUA at minimum. > > https://www.clamav.net/documents/potentially-unwanted-applications-pua > > > Le 09/04/2021 à 05:59, Eero Volotinen a écrit : > > got response: > > > > ” There are three downloads available for 10.7 The SHA256 of those files > > should be > > > > Vistumbler_v10-7.exe - > > ECA2ACE14102F623E1C2490257FB645611314C918E45A845AE7337CEFA6FFD01 > > Vistumbler_v10-7.zip - > > 7CC806B74131BCCA5AE11EE81E39152DBC61F1477108FFDE7E416927C196DBA0 > > Vistumbler_v10-7_Portable.zip - > > F729B9BBAEADFF288D78655B996102CC4274CB2D5527F58A1464EEF3BE9D636C > > > > All 3 should contain the same files. > > > > * the non portable zip is just vistumbler with default settings > > (storing data in your profile temp directory and documents folder) > > * the exe file is just the zip file packed into an installer with NSIS > > ( https://nsis.sourceforge.io/Main_Page > > <https://nsis.sourceforge.io/Main_Page> ) > > * the portable version has different settings which cause temp files > > and save files to be stored inside the same directory as the program > > (better for portable use) instead of inside your windows profile. > > > > I went and reanalyzed the file you submitted to virus total and it looks > > like bitdefender no longer considers them viruses, so it seems they > > consider it a false positive. You can see if you go to the link you > > posted above, > > > https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detection > > < > https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detection>bitdefender > > > has removed the detection” > > > > > > Eero > > > > > > On Thu 8. Apr 2021 at 17.02, Andrew C Aitchison via clamav-users > > <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> > > wrote: > > > > > > On Thu, 8 Apr 2021, Eero Volotinen wrote: > > > > > > > > https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe > > < > https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe > > > > > > > > Looks like this is (vistumbler) detected as false positive. > > > > and > > > > On Thu, 8 Apr 2021, Arnaud Jacques wrote: > > > At first look, ClamAV is not the only one that flags it as > malware : > > > > > > https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection > > < > https://www.virustotal.com/gui/file/071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4/detection > > > > > > and https://vistumbler.en.lo4d.com/virus-malware-tests > > <https://vistumbler.en.lo4d.com/virus-malware-tests> > > but that has a different sha256sum. > > Hmm. > > > > If I feed the github URL into virustotal it comes up clean > > > https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection > > < > https://www.virustotal.com/gui/url/09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a/detection > > > > > > but if I download the file and give that to virustotal I get > > > https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection > > < > https://www.virustotal.com/gui/file/eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01/detection > > > > (the bit between file/ and /detection matches the sha256sum of my > > file and that on https://vistumbler.en.lo4d.com/virus-malware-tests > > <https://vistumbler.en.lo4d.com/virus-malware-tests> ). > > > > Initially that page reported > > 19 security vendors flagged this file as malicious > > Size 6.92 MB > > direct-cpu-clock-access invalid-signature > > nsis overlay peexe runtime-modules signed > > but when I asked virustotal to rescan, "19 security vendors" changed > > to "16 security vendors". > > > > I have put my copy at: > > > https://www.aitchison.me.uk/Vistumbler_v10-7.eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01.exe > > < > https://www.aitchison.me.uk/Vistumbler_v10-7.eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01.exe > > > > > > I think this means that raw.github.com <http://raw.github.com> has > > given out at least three > > different versions of this file. Eero, could you pass this back to > > the Vistumbler developer "Andrew" (Calcutt?) please ? > > > > # file Vistumbler_v10-7.exe > > Vistumbler_v10-7.exe: PE32 executable (GUI) Intel 80386, for MS > Windows, > > Nullsoft Installer self-extracting archive > > > > # host raw.github.com <http://raw.github.com> > > raw.github.com <http://raw.github.com> has address 185.199.108.133 > > raw.github.com <http://raw.github.com> has address 185.199.109.133 > > raw.github.com <http://raw.github.com> has address 185.199.110.133 > > raw.github.com <http://raw.github.com> has address 185.199.111.133 > > > > On Thu, 8 Apr 2021, Eero Volotinen wrote: > > > > > comment from developer > > > > > > "Unfortunately autoit, which vistumbler is written in, gets > flagged > > > as a false positive a lot. Vistumbler has struggled with this > since > > > the beginning. > > > > > > I recently submitted the 10.7 release files to microsoft for false > > > detection and they removed the false detection, so i think these > > > files are fine. However I have also just submitted a false > positive > > > report to bitdefender, so we can see if they remove it too. > > > > > > If vistumbler gets flagged by your AV company, my suggestion is to > > > submit it as a false positive to them. I really don't have the > time > > > to chase down all these AV companies. > > > > > > -Andrew" > > > > Not sure about this as it is open source, but if I were paying for > > the software I would expect them to liase with the AV companies. > > > > -- > > Andrew C. Aitchison Kendal, UK > > and...@aitchison.me.uk <mailto:and...@aitchison.me.uk> > > > > > > _______________________________________________ > > > > clamav-users mailing list > > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > > https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq> > > > > http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml> > > > > > > > > _______________________________________________ > > > > clamav-users mailing list > > clamav-users@lists.clamav.net > > https://lists.clamav.net/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > > -- > Cordialement / Best regards, > > Arnaud Jacques > Gérant de SecuriteInfo.com > > Téléphone : +33-(0)3.60.47.09.81 > E-mail : a...@securiteinfo.com > Site web : https://www.securiteinfo.com > Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 > Twitter : @SecuriteInfoCom > Signatures for ClamAV antivirus : http://ow.ly/LqfdL > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
