Skip to content
This repository has been archived by the owner on Oct 9, 2020. It is now read-only.

TT raises 1/70 malware alert on VirusTotal + Symantec fail #201

Open
jasonbrown1965 opened this issue Jun 12, 2019 · 2 comments
Open

TT raises 1/70 malware alert on VirusTotal + Symantec fail #201

jasonbrown1965 opened this issue Jun 12, 2019 · 2 comments
Labels
help wanted Extra attention is needed needs more info platform/windows

Comments

@jasonbrown1965
Copy link

Expected Behavior

That Tweet-tray would get a clean bill of health from VirusTotal

Current Behavior

VirusTotal returns an alert from one of 70 malware scan engines, namely BKAV, a Vietnamese-based authority recognised by Google et al. Specifically, a "HW32.Packed"
See:
https://www.virustotal.com/gui/file/f7eb18938766fe68dcc9cba06ccab6f8d44ca2ee6710669ea5cdc4d5e3345050/detection

image

Possible Solution

False positive? Be good to get confirmation from BKAV themselves.

Context

Not criticism, but should be addressed. So far my experience in open source is to be brusquely rejected, be great to see a great looking app get past what might just be a technical glitch.

Code Sample

Not possible because not installed after seeing VirusTotal alert.

Your Environment

Downloaded tweet-tray from this site, uploaded to Virus Total, via Iridium, on Win 7 Pro, all usuals up to date.

Software Version(s)
Package
Runtime
Package Manager
Operating System
@jonathontoon
Copy link
Owner

jonathontoon commented Jun 15, 2019
edited

Thanks for reporting @jasonbrown1965.

This is a bit out of the range of my capability to solve at present but from what I have been able to gather the false positive is being generated by the electron bundler which I rely on from electron-react-boilerplate.

The exact detection you mentioned also seems to have cropped up in some fairly high-profile projects too.

Another thing which may be the culprit is that Windows installers which are not signed (which I have not bothered to do due to the purpose of this project) may result in some funky behavior like you have mentioned.

I'll keep this issue open for the sake of transparency and in case any one else has additional experience which could be offered as a solution.

@jonathontoon jonathontoon pinned this issue Jun 15, 2019
@jasonbrown1965
Copy link
Author

Seems a fair precis of what the links say.

To be fair, there's a fair blizzard of failed certification out there - have to check https and certification warnings one, two, sometimes three dozen times a day. Used to be a dozen times a year, ah! More innocent times ...

Off topic, but may I also ask if there are any github protocols around reporting issues? I looked up issues in help but doesn't really go into what makes a good report. Utterly confused because I can spot errors well enough, but different sites seem to have different protocols.

Thanks for the response, the transparency, and your civility !

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted Extra attention is needed needs more info platform/windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonathontoon @jasonbrown1965