Menu

#1449 VirusTotal has 4 malware alerts

v1.0_(example)
closed
nobody
None
1
2022-02-12
2018-06-17
MoisheP
No

Scanning docfetcher_1.1.20_win32_setup.exe in VirusTotal shows malware alerts from Antiy-AVL, Babable, Bkav, Jiangmin & Adware/Agent.eda. Unpacking the executlable and testing the source files show an issue with the uninstaller -- so it appears these false alerts are due to the uninstaller, and perhaps installer, files, rather than any issue with the execellent DocFetcher, itself.

Related

Bugs: #1449

Discussion

  • Nam-Quang Tran

    Nam-Quang Tran - 2018-06-18

    Hi,

    thanks for reporting. It's possible that the machine on which the installer was created was infected, so I recreated the installer on the older machine on which previous DocFetcher releases were built. Could you please test whether the following new installer still triggers malware alerts? Thanks.

    http://docfetcher.sourceforge.net/docfetcher_1.1.20_win32_setup.exe

    Best regards
    q:-) <= Quang

     

  • Nam-Quang Tran

    Nam-Quang Tran - 2018-06-18

    I've also taken down and reuploaded the potentially infected official 1.1.20 installer, just to make sure no more people will be downloading infected software.

     

    • MoisheP

      MoisheP - 2018-06-19

      Tran,

      Thank you for your prompt response! The testing below shows you've
      resolved any outstanding issue I'd noticed regarding the build for v.
      1.1.20, and have contributed an excellent search utility that works
      across a number of platforms.

      Again, thanks for continued development of this tool!

      Bart

      Testing:

      After downloading the Windows installer at 23:13 GMT, 81.06.2018, I
      checked the full install, /docfetcher_1.1.20_win32_setup.exe/, at
      VirusTotal and it showed no issue was detected by any of 65 antimalware
      engines. Great!

      The three Windows executables were extracted from the installer and
      tested. /
      /

      • /docfetcher.exe/ showed a single alert, just "Unsafe", from Cylance
        out of 65 tests - apparently Cylance's heuristics are a bit
        pessimistic, and no specific malware was identified.
      • /uninstaller.exe/ and /docfetcher-daemon-windows.exe/ passed /all/
        VirusTotal checks.
      • /All/ extracted files were scanned by a local antimalware suite,
        including /jar/ archives, and again, no issue was found.

      I then uninstalled /DocFetcher/ v. 1.1.19 and as expected, it removed
      all files, folders and indexes, including the daemon, which had been
      active. (BTW, the uninstaller did not remove itself from Windows'
      /Program and Features/ list, though Windows uninstaller deleted the
      reference when I clicked on it again. Not a problem.)

      /Docfetcher/ v. 1.1.20 installed without issue in about ten seconds (!).
      An index was built on 33,148 mixed-type files in a folder and subfolders
      (and files within executables that could be unzipped) in 476 seconds,
      most impressive.
      A few searches showed the new index works, though on a large result set
      the message "DocFetcher has run out of memory." was shown... and then
      the exception was handled and /DocFetcher/ continued to work! This is
      not an issue: the standard /DocFetcher.exe/ was used as installed for
      test purposes, though I'll now replace it with
      /DocFetcher-2048_64-bit-Java.exe/, so memory problems are less likely.

      Bart

      On 6/18/2018 4:10 AM, Nam-Quang Tran wrote:

      I've also taken down and reuploaded the potentially infected official
      1.1.20 installer, just to make sure no more people will be downloading
      infected software.

      [bugs:#1449] https://sourceforge.net/p/docfetcher/bugs/1449/
      VirusTotal has 4 malware alerts

      Status: open
      Group: v1.0_(example)
      Created: Sun Jun 17, 2018 08:10 PM UTC by MoisheP
      Last Updated: Mon Jun 18, 2018 08:02 AM UTC
      Owner: nobody

      Scanning docfetcher_1.1.20_win32_setup.exe in VirusTotal shows malware
      alerts from Antiy-AVL, Babable, Bkav, Jiangmin & Adware/Agent.eda.
      Unpacking the executlable and testing the source files show an issue
      with the uninstaller -- so it appears these false alerts are due to
      the uninstaller, and perhaps installer, files, rather than any issue
      with the execellent DocFetcher, itself.

      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/docfetcher/bugs/1449/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

       

      Related

      Bugs: #1449

      alternate

  • Nam-Quang Tran

    Nam-Quang Tran - 2018-06-19
    • status: open --> closed
     

  • Nam-Quang Tran

    Nam-Quang Tran - 2018-06-19

    Thanks for the detailed and informative report :-)

     

  • Nam-Quang Tran

    Nam-Quang Tran - 2018-06-22

    New release 1.1.21 is out. It was built on the older machine, so there should be no malware issues this time.

     

  • Anonymous

    Anonymous - 2022-02-12

    HI,
    Virustotal now has 2 security warnings for version 1.1.23:
    Trojan.Slntscn24.bVVB1s
    Adware/Agent.eda

     

Anonymous
Anonymous

Add attachments
Cancel





MongoDB Logo MongoDB