Virus Total detections in 3.50 - false positives - Jiangmin/Zillya - worgtop
Brought to you by:
grzegok
Menu
▾
▴
1 Attachments
#233 Virus Total detections in 3.50 - false positives - Jiangmin/Zillya - worgtop
Hi team,
we currently see reports from two scanning engines on Virus Total reporting on downloadable ZIP package "launch4j-3.50-win32.zip" from sourceforge. See screenshot attached. This was confirmed using different systems in different networks to rule out local infections.
It is highly probable that this is a false positiv from the scanning engines "Jiangmin" and "Zillya".
We see the same very reports on exe files created for our jar with launch4j 3.50 signed with Microsoft signtool.
We use the maven plugin to run launch4j exe creation. We run the creation process on different build systems.
Question is how to deal with this? I contacted Zillya! support if they can confirm it is a false positive.
There are some other tickets open regarding similar issues. But the ideas - like code signing - brought up there do not seem to work.
All the best
SSC
Hi,
Are you using a self signed certificate for signing your jar or one from a
CA?
In case of launch4j itself this is a self signed one. Such heuristic based
false positives are difficult to overcome, I'd suggest using a CA
certificate and also consider not wrapping the jar but having the launcher
executable as a separate file.
Best regards,
Grzegorz
On Fri, Apr 26, 2024, 11:15 Stefan Schröder ssc9632134@users.sourceforge.net wrote:
Related
Bugs: #233
Hi Grzegorz,
thank your answer.
We are using a certificate from GlobalSign.
First we create the exe with launch4j then we sign it with Microsoft signtool. When showing the details for the exe Windows shows a tab "Signatures" which reports a valid certificate just fine.
The exe file created with launch4j is a pure launcher. It does not contain any jars just like you suggested.
All the best
SSC
Von: Grzegorz Kowal grzegok@users.sourceforge.net
Gesendet: Samstag, 27. April 2024 11:11
An: [launch4j:bugs]
Betreff: [launch4j:bugs] Re: #233 Virus Total detections in 3.50 - false positives - Jiangmin/Zillya - worgtop
Hi,
Are you using a self signed certificate for signing your jar or one from a
CA?
In case of launch4j itself this is a self signed one. Such heuristic based
false positives are difficult to overcome, I'd suggest using a CA
certificate and also consider not wrapping the jar but having the launcher
executable as a separate file.
Best regards,
Grzegorz
On Fri, Apr 26, 2024, 11:15 Stefan Schröder ssc9632134@users.sourceforge.net wrote:
[bugs:#233] Virus Total detections in 3.50 - false positives - Jiangmin/Zillya - worgtop
Status: open
Group: 3.x
Created: Fri Apr 26, 2024 09:15 AM UTC by Stefan Schröder
Last Updated: Fri Apr 26, 2024 09:15 AM UTC
Owner: nobody
Attachments:
worgtop.PNG (112.2 kB; image/png)
Hi team,
we currently see reports from two scanning engines on Virus Total reporting on downloadable ZIP package "launch4j-3.50-win32.zip" from sourceforge. See screenshot attached. This was confirmed using different systems in different networks to rule out local infections.
It is highly probable that this is a false positiv from the scanning engines "Jiangmin" and "Zillya".
We see the same very reports on exe files created for our jar with launch4j 3.50 signed with Microsoft signtool.
We use the maven plugin to run launch4j exe creation. We run the creation process on different build systems.
Question is how to deal with this? I contacted Zillya! support if they can confirm it is a false positive.
There are some other tickets open regarding similar issues. But the ideas - like code signing - brought up there do not seem to work.
All the best
SSC
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/launch4j/bugs/233/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs: #233