Re: [Windows] ClamAV detects Meld as a Trojan.

[Keegan Witt <keeganwitt gmail com>]

Thank you for pointing this out.  For what it's worth, I assure you it's clean :)  I did some Googling, it seems antivirus programs have been flagging executables compressed with UPX as being trojans.  I updated my AutoHotkey I've been using to compile meld.exe and meldc.exe, the new version now uses MPRESS for compression instead of UPX.  When I re-ran the scan with the recompiled versions, it looked cleaner, but there were engines that kept timing out.  But when I ran the scan on just meld.exe, only Rising and VBA32 complained so I think I'm on to something here.  Could you see if you are able to get a complete result with the test versions I've uploaded here: https://sourceforge.net/projects/meld-installer/files/Testing/?  If it looks like this improves the false positives (which given what I saw with meld.exe results, it should) I'll go ahead and move these out of testing as an official release.

-Keegan

On Sun, Feb 2, 2014 at 5:19 PM, Michael Mientus <mmientus eagleseven com> wrote:

I have not had a problem with the Windows installer from SourceForge.

 

http://sourceforge.net/projects/meld-installer/

 

You might open a ticket with your vendor to have them take a look at it. And make an exception in your antivirus software as a workaround.

 

Mike

 

 

From: meld-list [mailto:meld-list-bounces gnome org] On Behalf Of Matias N. Goldberg
Sent: Sunday, February 02, 2014 1:45 PM
To: meld-list gnome org
Subject: [Windows] ClamAV detects Meld as a Trojan.

 

Hi everyone!

 

I'm new to this newslist. Please, excuse me if I'm in the wrong place.

 

I've subscribed just to report that ClamAV detects "meld-1.8.4.0.exe" as a Trojan:

 

D:\Downloads\meld-1.8.4.0.exe: Win.Trojan.Autoit-734 FOUND

 

I downloaded the Zip version and the problem persisted:

D:\Downloads\meld-1.8.4.0\meld\meld.exe: Win.Trojan.Autoit-734 FOUND

D:\Downloads\meld-1.8.4.0\meld\meldc.exe: Win.Trojan.Autoit-734 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 3099685

Engine version: 0.98

Scanned directories: 771

Scanned files: 12171

Infected files: 2

 

I uploaded the file meld.exe to virustotal.com 5/49 and out of them reported as Trojan:

 

Antivirus           Result

            Update

Kingsoft                          Win32.Troj.IAgent.wt.(kcloud)  20130829

McAfee-GW-Edition        Heuristic.BehavesLike.Win32.ModifiedUPX.C    20140202

Rising                             PE:Spyware.KeyLogger!1.9F7B           20140202

TheHacker                               Trojan/AutoHK.ed            20140202

TrendMicro-HouseCall      TROJ_GEN.F47V1205 20140202

 

Interestingly their ClamAV didn't detect it (my definitions are up to date).

 

I did not research into whether this is a false positive or actual infected files.

Looks like I will have to try compiling from source, which doesn't look straightforward.

 

Cheers

Matias

 

IMPORTANT:
The information contained in this email may be commercially sensitive and/or legally privileged.
It is intended solely for the person(s) to whom it is addressed. If the reader of this message is not the intended recipient, you are on notice of its status and hereby notified that your access is unauthorized, and any review,
dissemination, distribution, disclose or copying of this message including any attachments is strictly prohibited.
Please notify the sender immediately by reply e-mail and then delete this message from your system.

 

_______________________________________________
meld-list mailing list
meld-list gnome org
https://mail.gnome.org/mailman/listinfo/meld-list