Hi! Thanks for the quick versionThe new version is no longer detected by my ClamAV as a virus.What's very strange is that I re-run the test in virustotal for meld.exe. Same hash, same filename, but now with 6/51 detection ratemeldc.exe however, has much lower detection ratio (3/50)It may be worth noticing that none of the antivirus agrees on the type of virus being detected, meaning it's a high chance of being a false positive (one of the initial fears is that the uploader/packager's PC is infected).Compressed files are always hard to detect by antiviruses. Is the compression ratio really that high to justify UPX/MPRESS?CheersMatíasIMPORTANT:
The information contained in this email may be commercially sensitive and/or legally privileged.
It is intended solely for the person(s) to whom it is addressed. If the reader of this message is not the intended recipient, you are on notice of its status and hereby notified that your access is unauthorized, and any review,
dissemination, distribution, disclose or copying of this message including any attachments is strictly prohibited.
Please notify the sender immediately by reply e-mail and then delete this message from your system.
De: Keegan Witt <keeganwitt gmail com>
Para: Meld List <meld-list gnome org>
Enviado: domingo, 2 de febrero de 2014 23:46
Asunto: Re: [Windows] ClamAV detects Meld as a Trojan.
Thank you for pointing this out. For what it's worth, I assure you it's clean :) I did some Googling, it seems antivirus programs have been flagging executables compressed with UPX as being trojans. I updated my AutoHotkey I've been using to compile meld.exe and meldc.exe, the new version now uses MPRESS for compression instead of UPX. When I re-ran the scan with the recompiled versions, it looked cleaner, but there were engines that kept timing out. But when I ran the scan on just meld.exe, only Rising and VBA32 complained so I think I'm on to something here. Could you see if you are able to get a complete result with the test versions I've uploaded here: https://sourceforge.net/projects/meld-installer/files/Testing/? If it looks like this improves the false positives (which given what I saw with meld.exe results, it should) I'll go ahead and move these out of testing as an official release.-KeeganOn Sun, Feb 2, 2014 at 5:19 PM, Michael Mientus <mmientus eagleseven com> wrote:
I have not had a problem with the Windows installer from SourceForge.You might open a ticket with your vendor to have them take a look at it. And make an exception in your antivirus software as a workaround.MikeFrom: meld-list [mailto:meld-list-bounces gnome org] On Behalf Of Matias N. Goldberg
Sent: Sunday, February 02, 2014 1:45 PM
To: meld-list gnome org
Subject: [Windows] ClamAV detects Meld as a Trojan.Hi everyone!I'm new to this newslist. Please, excuse me if I'm in the wrong place.I've subscribed just to report that ClamAV detects "meld-1.8.4.0.exe" as a Trojan:D:\Downloads\meld-1.8.4.0.exe: Win.Trojan.Autoit-734 FOUNDI downloaded the Zip version and the problem persisted:D:\Downloads\meld-1.8.4.0\meld\meld.exe: Win.Trojan.Autoit-734 FOUNDD:\Downloads\meld-1.8.4.0\meld\meldc.exe: Win.Trojan.Autoit-734 FOUND----------- SCAN SUMMARY -----------Known viruses: 3099685Engine version: 0.98Scanned directories: 771Scanned files: 12171Infected files: 2I uploaded the file meld.exe to virustotal.com 5/49 and out of them reported as Trojan:Antivirus ResultUpdateKingsoft Win32.Troj.IAgent.wt.(kcloud) 20130829McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140202Rising PE:Spyware.KeyLogger!1.9F7B 20140202TheHacker Trojan/AutoHK.ed 20140202TrendMicro-HouseCall TROJ_GEN.F47V1205 20140202Interestingly their ClamAV didn't detect it (my definitions are up to date).I did not research into whether this is a false positive or actual infected files.Looks like I will have to try compiling from source, which doesn't look straightforward.CheersMatiasIMPORTANT:
The information contained in this email may be commercially sensitive and/or legally privileged.
It is intended solely for the person(s) to whom it is addressed. If the reader of this message is not the intended recipient, you are on notice of its status and hereby notified that your access is unauthorized, and any review,
dissemination, distribution, disclose or copying of this message including any attachments is strictly prohibited.
Please notify the sender immediately by reply e-mail and then delete this message from your system.
_______________________________________________
meld-list mailing list
meld-list gnome org
https://mail.gnome.org/mailman/listinfo/meld-list_______________________________________________
meld-list mailing list
meld-list gnome org
https://mail.gnome.org/mailman/listinfo/meld-list
_______________________________________________
meld-list mailing list
meld-list gnome org
https://mail.gnome.org/mailman/listinfo/meld-list