Open
Bug 1089178
Opened 10 years ago
Updated 2 years ago
Antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a Trojan/Malware (False Positive)
Categories
(Core :: CSS Parsing and Computation, defect)
Core
CSS Parsing and Computation
Tracking
()
REOPENED
People
(Reporter: bobowen, Unassigned)
References
()
Details
Attachments
(5 files)
Screen Shot from VirusTotal, 2016-04-05 at 06.27.17
I normally have virus scanning turned off on my build directory for performance reasons. However I just moved the build directory and hadn't updated the exclusions and Avira free antivirus started reporting obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a TR/Dropper.Gen Trojan. I scanned the file at https://www.virustotal.com/uk/ and out of the 54 scan engines only Avira identified it as infected. I assume this is just a false-positive, but thought I'd raise the bug just for the record.
|
||
Updated•9 years ago
|
OS: Windows 7 → Windows
QA Contact: Tobias.Besemer
Hardware: x86_64 → Unspecified
|
|
||
Comment 1•9 years ago
|
||
Can you please attach the file to the bug
Assignee: nobody → Tobias.Besemer
Flags: needinfo?(bobowen.code)
Hardware: Unspecified → x86_64
|
|
||
Updated•9 years ago
|
Summary: Avira free antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a TR/Dropper.Gen Trojan → Avira Antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a TR/Dropper.Gen Trojan
|
Reporter | |
Comment 2•9 years ago
|
||
I've just checked and it is still happening.
Flags: needinfo?(bobowen.code)
|
|
||
Comment 3•9 years ago
|
||
Hi Bob, thank you for attaching the file! :-) I'm being part of the Avira Beta Community, so I will upload it there in the bug tracker ... If you have in future virus samples (or samples of files that are "False Positive"), then you can upload them from within Avira Antivir, in the Quarantine, or do it here: https://analysis.avira.com/en/submit Thank you again for you help! :-) Greets, Tobias.
|
|
Reporter | |
Comment 4•9 years ago
|
||
(In reply to Tobias B. Besemer [:BesTo] (QA) from comment #3) > I'm being part of the Avira Beta Community, so I will upload it there in the > bug tracker ... Thanks, can you drop a link to it here when you do, just so we can track things.
|
|
||
Comment 5•9 years ago
|
||
(In reply to Bob Owen (:bobowen) from comment #4) > (In reply to Tobias B. Besemer [:BesTo] (QA) from comment #3) > > > I'm being part of the Avira Beta Community, so I will upload it there in the > > bug tracker ... > Thanks, can you drop a link to it here when you do, just so we can track > things. Everybody can join the Beta Tester Community here: https://betacenter.avira.com/open/ But to have access to the tracker, you have to be registered there ... If you join the community, you find find the bug here: https://betacenter.avira.com/project/feedback/view.html?cap=a788d05206e74fec88a6c705f84f23e7&uf=965F2AC2BE154B0F918C685A0BDC0238 But I guess the problem will be fix in one of the updates to the virus database in the next days ... ;-) I will also give you here a feedback and close the bug. You can then (after that) verify me, that everything is OK again.
|
|
||
Comment 6•8 years ago
|
||
(In reply to Bob Owen (:bobowen) from comment #4) > (In reply to Tobias B. Besemer [:BesTo] (QA) from comment #3) > > > I'm being part of the Avira Beta Community, so I will upload it there in the > > bug tracker ... > > Thanks, can you drop a link to it here when you do, just so we can track > things. Hi! Seems the beta team forgot to update the bug... :-/ (In reply to Tobias B. Besemer [:BesTo] (QA) from comment #5) > If you join the community, you find find the bug here: > https://betacenter.avira.com/project/feedback/view. > html?cap=a788d05206e74fec88a6c705f84f23e7&uf=965F2AC2BE154B0F918C685A0BDC0238 Did a new scan with VirusTotal: https://www.virustotal.com/de/file/265de4fd0ebd9815cce1e4503e6cc13f05b94b2fc93d802f8ac1b00ef979fd28/analysis/1459830131/ Avira was OK, but had a "HEUR/QVM10.1.0000.Malware.Gen" with "Qihoo-360" ("360 Total Security") in the signatures of 20160405. (I will attach a screenshot.) So I uploaded the sample here: https://www.360totalsecurity.com/en/suspicion/ And got a mail, that "Proper actions have been taken.". (I will attach a screenshot, too.) So it should be fixed in the next signatures... (In reply to Tobias B. Besemer [:BesTo] (QA) from comment #5) > I will also give you here a feedback and close the bug. > You can then (after that) verify me, that everything is OK again. Bob, can you verify it? Greets, Tobias.
Summary: Avira Antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a TR/Dropper.Gen Trojan → Antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a Trojan/Malware (False Positive) (Avira / Qihoo-360 [360 Total Security])
|
|
||
Comment 7•8 years ago
|
||
|
|
||
Comment 8•8 years ago
|
||
|
|
||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
|
||
Comment 9•8 years ago
|
||
Great f*ck!
Now I have a "False Positive" ("PE:Malware.Generic/QRS!1.9E2D [F]") with "Rising"!
https://www.virustotal.com/de/file/265de4fd0ebd9815cce1e4503e6cc13f05b94b2fc93d802f8ac1b00ef979fd28/analysis/1459845682/
Will submit the sample...Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: Antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a Trojan/Malware (False Positive) (Avira / Qihoo-360 [360 Total Security]) → Antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a Trojan/Malware (False Positive) (Avira / Qihoo-360 [360 Total Security] / Rising)
|
|
Reporter | |
Comment 10•8 years ago
|
||
(In reply to Tobias B. Besemer [:BesTo] (QA) from comment #6) > Bob, can you verify it? No longer reporting any issues when I do an on demand scan of that file, thanks.
|
|
||
Comment 11•8 years ago
|
||
|
|
||
Comment 12•8 years ago
|
||
(In reply to Bob Owen (:bobowen) from comment #10) > (In reply to Tobias B. Besemer [:BesTo] (QA) from comment #6) > > > Bob, can you verify it? > > No longer reporting any issues when I do an on demand scan of that file, > thanks. Great! No prob! :-) "Inquiries number" at "Rising" is: RS20160405163948921105 To check here: http://mailcenter.rising.com.cn/filecheck_en/
|
|
||
Comment 13•8 years ago
|
||
|
|
||
Comment 14•7 years ago
|
||
Open page -> https://www.virustotal.com/de/url/786842bc45be7289d2480db71fd7402fd0fb34bcfe5e78467017fe62e78f68a0/analysis/1500748773/ -> then change to file scan -> https://www.virustotal.com/de/file/17c399175f7ff1228654ca83382f665f8e8c60e3ab8606dcf5aad605f989a8a7/analysis/1500748777/ ATM reported from Baidu, Cylance and Rising. Reported as 'False Positive' to Rising. http://mailcenter.rising.com.cn/filecheck_en/Default.aspx Inquiries number: RS20170723023542765532 Reported as 'False Positive' to Baidu. http://antivirus.baidu.com/en/submit-file.php Cylance: Opened a case. https://support.cylance.com/s/NewCase?currentUserIsGuest=true
OS: Windows → All
Hardware: x86_64 → All
Summary: Antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a Trojan/Malware (False Positive) (Avira / Qihoo-360 [360 Total Security] / Rising) → Antivirus reports file obj-i686-pc-mingw32\layout\style\test\host_ListCSSProperties.exe as containing a Trojan/Malware (False Positive)
|
|
||
Comment 15•7 years ago
|
||
Got this Email from Cylance and have no clue what it means: > The file in question has not been found to be effecting any of our customer environments. > If one of our customer reports this file as a false positive, impacting business functionality, > we will investigate further. Until then, the Cylance score will remain as is. Now TrendMicro-HouseCall reports it, too... :-/ https://www.virustotal.com/de/file/17c399175f7ff1228654ca83382f665f8e8c60e3ab8606dcf5aad605f989a8a7/analysis/1500920603/ ...gets a never ending story... :-/
|
||
Comment 16•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months, so the assignee is being reset.
Assignee: Tobias.Besemer → nobody
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•