Closed Bug 1214434 Opened 10 years ago Closed 10 years ago

Virus in Lightning : false positive ?

Categories

(Calendar :: Security, defect)

Product:
Calendar
Component:
Security
Version:
Lightning 4.0.3
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: david.vantyghem, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0 Build ID: 20151006000732 Steps to reproduce: Is it a false positive ? https://www.virustotal.com/fr/file/55e6c00d6775fddb263ad1a1df2d0d606f306afa10383eb42520811d93f094bf/analysis/1444773885/ Actual results: Checking https://addons.mozilla.org/thunderbird/downloads/latest/2313/platform:5/ Lightning module for Thunderbird version 4.0.3.1.
Group: mail-core-security
Component: Untriaged → Security
Product: Thunderbird → Calendar
Version: 38 → Lightning 4.0.3
OS: Unspecified → Windows 7
Hardware: Unspecified → x86_64
See Also: → 1214440
virustotal is definitely giving *VARIABLE* results, even with the same file hash: 55e6c00d6775fddb263ad1a1df2d0d606f306afa10383eb42520811d93f094bf * mine using the URL comes back with "0/65" https://www.virustotal.com/en/url/0da0bedf94dd430eaf3dd10a704b60a22e347312e8dffbed1a5b3b99fa6c5549/analysis/1444811666/ * mine using downloaded file using your url "0/54" https://www.virustotal.com/en/file/55e6c00d6775fddb263ad1a1df2d0d606f306afa10383eb42520811d93f094bf/analysis/1444811834/ * someone's results immediately prior to mine.. "File already analysed This file was last analysed by VirusTotal on 2015-10-14 08:34:36 UTC (2 minutes ago) it was first analysed by VirusTotal on 2015-10-08 17:58:15 UTC. Detection ratio: 0/48 You can take a look at the last analysis or analyse it again now."
wsmwk, your first link shows the results for the site, i.e. addons.mozilla.org. You need to follow the "Go to downloaded file analysis" link to get the results for lightning-4.0.3.1-sm+tb-windows.xpi. TrendMicro using 20151013 signatures marked the file as HEUR_HTJS.HDJSFN. TrendMicro using 20151014 signatures marked the file as OK. All other 55 scanners marked the file as OK too. So yes, this just looks like a false positive that was fixed by signature update.
Not the Mozilla issue. Antivirus need to add file as false positive to its database.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.