1468067 - Firefox installer doesn't pass VirusTotal test

Status: RESOLVED INVALID

(Firefox :: Installer, defect)

Description

[Salvatore ILardo]

Attachment: Firefox_Installer.jpg

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36

Steps to reproduce:

Downloaded Firefox installer from https://download-installer.cdn.mozilla.net/pub/firefox/releases/60.0.2/win32/en-GB/Firefox%20Installer.exe



Actual results:

Uploaded the file in VirysTotal https://www.virustotal.com/#/home/upload
The file appears infected in 7zS.sfx


Expected results:

The file didn't pass Cylan and Antiy-AVL detection

Comment 1

[Matthias Versen [:Matti]]

This is a report URL:
https://www.virustotal.com/#/file/2c47201f53f76dd7469a591af273a79272ab80c668d76caec34b3be2b16842a7/detection

This is a false positive from 2 Antivirus engines. This is no bug in the installer or a something that Mozilla can change.

Comment 2

[Molly Howell (she/her) (no longer active)]

Thanks for reporting this. What you've got there is the correct official installer; you aren't being man-in-the-middle attacked and fed an infected one, and it isn't infected on our end either. These really are just standard false positives.

Cylance appears to be detecting anything that's been through UPX as unsafe. That's certainly a questionable thing to do, but it means that bug 1199754 would at least get rid of that particular detection. Antiy-AVL isn't doing that though, so I don't think there's any workaround available to us for it.

In any case, :Matti is right; this isn't our bug and we don't have a way to properly fix it.

Comment 3

[Michal Purzynski [:michal`] (use NEEDINFO)]

Packing Firefox installer with UPX is at least questionable