Cool VL Viewer forum
http://sldev.free.fr/forum/

Download warning by chrome, probably false positive
http://sldev.free.fr/forum/viewtopic.php?f=6&t=1406
Page 1 of 1

Author:  Tillie [ 2014-04-12 18:53:42 ]
Post subject:  Download warning by chrome, probably false positive

Hello Henri,

just want to inform you that Chrome treats the experimental windows archive as malicious and blocks the download.

I guess it's a false positive, though.

VirusTotal marks it as clean (Detection ratio: 0 / 51). :-)

Author:  Henri Beauchamp [ 2014-04-12 21:33:25 ]
Post subject:  Re: Download warning by chrome, probably false positive

All the files I put up for download have been scanned (twice actually: before packaging and after) with an up to date ClamWin anti-virus.

The system I use to compile and package the viewer is also clean (bare Windows 7 installation + VS2010: nothing else) and used exclusively for this purpose.

My local network is also behind a Linux firewall. In over 20 years, the machines in my local network never caught any virus or worm.

So, if you get a positive, it's most likely a false one (but it never hurts to double or triple check with yet another anti-virus software to confirm): a common issue with "heuristic" anti-virus software that makes assumption about code sequences instead of comparing the code with a signature database of known viruses. Such heuristic anti-virus software is highly unreliable, and will most likely fire up on program files such as SLPlugin.exe, which purpose is to launch other programs (plugins), this activity being wrongly flagged as "suspect"...

Of course, the file you downloaded could have been infected on my ISP's server (it's not the case: I just re-downloaded it and checked), or on your own computer... To check, compute its md5sum and compare it with the ones below:
  • CoolVLViewer-1.26.8.55-Windows-Setup.exe : bd345f5e06b5989e7c3a34e88206c637
  • CoolVLViewer-1.26.10.18-Windows-Setup.exe : c9850c59ce8a5dc3344427877776b045
  • CoolVLViewer-1.26.11.18-Windows-Setup.exe : e57276981e3c78eedcafda5a3f339fea

Author:  Tillie [ 2014-04-13 07:03:12 ]
Post subject:  Re: Download warning by chrome, probably false positive

Yah, those 51 scanners on VirusTotal say it's not infected. :)

But wanted to inform you that people might get those warning when downloading it with chrome.

\e57276981e3c78eedcafda5a3f339fea *D:\\Download\\Unchecked\\CoolVLViewer-1.26.11.18-Windows-Setup.exe

I got a valid MD5 on my side, so chrome has a problem. :P

Author:  Henri Beauchamp [ 2014-04-13 07:14:55 ]
Post subject:  Re: Download warning by chrome, probably false positive

Tillie wrote:
I got a valid MD5 on my side, so chrome has a problem. :P
Why using Big Brother's browser anyway ?... It's asking for troubles (and for an easier tracking by Google... and therefore by the NSA as well)... Use Pale Moon (or Pale Moon for Linux): I would have recommended Firefox, a few months ago, but their UI dumbification towards Australis is just unacceptable, just like the v2/3 viewer UI is unacceptable to me.

Author:  Tillie [ 2014-04-21 11:08:39 ]
Post subject:  Re: Download warning by chrome, probably false positive

Thanks for the tip. :D

Author:  CullyAndel [ 2014-05-25 11:38:18 ]
Post subject:  Download problem

I've just been trying to download the latest version. I get a message blocking the download due to a malicious file. I went to allow it and got a message saying something like 'you may have used this before but the site may have been hacked' or something like that. I'm sure if it had I'd know by now, but I am curious about the file that's being blocked and just checking that everything is ok really

Author:  Henri Beauchamp [ 2014-05-25 13:17:42 ]
Post subject:  Re: Download problem

CullyAndel wrote:
I've just been trying to download the latest version. I get a message blocking the download due to a malicious file. I went to allow it and got a message saying something like 'you may have used this before but the site may have been hacked' or something like that. I'm sure if it had I'd know by now, but I am curious about the file that's being blocked and just checking that everything is ok really
Message merged with the relevant topic.

You can ignore that false positive that some(AFAIK, just one) lame browsers spew at you...

To reassure you, here are the md5sums for the current releases:
  • CoolVLViewer-1.26.8.60-Linux-x86-Setup: ec52c294fc525d3169d8db3282a4bb40
  • CoolVLViewer-1.26.12.2-Linux-x86-Setup: 0f42e3272bbf1bf1e4d99dea601e614f
  • CoolVLViewer-1.26.12.2-no_jemalloc-Linux-x86-Setup: 5db1acdcda9bb7d9472ccb5fb9c42764
  • CoolVLViewer-1.26.8.60-Windows-Setup.exe: c568ac573bd84b80fc4de91c71ef6710
  • CoolVLViewer-1.26.12.2-Windows-Setup.exe: 39ccc492db2307cfecc3c2da33e45603
To check them against your downloaded file(s) just use "md5sum" under Linux or WinHasher under Windows.

And, please, consider using a decent browser instead. I'd personally warmly recommend Pale Moon (which bears the same philosophy as the Cool VL Viewer: don't subdue to the current UI dumbification trend. A tool shall be adapted to its users: it's not to the users to have to make time-wasting and productivity-harming efforts to adapt themselves to a tool !).

Author:  Vraiment [ 2015-11-09 16:08:55 ]
Post subject:  Re: Download warning by chrome, probably false positive

Latest version detected as a false Positive by Panda Free Antivirus (most recent signature update)

(Installer and installed executable both)

Disabeld AV to install and whitelisted the install folder so I'm unaffected now

The Virustotal website lists 1/54 AVs report it as infected, excluding Panda - but that's a 2 day old virus signature version

https://www.virustotal.com/en/file/0b26 ... 447085194/

Author:  Henri Beauchamp [ 2015-11-09 18:41:36 ]
Post subject:  Re: Download warning by chrome, probably false positive

Vraiment wrote:
Latest version detected as a false Positive by Panda Free Antivirus (most recent signature update)

(Installer and installed executable both)

Disabeld AV to install and whitelisted the install folder so I'm unaffected now

The Virustotal website lists 1/54 AVs report it as infected, excluding Panda - but that's a 2 day old virus signature version

https://www.virustotal.com/en/file/0b26 ... 447085194/


Just another false positive... Disable the "heuristic" scanning method (which attempts to make (uneducated) guesses on the dangerosity of some code sequences) in your anti-virus: it systematically finds false positives (especially in compressed files such as installers, because it confuses compressed data with CPU opcodes !), in every anti-virus using it.

Check by yourself with Google safe-browsing report

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/