Cool VL Viewer forum

View unanswered posts | View active topics It is currently 2017-05-01 02:21:20



Reply to topic  [ 9 posts ] 
Download warning by chrome, probably false positive 
Author Message

Joined: 2012-02-09 21:01:50
Posts: 284
Reply with quote
Hello Henri,

just want to inform you that Chrome treats the experimental windows archive as malicious and blocks the download.

I guess it's a false positive, though.

VirusTotal marks it as clean (Detection ratio: 0 / 51). :-)


2014-04-12 18:53:42
Profile

Joined: 2009-03-17 18:42:51
Posts: 3543
Reply with quote
All the files I put up for download have been scanned (twice actually: before packaging and after) with an up to date ClamWin anti-virus.

The system I use to compile and package the viewer is also clean (bare Windows 7 installation + VS2010: nothing else) and used exclusively for this purpose.

My local network is also behind a Linux firewall. In over 20 years, the machines in my local network never caught any virus or worm.

So, if you get a positive, it's most likely a false one (but it never hurts to double or triple check with yet another anti-virus software to confirm): a common issue with "heuristic" anti-virus software that makes assumption about code sequences instead of comparing the code with a signature database of known viruses. Such heuristic anti-virus software is highly unreliable, and will most likely fire up on program files such as SLPlugin.exe, which purpose is to launch other programs (plugins), this activity being wrongly flagged as "suspect"...

Of course, the file you downloaded could have been infected on my ISP's server (it's not the case: I just re-downloaded it and checked), or on your own computer... To check, compute its md5sum and compare it with the ones below:
  • CoolVLViewer-1.26.8.55-Windows-Setup.exe : bd345f5e06b5989e7c3a34e88206c637
  • CoolVLViewer-1.26.10.18-Windows-Setup.exe : c9850c59ce8a5dc3344427877776b045
  • CoolVLViewer-1.26.11.18-Windows-Setup.exe : e57276981e3c78eedcafda5a3f339fea


2014-04-12 21:33:25
Profile WWW

Joined: 2012-02-09 21:01:50
Posts: 284
Reply with quote
Yah, those 51 scanners on VirusTotal say it's not infected. :)

But wanted to inform you that people might get those warning when downloading it with chrome.

\e57276981e3c78eedcafda5a3f339fea *D:\\Download\\Unchecked\\CoolVLViewer-1.26.11.18-Windows-Setup.exe

I got a valid MD5 on my side, so chrome has a problem. :P


2014-04-13 07:03:12
Profile

Joined: 2009-03-17 18:42:51
Posts: 3543
Reply with quote
Tillie wrote:
I got a valid MD5 on my side, so chrome has a problem. :P
Why using Big Brother's browser anyway ?... It's asking for troubles (and for an easier tracking by Google... and therefore by the NSA as well)... Use Pale Moon (or Pale Moon for Linux): I would have recommended Firefox, a few months ago, but their UI dumbification towards Australis is just unacceptable, just like the v2/3 viewer UI is unacceptable to me.


2014-04-13 07:14:55
Profile WWW

Joined: 2012-02-09 21:01:50
Posts: 284
Reply with quote
Thanks for the tip. :D


2014-04-21 11:08:39
Profile

Joined: 2014-05-25 11:29:02
Posts: 8
Reply with quote
I've just been trying to download the latest version. I get a message blocking the download due to a malicious file. I went to allow it and got a message saying something like 'you may have used this before but the site may have been hacked' or something like that. I'm sure if it had I'd know by now, but I am curious about the file that's being blocked and just checking that everything is ok really


2014-05-25 11:38:18
Profile

Joined: 2009-03-17 18:42:51
Posts: 3543
Reply with quote
CullyAndel wrote:
I've just been trying to download the latest version. I get a message blocking the download due to a malicious file. I went to allow it and got a message saying something like 'you may have used this before but the site may have been hacked' or something like that. I'm sure if it had I'd know by now, but I am curious about the file that's being blocked and just checking that everything is ok really
Message merged with the relevant topic.

You can ignore that false positive that some(AFAIK, just one) lame browsers spew at you...

To reassure you, here are the md5sums for the current releases:
  • CoolVLViewer-1.26.8.60-Linux-x86-Setup: ec52c294fc525d3169d8db3282a4bb40
  • CoolVLViewer-1.26.12.2-Linux-x86-Setup: 0f42e3272bbf1bf1e4d99dea601e614f
  • CoolVLViewer-1.26.12.2-no_jemalloc-Linux-x86-Setup: 5db1acdcda9bb7d9472ccb5fb9c42764
  • CoolVLViewer-1.26.8.60-Windows-Setup.exe: c568ac573bd84b80fc4de91c71ef6710
  • CoolVLViewer-1.26.12.2-Windows-Setup.exe: 39ccc492db2307cfecc3c2da33e45603
To check them against your downloaded file(s) just use "md5sum" under Linux or WinHasher under Windows.

And, please, consider using a decent browser instead. I'd personally warmly recommend Pale Moon (which bears the same philosophy as the Cool VL Viewer: don't subdue to the current UI dumbification trend. A tool shall be adapted to its users: it's not to the users to have to make time-wasting and productivity-harming efforts to adapt themselves to a tool !).


2014-05-25 13:17:42
Profile WWW

Joined: 2014-12-17 16:34:51
Posts: 6
Reply with quote
Latest version detected as a false Positive by Panda Free Antivirus (most recent signature update)

(Installer and installed executable both)

Disabeld AV to install and whitelisted the install folder so I'm unaffected now

The Virustotal website lists 1/54 AVs report it as infected, excluding Panda - but that's a 2 day old virus signature version

https://www.virustotal.com/en/file/0b26 ... 447085194/


2015-11-09 16:08:55
Profile

Joined: 2009-03-17 18:42:51
Posts: 3543
Reply with quote
Vraiment wrote:
Latest version detected as a false Positive by Panda Free Antivirus (most recent signature update)

(Installer and installed executable both)

Disabeld AV to install and whitelisted the install folder so I'm unaffected now

The Virustotal website lists 1/54 AVs report it as infected, excluding Panda - but that's a 2 day old virus signature version

https://www.virustotal.com/en/file/0b26 ... 447085194/


Just another false positive... Disable the "heuristic" scanning method (which attempts to make (uneducated) guesses on the dangerosity of some code sequences) in your anti-virus: it systematically finds false positives (especially in compressed files such as installers, because it confuses compressed data with CPU opcodes !), in every anti-virus using it.

Check by yourself with Google safe-browsing report


2015-11-09 18:41:36
Profile WWW
Display posts from previous:  Sort by  
Reply to topic   [ 9 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software.