Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[virus detection] virustotal detects 1 malware > "Bkav Pro > W32.AIDetectMalware" - FALSE POSITIVE #49

Open
boly38 opened this issue Dec 1, 2024 · 3 comments
Open

[virus detection] virustotal detects 1 malware > "Bkav Pro > W32.AIDetectMalware" - FALSE POSITIVE #49

boly38 opened this issue Dec 1, 2024 · 3 comments

Comments

@boly38
Copy link
Collaborator

boly38 commented Dec 1, 2024
edited
Loading

by downloading chicken-bot.1.0.0.exe (from assets) on virustotal, this gives one result : Bkav Pro > W32.AIDetectMalware

I detect this short after having same issue on nuclear app I wanted to test
nukeop/nuclear#1742 (quoting reddit exchange too)

As here we are relying on electron library without any modification and we dont introduce any malicious download, this IS a false positive.
Need to

  • to search virustotal or alternate Bkav pro contact to send them the exe if possible (seems hard) - virustotal tech support
  • put this information in chicken-bot doc to tell users that i'ts false positive

related article
https://hackerdose.com/malware/w32-aidetectmalware-bkav-pro/
=> as there is only one too much sensitive detection engine that produce this result, this could be safely considered as false-positive. Be warn that if you've this result from 2 engines, this must take into consideration (article include the way to remove this threat)
@boly38
Copy link
Collaborator Author

boly38 commented Dec 1, 2024
edited
Loading

Send them support request:

Hi, the executable I'm building (ElectronJS + NodeJs) is reported with one malware from "Bkav Pro" > "W32.AIDetectMalware" and this is false positive as I dont introduce any downloader/Trojan in my code
https://github.com/chickarmy/chickenbot-web/issues/49

I'm not alone to get this false positive :
https://github.com/nukeop/nuclear/issues/1742
https://www.reddit.com/r/antivirus/comments/16uuun2/questions_about_w32aidetectmalware64/?tl=fr

so it would be great 1) to have a contact to "Bkav Pro" to make them improve their detection tool
or at least disable this engine if too much false positive are always reported because this makes overall tool less relevant ...

Best regard

NB: a quick search on GitHub issue results in 53 results !
https://github.com/search?q=%22W32.AIDetectMalware%22&type=issues

@boly38 boly38 changed the title [virus detection] virustotal detects 1 malware > Bkav Pro > W32.AIDetectMalware [virus detection] virustotal detects 1 malware > "Bkav Pro > W32.AIDetectMalware" - FALSE POSITIVE Dec 1, 2024
@boly38
Copy link
Collaborator Author

boly38 commented Dec 2, 2024

I got VirusTotal response whom give me head + link of this page : https://docs.virustotal.com/docs/false-positive-contacts

@boly38
Copy link
Collaborator Author

boly38 commented Dec 2, 2024
edited
Loading

  • asset files from releases's assets
  • 1.0.0 result Bkav Pro - W32.AIDetectMalware - reproduced multiple times ✔️
  • 1.0.1 result Bkav Pro - W32.AIDetectMalware

(my email request has been re-sent to "Bkav Pro" related contact)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@boly38