sabnzbd v2.3.6 being detected as trojan by windows defender.

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
negzero
Newbie
Newbie
Posts: 1
Joined: December 24th, 2018, 9:09 am

sabnzbd v2.3.6 being detected as trojan by windows defender.

Post by negzero » December 24th, 2018, 9:11 am

sabnzbd v2.3.6 being detected as trojan by windows defender.

Trojan:Win32/Cloxer.D!cl
Alert level: Severe

Any updates on this?

User avatar
sander
Release Testers
Release Testers
Posts: 6497
Joined: January 22nd, 2008, 2:22 pm

Re: sabnzbd v2.3.6 being detected as trojan by windows defender.

Post by sander » December 24th, 2018, 9:56 am

Check sabnzbd against virustotal.com and you will see that is a false alarm

User avatar
safihre
Administrator
Administrator
Posts: 2975
Joined: April 30th, 2015, 7:35 am
Location: Switzerland
Contact:

Re: sabnzbd v2.3.6 being detected as trojan by windows defender.

Post by safihre » December 24th, 2018, 10:43 am


ptr727
Newbie
Newbie
Posts: 16
Joined: January 22nd, 2013, 10:57 pm

Re: sabnzbd v2.3.6 being detected as trojan by windows defender.

Post by ptr727 » December 24th, 2018, 11:32 am

Same here, may be an FP, but not comfortable installing until Defender is happy.
I'd suggest that any packages be submitted for whitelisting before being released, e.g. https://www.microsoft.com/en-us/wdsi/filesubmission

User avatar
safihre
Administrator
Administrator
Posts: 2975
Joined: April 30th, 2015, 7:35 am
Location: Switzerland
Contact:

Re: sabnzbd v2.3.6 being detected as trojan by windows defender.

Post by safihre » December 24th, 2018, 12:16 pm

I tried that before, it takes ages. Usually Defender "learns" in a day or so.
Until then I think the verdict of 71 other virusscanners used by Virustital should be enough...

Submitted and even Microsoft says it's fine:
https://imgur.com/a/BGD0wOd

ptr727
Newbie
Newbie
Posts: 16
Joined: January 22nd, 2013, 10:57 pm

Re: sabnzbd v2.3.6 being detected as trojan by windows defender.

Post by ptr727 » December 24th, 2018, 5:02 pm

Ok, I'll try again later.

To be clear, my concern is not really if Defender is right or wrong, if Defender (really any AV) classifies the installer or something in the installer (in this case it looks like it does not like a URI) as bad, then it may again detect / block / delete a part of install even if allowing install, breaking something.
As for VT, the results are sometimes be a bit misleading, and can result in FN's when one vendor says other vendors say clean and then they also say clean.

Signing binaries and installers with a good cert, downloading from HTTPS, and and keeping the cert and URI reputation pristine is a good way to generically keep AV's happy when seeing new content for the first time, and testing packages before general release is also good.

User avatar
safihre
Administrator
Administrator
Posts: 2975
Joined: April 30th, 2015, 7:35 am
Location: Switzerland
Contact:

Re: sabnzbd v2.3.6 being detected as trojan by windows defender.

Post by safihre » December 24th, 2018, 5:06 pm

Will look into getting a certificate.
Previously this was only possible for real businesses or a natural person, which would mean my real name would show up everywhere. Maybe this has changed now.

Post Reply