SABnzbd Forums

sabnzbd v2.3.6 being detected as trojan by windows defender.

Trojan:Win32/Cloxer.D!cl
Alert level: Severe

Any updates on this?

Check sabnzbd against virustotal.com and you will see that is a false alarm

See: https://www.virustotal.com/#/file/5e5ce ... /detection

Same here, may be an FP, but not comfortable installing until Defender is happy.
I'd suggest that any packages be submitted for whitelisting before being released, e.g. https://www.microsoft.com/en-us/wdsi/filesubmission

I tried that before, it takes ages. Usually Defender "learns" in a day or so.
Until then I think the verdict of 71 other virusscanners used by Virustital should be enough...

Submitted and even Microsoft says it's fine:
https://imgur.com/a/BGD0wOd

Ok, I'll try again later.

To be clear, my concern is not really if Defender is right or wrong, if Defender (really any AV) classifies the installer or something in the installer (in this case it looks like it does not like a URI) as bad, then it may again detect / block / delete a part of install even if allowing install, breaking something.
As for VT, the results are sometimes be a bit misleading, and can result in FN's when one vendor says other vendors say clean and then they also say clean.

Signing binaries and installers with a good cert, downloading from HTTPS, and and keeping the cert and URI reputation pristine is a good way to generically keep AV's happy when seeing new content for the first time, and testing packages before general release is also good.

Will look into getting a certificate.
Previously this was only possible for real businesses or a natural person, which would mean my real name would show up everywhere. Maybe this has changed now.