Sometimes I get scared of wallets that are collected. Are you checking the packages that you are requesting for installation? https://www.virustotal.com/ru/file/905a5999fb52b083d7e3bedb2dc6704ca641823f81865db58a55a6a20b454d8c/analysis/
-
ghost commented at 11:37 PM on January 31, 2018: none
- unknown renamed this:
Virus in the wallet
Viruses in the wallet
on Jan 31, 2018 - unknown renamed this:
Viruses in the wallet
Viruses in the wallet (false)
on Jan 31, 2018 -
fanquake commented at 12:15 AM on February 1, 2018: member
Where did you get
Bitcoin_x64_Rus_Setup.exe? That file did not come from this repository. -
laanwj commented at 11:03 AM on February 1, 2018: member
That is certainly not a file from our distribution. Make sure you only download from https://bitcoin.org or http://bitcoincore.org, and verify the signatures on the download (SHA256SUMS.asc) before using a download.
- laanwj closed this on Feb 1, 2018
-
ghost commented at 11:27 AM on February 1, 2018: none
@fanquake @laanwj I uploaded it here, please check https://bitcoin.org/bin/bitcoin-core-0.15.1/
SHA256: | 905a5999fb52b083d7e3bedb2dc6704ca641823f81865db58a55a6a20b454d8c
I checked again https://www.virustotal.com/ru/file/905a5999fb52b083d7e3bedb2dc6704ca641823f81865db58a55a6a20b454d8c/analysis/1517484517/
- laanwj reopened this on Feb 1, 2018
-
laanwj commented at 3:36 PM on February 1, 2018: member
That's interesting. So it seems that bitcoin executables are marked as "riskware" by some AV tools (but not-a-virus)? Maybe due to botnet usage, which makes it suspicious to find it on a PC where it wasn't explicitly installed by the user.
-
MarcoFalke commented at 4:13 PM on February 1, 2018: member
Virustotal results are know to be "broken" https://github.com/bitcoin-dot-org/bitcoin.org/issues/1472
-
Willtech commented at 12:41 AM on February 4, 2018: contributor
It may be worth validating release versions on Virustotal for false positives before release and having any issues resolved.
I have uploaded each of the freshly provided files from https://bitcoin.org/en/download and provided a comment and a thumbs-up. While this is helpful it does not actually resolve the FP.
https://www.virustotal.com/#/file/387c2e12c67250892b0814f26a5a38f837ca8ab68c86af517f975a2a2710225b/detection https://www.virustotal.com/#/file/231e4c9f5cf4ba977dbaf118bf38b0fde4d50ab7b9efd65bee6647fb14035a2c/detection https://www.virustotal.com/#/file/b6771c5d67fb6b9c4882cc351e579470a008211d76407155e544b28b00fcd711/detection https://www.virustotal.com/#/file/0ce5ca1ba424603526d8a40d9321f1f735797a7205a7fbbe39561c078f2a0858/detection https://www.virustotal.com/#/file/905a5999fb52b083d7e3bedb2dc6704ca641823f81865db58a55a6a20b454d8c/detection https://www.virustotal.com/#/file/cc7a31d8fece1462955bddef87945420721e42cfe6af589a36547b0940851765/detection https://www.virustotal.com/#/file/d64d2e27cad78bbd2a0268bdaa9efa3f1eca670a4fab462b5e851699c780e3a0/detection https://www.virustotal.com/#/file/ceba092c9a390082ff184c8d82a24bc34d7f9b421dc5c1e6847fcf769541f305/detection
Some buffoon has already gone through previously and downvoted each one.
Note that the URL's seem to be flagged CLEAN e.g.: https://www.virustotal.com/#/url/55cbacac023a4a89e4c66f6645013184fe83e5613434f58639818195c720bd5a/detection @laanwj Riskware, not-a-virus, miner and, PUP detections are mostly geared toward corporate networks but confuse standard users no end. @MarcoFalke I do not think it is particularly helpful to flag VirusTotal results as broken, it is simply a common presentation of the results of many different AV. It is quite common for not-a-virus detections and so on to be added for packages that a corporate network would likely want to be alerted to if it were present on their network. Trojan flags, on the other hand, are a definite FP by individual AV vendors. It would be more correct to say that some AV vendors are not careful or specific enough narrowing down their detections. They can easily add it to their database as FP to prevent further detections once they are communicated with. Also, some vendors do not wholly develop their own detections signatures, just copying when they can the detection signatures of others (to grow their database without needing to see or investigate samples).
You can see in the behaviour tab some of the trojan matching behaviours. While it may be possible to remove or change this behaviour if it is not necessary to be precisely as it is, such a change should not be necessary as the release version can be cleared with AV vendors if necessary before release to prevent FP's.
-
Willtech commented at 2:43 AM on February 4, 2018: contributor
It would be better to handle this as a part of the release schedule. @MarcoFalke I would be prepared to do a pre-upload of each release and the URL's to VT for the team once it is compiled and testing is completed and report the results, and leave a comment along the following lines:
This is the official release vX.X.X of Bitcoin Core for {platform} {architecture} from https://bitcoin.org/en/download where you can check release signatures and review source code.I would just need to be notified of the final download URL's once the files are pre-staged.
This should help as many AV researchers (and many of those working for the various AV vendor labs) use VT. At least some AV vendors use notification of detections by other engines, so the details are useful.
-
TheBlueMatt commented at 2:50 AM on February 4, 2018: member
IIRC the issues go away when things get signed, released, and run by many users (some kind of shitty "reputation score", IIRC). Seems not-unreasonable that things which access "wallet.dat" be considered risky by default.
On February 4, 2018 2:43:19 AM UTC, Willtech notifications@github.com wrote:
It would be better to handle this as a part of the release schedule.
@MarcoFalke I would be prepared to do a pre-upload of each release to VT for the team once it is compiled and testing is completed, and leave a comment along the following lines:
This is the official release vX.X.X of Bitcoin Core for {platform} {architecture} from https://bitcoin.org/en/download where you can check release signatures and review source code.
I would just need to be notified of the final download URL's once the files are pre-staged.
This should help as many AV researchers (and many of those working for the various AV vendor labs) use VT. At least some AV vendors use notification of detections by other engines, so the details are useful.
-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/bitcoin/bitcoin/issues/12320#issuecomment-362875706
-
Willtech commented at 2:55 AM on February 4, 2018: contributor
@TheBlueMatt True, the open-source philosophy. Note that the Windows v0.15.1 release seems to be also triggering on generic suspicious behaviour identified: https://www.virustotal.com/#/file/905a5999fb52b083d7e3bedb2dc6704ca641823f81865db58a55a6a20b454d8c/behavior
And, having FP's cleared up by the AV vendors before the release is public is still useful.
- MarcoFalke deleted a comment on Feb 4, 2018
- MarcoFalke deleted a comment on Feb 4, 2018
-
MarcoFalke commented at 6:16 PM on February 4, 2018: member
Apparently, one can submit FPs to http://sd.baidu.com/en/submit-file.php
-
laanwj commented at 8:40 PM on March 5, 2018: member
Closing this, this is not an actionable issue with regard to the source repository, and it seems the OP deleted their account.
- laanwj closed this on Mar 5, 2018
- DrahtBot locked this on Sep 8, 2021
