Malware in rust installer?


#1

Hi all!
Just wanted to try Rust and downloaded win32 gnu installer. But VirusTotal detects a malware in it. Does anyone have an explanation?


#2

I’ve never heard of this antivirus before, so for it specifically, no. We did have some issues where the name “setup” caused some antivirus to trigger, in the past.


#3

@steveklabnik virus total is a website that checks binaries against many virus scanner databases. In this case, it looks like both Kaspersky and Avast’s databases (as interpreted by virus total) include virus “signatures” that match the installer.

However, it would be nice if someone could run this against an actual copy of those virus scanners to see where the problem is (I kind of doubt the rust installer has been compromised).


#4

I don’t know if it’s the same for all anti-virus, but I recently sent a file that was detected as a virus by Windows Defender to Microsoft and they whitelisted it after checking it. Maybe we should send it to each of them.


#5

I’ve installed a free version of Avast and got the same result


#6

Is there a “report false positive” option (the online form doesn’t allow files larger than 50MiB).


#7

The software we distributed kept raising false positives on up to 20 scanners! The whole company website has been blocked by several scanners because of this and lots of our customers insisted that we were the ones to blame. We had to switch the entire programming language to solve this. :rage:

A typical cause is an integrated runtime environment or run-time compression. But most likely some obscure checklist of evil functions got too many checkmarks.

As long as there’s a gen, generic, heur, heuristic in its name, it’s most likely a false positive. Sadly there are only a few engines on the market, so it’s only a matter of time until a false positive propagates through to other products amplifying the mistrust.

We didn’t find a way to white-list our product on multiple scanners at once. We had to call or mail the most popular manufacturers. They won’t tell you why their detection failed -> industrial secret or simply unknown reasons

(sorry for the rant)


#8

Got an e-mail from Avast confirming that it’s false positive and will be fixed in new update