virustotal reporting pidgin.exe as malicious

Eion Robb eion at robbmob.com
Sat Nov 7 00:00:46 EST 2020


Hi Cindy,

Thanks for letting us know about the virustotal report.  I've sent it
through to secureaplus - who operate the "SecureAge APEX" portion of the
virustotal scanning website - for false positive review.  Generally, if 71
our ot 72 virus checkers are happy then it's normally indicative of a false
positive.

To verify that nothing malicious is going on, the pidgin.exe should have a
digital signature to show that it hasn't been tampered with.  You can also
build pidgin.exe yourself from our source code to make triple sure that
nothing untoward is happening.

Cheers,
Eion

On Sat, 7 Nov 2020 at 10:41, <gryffon at cruzio.com> wrote:

> Hi,
>
> I downloaded pidgin 2.14.1 from the official site and installed it last
> night. (My previous system install used 2.13.0, and I haven't had pidgin
> installed on my system since April.)
>
> VirusTotal is showing that SecureAge APEX is reporting pidgin.exe as
> malicious.
>
> I'm not seeing anything on virus scans, and internet searches are not
> producing anything on this. I can't validate that this is a false
> positive or not.
>
> I did not see a false positive listed as a known issue on the issue
> tracker, and it seemed authentication was required to post there. I
> found this email address on pidgin site, and figured I would let you
> know this way. In the event that it is a false positive, it would be
> nice if it at least was noted on the virustotal website as such.
>
> Thanks,
>
> Cindy
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://lists.pidgin.im/listinfo/security


More information about the security mailing list