virustotal reporting pidgin.exe as malicious

Eion Robb eion at robbmob.com
Sun Nov 8 22:04:47 EST 2020


Hi again,

I just got a response:

> Your submission (20201107-045740717300/pidgin.zip) has been successfully
processed. Your false detection(s) will be cleared within the next 72
hours; please notify us at secureaplus at secureage.com if that is not the
case. For APEX results on VirusTotal, false detections may take additional
time to clear. You may need to reanalyse files in order to get the updated
detection result.

Thanks for bringing this to our attention :)

Cheers,
Eion

On Sat, 7 Nov 2020 at 18:00, Eion Robb <eion at robbmob.com> wrote:

> Hi Cindy,
>
> Thanks for letting us know about the virustotal report.  I've sent it
> through to secureaplus - who operate the "SecureAge APEX" portion of the
> virustotal scanning website - for false positive review.  Generally, if 71
> our ot 72 virus checkers are happy then it's normally indicative of a false
> positive.
>
> To verify that nothing malicious is going on, the pidgin.exe should have a
> digital signature to show that it hasn't been tampered with.  You can also
> build pidgin.exe yourself from our source code to make triple sure that
> nothing untoward is happening.
>
> Cheers,
> Eion
>
> On Sat, 7 Nov 2020 at 10:41, <gryffon at cruzio.com> wrote:
>
>> Hi,
>>
>> I downloaded pidgin 2.14.1 from the official site and installed it last
>> night. (My previous system install used 2.13.0, and I haven't had pidgin
>> installed on my system since April.)
>>
>> VirusTotal is showing that SecureAge APEX is reporting pidgin.exe as
>> malicious.
>>
>> I'm not seeing anything on virus scans, and internet searches are not
>> producing anything on this. I can't validate that this is a false
>> positive or not.
>>
>> I did not see a false positive listed as a known issue on the issue
>> tracker, and it seemed authentication was required to post there. I
>> found this email address on pidgin site, and figured I would let you
>> know this way. In the event that it is a false positive, it would be
>> nice if it at least was noted on the virustotal website as such.
>>
>> Thanks,
>>
>> Cindy
>> _______________________________________________
>> security mailing list
>> security at pidgin.im
>> https://lists.pidgin.im/listinfo/security
>
>


More information about the security mailing list