virustotal reporting pidgin.exe as malicious

gryffon at cruzio.com gryffon at cruzio.com
Mon Nov 9 23:19:04 EST 2020


Hi,

Thanks so much for following up on this and letting me know. Glad it got 
sorted out -- hope it was not too painful a process!! :-)

Best wishes,

Cindy

On 2020-11-08 7:04 pm, Eion Robb wrote:
> Hi again,
> 
> I just got a response:
> 
>> Your submission (20201107-045740717300/pidgin.zip) has been 
>> successfully
> processed. Your false detection(s) will be cleared within the next 72
> hours; please notify us at secureaplus at secureage.com if that is not the
> case. For APEX results on VirusTotal, false detections may take 
> additional
> time to clear. You may need to reanalyse files in order to get the 
> updated
> detection result.
> 
> Thanks for bringing this to our attention :)
> 
> Cheers,
> Eion
> 
> On Sat, 7 Nov 2020 at 18:00, Eion Robb <eion at robbmob.com> wrote:
> 
>> Hi Cindy,
>> 
>> Thanks for letting us know about the virustotal report.  I've sent it
>> through to secureaplus - who operate the "SecureAge APEX" portion of 
>> the
>> virustotal scanning website - for false positive review.  Generally, 
>> if 71
>> our ot 72 virus checkers are happy then it's normally indicative of a 
>> false
>> positive.
>> 
>> To verify that nothing malicious is going on, the pidgin.exe should 
>> have a
>> digital signature to show that it hasn't been tampered with.  You can 
>> also
>> build pidgin.exe yourself from our source code to make triple sure 
>> that
>> nothing untoward is happening.
>> 
>> Cheers,
>> Eion
>> 
>> On Sat, 7 Nov 2020 at 10:41, <gryffon at cruzio.com> wrote:
>> 
>>> Hi,
>>> 
>>> I downloaded pidgin 2.14.1 from the official site and installed it 
>>> last
>>> night. (My previous system install used 2.13.0, and I haven't had 
>>> pidgin
>>> installed on my system since April.)
>>> 
>>> VirusTotal is showing that SecureAge APEX is reporting pidgin.exe as
>>> malicious.
>>> 
>>> I'm not seeing anything on virus scans, and internet searches are not
>>> producing anything on this. I can't validate that this is a false
>>> positive or not.
>>> 
>>> I did not see a false positive listed as a known issue on the issue
>>> tracker, and it seemed authentication was required to post there. I
>>> found this email address on pidgin site, and figured I would let you
>>> know this way. In the event that it is a false positive, it would be
>>> nice if it at least was noted on the virustotal website as such.
>>> 
>>> Thanks,
>>> 
>>> Cindy
>>> _______________________________________________
>>> security mailing list
>>> security at pidgin.im
>>> https://lists.pidgin.im/listinfo/security
>> 
>> 


More information about the security mailing list