kgc-jr Posted December 11, 2021 Share Posted December 11, 2021 VirusTotal marks SciTE4AutoIt3.exe as having several (not just one false positive) malware signatures (see attached VirusTotal report). This is certainly making me reluctant to install the editor until this can get cleared up with VirusTotal. Thanks in advance fir looking into this. VirusTotal - File - 46e2431a29441536e3b28f9e4263c31cc7277b38b67997466cd3a79eeb64e5f1.pdf Link to comment Share on other sites More sharing options...
ripdad Posted December 11, 2021 Share Posted December 11, 2021 https://www.autoitscript.com/forum/topic/34658-are-my-autoit-exes-really-infected/ "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Link to comment Share on other sites More sharing options...
kgc-jr Posted December 11, 2021 Author Share Posted December 11, 2021 Thanks for the reply. I did read that post, however, I didn't feel the post was directly related to my topic. Since SciTE4AutoIt3.exe is a trusted app download from the AutoIt website, I would have thought that it might have already been vetted through the anti-virus scanners out there... I familiar with and understand false positives, but numerous positive IDs send up a red flag for me. I thought that the developers and AutoIt team might want to be aware. Link to comment Share on other sites More sharing options...
pseakins Posted December 11, 2021 Share Posted December 11, 2021 (edited) Just don't worry about it. This happens all the time. These are false positive detections. It is unlikely that you will get VirusTotal to do anything about it as it is a consortium of many AV vendors. AV scanners use heuristics to identify certain techniques in code which at first glance may appear malicious when detected in AutoIt distribution files and in EXE's which are compiled by AutoIt. I used to work for a large AV company and I used AutoIt to develop in-house tools used by my colleagues. These false positives would often come under discussion. The big problem was that "script kiddies" would use AutoIt to develop malicious code. Being such a great development tool and simple to use there were many idiots out there that did this. AutoIt gained an unfair negative opinion by the AV companies. I think you'll find many AV researchers still look down on AutoIt. Edited December 11, 2021 by pseakins Phil Seakins Link to comment Share on other sites More sharing options...
Developers Jos Posted December 11, 2021 Developers Share Posted December 11, 2021 (edited) These warnings are not related to AutoIt3! I removed compiled AutoIt3 scripts already a long time ago from this installer. Scanned Detections File type Name 2021-11-22 3/58 Win32 EXE Tidy.exe 2021-08-31 2/68 Win32 EXE uninst.exe 2021-05-24 1/68 Win32 dll DumpLog.dll 2021-11-16 1/64 Win32 EXE Au3Stripper.exe Tidy.exe & Au3Stripper are compiled PellesC programs written by me. uninst.exe & Dumplog.dll are NSIS files which I use to create the installer. I had the same thing the last time with the installer, after which I did an update of PellesC & NSIS. This fixed it at that time. I just went to the latest versions of PellesC & NSIS, recompiled Tidy & Au3Stripper and regenerated the SciTE4AutoIt3 installer ....and guess what: Got similar/different detections for Tidy & Au3Stripper. So, I guess we are nearing the point were I am going to have to stop the distribution of the those extra utilities as I can't guarantee their safety. Edited December 11, 2021 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
mLipok Posted December 12, 2021 Share Posted December 12, 2021 They are safe. Just AV software are stupid because of such false positive. Signature beginning:* Please remember: "AutoIt"..... * Wondering who uses AutoIt and what it can be used for ? * Forum Rules ** ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Code * for other useful stuff click the following button: Spoiler Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API * ErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 * My contribution to others projects or UDF based on others projects: * _sql.au3 UDF * POP3.au3 UDF * RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF * SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane * Useful links: * Forum Rules * Forum etiquette * Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * Wiki: * Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX IE Related: * How to use IE.au3 UDF with AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler * IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related: * How to get reference to PDF object embeded in IE * IE on Windows 11 * I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions * EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *I also encourage you to check awesome @trancexx code: * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuff * OnHungApp handler * Avoid "AutoIt Error" message box in unknown errors * HTML editor * winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/ "Homo sum; humani nil a me alienum puto" - Publius Terentius Afer"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming" , be and \\//_. Anticipating Errors : "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty." Signature last update: 2023-04-24 Link to comment Share on other sites More sharing options...
kgc-jr Posted December 12, 2021 Author Share Posted December 12, 2021 Thanks all for your replies and thoughts. VirusTotal has a reputation for flagging a lot of good, benign executables as malware. I always use both my installed AV (BitDefender) along with VirusTotal to give me a "feel" on a new executable I've downloaded from the web. It's kind of frustrating to download a good tool that may help us be a more productive coder, then have it flagged by AV as possible malware. We all know that the "kiddie scripters and coders" out there are using AutoIt to create malware, which are creating some of these issues. AutoIt gets a bad "rep" with the AV companies, and the AV companies' machine-learning detection tools aren't perfect (by any stretch of the imagination). I don't know what the best answer is if you want to code and also use those same computer resources to manage your finances and personal information. I guess it's coming down to the point where you have to have separate, isolated and protected environments for each of these tasks... Again thanks for the insight. Link to comment Share on other sites More sharing options...
pseakins Posted December 12, 2021 Share Posted December 12, 2021 8 hours ago, kgc-jr said: it's coming down to the point where you have to have separate, isolated and protected environments Totally unnecessary. The components are reliable, @Jos builds and uploads them. Unless the AutoIt downloader page has been hacked there is no reason to suspect there could be anything wrong with the files. Personally I practise "safe hex", having worked for one of the larger AV companies I don't bother with resident AV software, I do as do you, use VirusTotal to check any downloads. As an added level of security Jos could include the SHA256 or other checksum validation codes on the wepage. It's been so long I don't remember the name of the CRC checker I installed, for me It's a simple right click and all the checksums are calculated; Name: SciTE4AutoIt3.exe Size: 5440701 bytes (5313 KiB) CRC32: 8E06D377 CRC64: 2EA8F95E76A25B16 SHA256: 46E2431A29441536E3B28F9E4263C31CC7277B38B67997466CD3A79EEB64E5F1 SHA1: 50914FFE0740E73B2B0B908E4410CE0D55A287CB BLAKE2sp: 1D62199EC4E65C3541D0EBEE9536A3EE81B3A82ED109D2C8644EA37BE0B36777 Phil Seakins Link to comment Share on other sites More sharing options...
argumentum Posted December 13, 2021 Share Posted December 13, 2021 @Jos, I guess that nowadays signing the executables is the only way to get good fame for the executable as it seems to be the only important thing for the anti-virus industry. If you stop maintaining the utilities, who will ?!. I would not know how. Jeez, I only know how to use it and that is a welcomed product, so don't you quit !, you hear ! ❤️ Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting. Link to comment Share on other sites More sharing options...
Developers Jos Posted December 13, 2021 Developers Share Posted December 13, 2021 I am not sure if Signing would solve my issues, also because as stated 2 of the 4 flagged files are from the standard NSIS installer utility and I would never sign exe's or dll's of others. Just for clarity, as I've mentioned on several occasions before, when I stop maintaining au3stripper and Tidy, nobody will be able to maintain them as I am the only one having their source code. I know they run pretty solid, but they aren't in a state to be put on github. The simple reason for this is that they are build over a period of several years through BCX and PellesC, and not in a state I would want to publish them. I have thought about starting again in VS CPP but never started the project (yet). Jos argumentum 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now