09-14-2024, 06:14 PM | #1 |
Junior Member
Posts: 2
Karma: 10
Join Date: Sep 2024
Device: none
|
False positive?
I just downloaded the new version of Sigil for Windows (Sigil-2.3.1-Windows-x64-Setup) directly from the official website, before installing it I checked it with VirusTotal and I got a Bkav Pro alert.
Then I downloaded the previous version (Sigil-2.3.0-Windows-x64-Setup) and I didn't get any alert when I checked it. Is it a false positive or a corrupted file? The VT links are: Here the alert is shown Version 2.3.0 Ps. Sorry if this is not the place to ask this question, I am new to everything related to forums . Last edited by Barlow; 09-14-2024 at 06:17 PM. |
09-14-2024, 06:57 PM | #2 |
Grand Sorcerer
Posts: 27,992
Karma: 199001268
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
It's a false positive. If you're concerned, install Sigil using winget (built into Windows) or Chocolatey. They use the official Sigil installers, but they do their own scanning and vetting. Windows lends a lot of trust to programs installed via those methods.
From an admin prompt (install for all users): winget install -e --id Sigil-Ebook.Sigil --scope machine Or to install for only the current user (no admin needed): winget install -e --id Sigil-Ebook.Sigil --scope user Sigil 2.3.1 has passed winget and Chocolatey's anti-malware scans with no problems. They both also verify checksums before installing to make sure packages have not been altered since they were uploaded. NOTE: not sure why Bkav Pro changed their mind from when Chocolatey tested v2.3.1 https://www.virustotal.com/gui/file/...b32-1725813282 To be thorough... the Sigil-2.3.1-Windows-x64-Setup.exe binary on Github (where the sigil-ebook.com website's download buttons point to) is the same binary that I uploaded on Sep 6. I always save a local sha256 checksum just in case both the binary asset AND the uploaded checksum file should ever become compromised. Last edited by DiapDealer; 09-14-2024 at 07:21 PM. |
Advert | |
|
09-14-2024, 07:28 PM | #3 |
Grand Sorcerer
Posts: 27,992
Karma: 199001268
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
It appears that Bkav Pro does not have a very good track record at all with its heuristic W32.AIDetectMalware detections.
|
09-14-2024, 07:37 PM | #4 |
Junior Member
Posts: 2
Karma: 10
Join Date: Sep 2024
Device: none
|
I see, thank you very much for clearing up the doubt!
|
09-14-2024, 07:41 PM | #5 |
Grand Sorcerer
Posts: 27,992
Karma: 199001268
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Also keep in mind that one positive out of 68 checks is almost always indicative of a false positive.
|
Advert | |
|
09-14-2024, 07:54 PM | #6 |
Grand Sorcerer
Posts: 27,992
Karma: 199001268
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Welcome to the forum, by the way. You found the exact right spot to ask your question!
|
09-18-2024, 08:09 AM | #7 |
Belgian Pommes Frites
Posts: 116
Karma: 532
Join Date: Jan 2012
Device: Pocketbook Touch HD
|
As to winget for installing: if you prefer a graphical interface for this, you could use UniGetUI - see https://www.marticliment.com/unigetui/
Works very nicely. |
09-18-2024, 10:58 AM | #8 | |
Grand Sorcerer
Posts: 27,992
Karma: 199001268
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Quote:
It also has the added bonus (or curse, depending on how you look at things!) of being able to be the gui manager for the Chocolatey and Pip (python) repositories, too. They can be disabled pretty easily if you don't want them. I'm going to try and put together a down and dirty manuscript of how to Install/Update/Remove Sigil and PageEdit (as well as a guide for general querying of local installs and remote availability). Probably from the command line to start. ---------------------------------------------------- Winget is going to be my official recommendation for safely and securely installing Sigil and PageEdit from now on. Because ... Getting a code signing cert for my Windows installers is just not in the cards, I'm afraid. The expense is the least of the difficulties (though that's bad enough). Not many companies even sell certs to individuals, and even if they do, they don't sell the EV level to individuals. Which means that users can still get scary warnings about unsafe downloads (until enough people download it). So what's the point? I'm not comfortable paying into a protection racket just to remove the "Unknown Publisher" warning. And that's all I'd be guaranteed with a personal code signing cert. Creating a legal organization entity for Sigil-Ebook in order to get an EV level signing cert would be even more hoops to jump through. That's not in the cards for what Kevin and I do as a hobby. Winget removes the Unknown Publisher warning for free, because they (and "they" is Microsoft by the way) do their own scanning for malware, and do checksums to make sure the downloads have not been tampered with since they were submitted. So no scary warnings when you download/install with winget. Sigil updates are typically available on winget within days of a new release. Last edited by DiapDealer; 09-18-2024 at 11:05 AM. |
|
09-18-2024, 12:41 PM | #9 |
Grand Sorcerer
Posts: 27,992
Karma: 199001268
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
And of course those who already trust us can still download directly from GitHub and bypass all the scary warnings like they've always done.
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Importing book triggers duplicate false-positive? | Cactus Chef | Calibre | 2 | 09-26-2022 05:24 AM |
Cover:false false positives | Ted Friesen | Library Management | 2 | 10-01-2021 07:43 PM |
rating:false works but ISBN:false does not? | rahlquist | Calibre | 2 | 06-01-2012 03:48 PM |
FALSE POSITIVE? | kamanza | Calibre | 2 | 07-20-2011 11:39 AM |