Page 1 of 2
malware?
Posted: Fri Jul 15, 2016 2:02 pm
by Soulios
The download page warns me about malware. Is this something we should worry about?
Re: malware?
Posted: Sun Jul 17, 2016 9:44 am
by butter100fly
Thanks again! I opened a support ticket with sourceforge and have told them to whitelist us, their scanner doesn't even tell me which file set off their new malware scanner, would have been nice to have some contact from them beforehand!
Re: malware?
Posted: Wed Jul 20, 2016 9:50 am
by butter100fly
Sourceforge apologised and whitelisted us immediately, thanks for pointing that out to me (it isn't often I look at my own download page)
version 4.1.4 contains malware?
Posted: Sun Dec 11, 2016 9:22 pm
by neak
hi there,
Current version on the download page (as at 11 December 2016) - sourceforge says it contains malware, and virustotal is flagging the .zip file as containing a Trojan...
Any ideas before I update?
Thanks!
Neak
Re: version 4.1.4 contains malware?
Posted: Wed Dec 14, 2016 10:12 pm
by butter100fly
Hi Neak
Sigh...thanks for informing me
I guess I've now got to contact VirusTotal and send them the package and get them to Whitelist. I've contacted SourceForge again (
viewtopic.php?f=2&t=11)
Do you have any other information you can give to help me? Does VirusTotal say what files triggered them?
running an open-source emulation project is not without its trials!
--edit: oh god VirusTotal is now a behemoth: can ANYONE tell me how to report a false positive?
Re: version 4.1.4 contains malware?
Posted: Fri Dec 16, 2016 2:06 pm
by butter100fly
So Sourceforge have whitelisted, just VirusTotal now....I looked on their FAQ
https://www.virustotal.com/en/faq/ and found this:
VirusTotal is detecting a legitimate software I have developed, please remove the detections
VirusTotal acts simply as an information aggregator, presenting antivirus results, file characterization tool outputs, URL scanning engine results, etc. VirusTotal is not responsible for false positives generated by any of the resources it uses, false positive issues should be addressed directly with the company or individual behind the product under consideration.
We can, however, help you in combatting false positives. VirusTotal has built an early warning system regarding false positives whereby developers can upload their software to a private store, such software gets scanned on a daily basis with the latest antivirus signatures. Whenever there is a change in the detections of any of your files, you are immediately notified in order to mitigate the false positive as soon as possible.
but there are no links on that FAQ to tell you how to do that....can anyone give me a TL:DR here to save me time?
Can't download from server
Posted: Sun Jan 22, 2017 8:29 am
by Soulios
I'm trying to download the latest version. All i get is either "download failed" or it can't complete a secure connection or something. I also tried 5 different mirrors.
Is there anywhere else i can download apart from the awful sourceforge server?
Re: Can't download from server
Posted: Sun Feb 05, 2017 9:20 pm
by fireball8931
Same here.
Chrome is telling me that the project site is compromised and won't let me download the files.
Re: Can't download from server
Posted: Fri Feb 10, 2017 9:19 am
by butter100fly
I can download fine atm on Firefox, but I see that google have marked the sourecforge site as being pwned, I've sent a whitelist request to google.. I'm aiming to simplify and move the build and release process for quickplay to github proper one day soon, but i am concentrating on retroarch and mess functionality atm, I did a whole bunch of work on build/release/websites/wikis last year.
Re: Can't download from server
Posted: Fri Feb 10, 2017 12:50 pm
by butter100fly
The malware warning should disappear in a few days. There were two problems with Quickplay 4.1.4's fileset:
1) The cmd.exe from a 2-year old reactOS project -
https://www.reactos.org/ is being incorrectly flagged as malware by multiple virustotal sources - so I've
replaced the react cmd executable with one from the offshoot project
https://github.com/AJMartel/IRTriageCMD because this functions identically but doesn't produce false positives. This cmd can be used to launch windows games in QuickPlay so that you don't need to setup an 'emulator' per game.
2) Faith Kodak's many-year's old project 'bat2exe converter' is pulling up many false positives in its latest version against virustotal. This tool converts windows batch files to executables
and has been proven completely benign time and time again. I altered QuickPlay's tools so that they don't need to be compiled to exes. We lost some tools icons, that's all....Poor old Faith, he added loads of his other utilities as tools to the converter but this just flipped out the AV scanners. I really enjoyed using his converter it was the only one that actually solves problems with quoting, ampersands and exclamation marks when compiling batch files, and also had fixes for working directory. No other converter I ever found is any good at all as they mess up all of these things so are dangerous....
I've had to remove QuickPlay 4.1.4 from SourceForge entirely, so you won't be able to download it anymore - this is so that Google doesn't still see it there and refuse to remove the blacklisting. Sourceforge and Google have been informed of all of these things so just waiting for Google to whitelist, which they say they'll respond to in a few days. I've uploaded QuickPlay 4.1.5. I suggest you download it as it also has some tweaks to the other stuff i've been working on and in particular sorts out the tools section a bit more. But neither 4.1.4 or 4.1.5 are going to give you any malware!