PreciousStones

PreciousStones

269k Downloads

download not safe - virus?

smmmadden opened this issue · 14 comments

commented

From the spigot resource, I'm redirected to an external site for the download. But McAfee Antivirus is flagging the file as unsafe and virus detected. Kindly look into it. Why redirect to an external site when it could be downloaded in Spigot?
image
image

commented

That external site is my build server. The problem is McAffee Antivirus not PreciousStones. PS is open source.

commented

Not quite, so why would it flag your plugin and not any of the 400+ I've downloaded and tested. :-)
There is something about the file or site, but I can download other files on Jenkins, Github, Bukket and Spigot without issue.

commented

Very quite. It says "is not commonly downloaded and may be dangerous". That means it's using a heuristic of download counts to warn you if something "may be dangerous". Given that that build is less than a day old, and has very few if any downloads, all that warning serves is to safeguard people by filtering out anything new.

This is an open source project that has been trusted by hundreds of thousands of servers throughout the years. If you are so inclined, you can decompile the source and inspect the java files yourself.

commented

it has nothing to do with open source and more to do with the file itself. If it is open for anyone to update it, then it is quite possible that someone uploaded an infected file. I'm not looking for an argument or dispute whether it is or isn't. I've provided you with the warning, the fact that no other plugin I monitor, (regardless of age it was uploaded or other heuristics) that McAfee is flagging this plugin from the site I provided as dangerous and a virus detected.

I did not have to report it and far from being a noob after 37 years in the industry and do have a clue how antivirus software works. If you choose not to investigate it or reach out to McAfee for why they are flagging it as a virus, that is your prerogative. I was hoping to download it to my 7 servers, but given the risk of infection and my years in software security I don't need the headaches. Don't believe me? Check out all the plugins that I've been involved with here. I am merely the messenger.

commented

Ok you've given me enough pause to investigate further. Went ahead and ran the latest build through VirusTotal https://www.virustotal.com/#/file/d288c1c41f9e1cafa8089d3bfa269f14bdea34168b3438767862ac0c35c48ee0/detection

Comes out clean in every AV out there. Maybe your pc is infected and is infecting downloads?

commented

I've also run this through an AV scanner and reputable Malware checker, I also work 'in the industry' and to be honest, McAfee causes more issues, false positives and allows more garbage through than any other I come across!
The 'warning' looks exactly like a heuristic false positive, as the dev indicates.

commented

based on what I could find about this through McAfee, is this:
http://104.236.246.10​8:8080/job/PreciousS​tones/ URL entered (http://104.236.246.108:8080/job/PreciousStones/ ) is not a valid website URL or has no data

I'm wondering now if this is only getting flagged because of the url uses an IP address and not a domain name and thinks this is a non-standard url for downloading files? Is there a domain qualified url for this to test against? Worst case is I would just need to add the url as a trusted site.

commented

i downloaded it just fine. i dont use mcafee.

commented

which AV do you use? I think it is odd that Jenkins site doesn't have a domain name associated with it and just using an IP address. Is there a http://jenkins* url that could be used to confirm? I tried the 1.9, 1.11 and 1.12 jar's and all get flagged, so this most likely is the IP url and not a domain url.

commented

Used to have a domain sacredlabyrinth.net, but when my Minecraft server died I let the domain die. So there's no domain now. There is no jenkins url. My build server is running on a DigitalOcean droplet not on jenkin's servers. All domains point to ips, its a dev related service so there is no need to put lipstick on it.

McAffee is a shit AV. I don't use a separate AV, Windows Defender is good enough for me. I have good opsec practices, don't need the handholding.

commented

that makes sense now and confirms the IP is the indicator of a potential virus. I try to steer developers into using a domain name especially since it's easy to get one fairly inexpensively. I'll add your server to my trusted sites list, now that I know where I'm connecting. :-)

commented
commented

not using one? It's not just about what websites you go to, AV protects your emails you read and can prevent intrusion attempts. I used to be a consultant and went home to home and business to business removing viruses customers had gotten themselves into as well as restoring their computers when it (the virus) wiped their drives clean losing everything. Not having AV is like not having a backup for your computer when the hard drive fails. :-) Been there many times during the last 40 years. Yeah, I'm old. lol

commented

Old to bro, I'm 37. You don't need separate AV nowadays. Win10 comes with all you need. Nobody can intrude on you via email unless you go around downloading unknown attachments. And you don't leak your ip if your email client is set not to autoload images. Agree with you on the backup drive though.