High VirusTotal detections for last two Chocolatey Package Versions #23
Comments
|
Also, due to the very high VirusTotal results on previous Chocolatey Package Versions, for example: Which has VirusTotal detections of: We have taken the action of unlisting the previous package versions for ngrok. While we understand that these might be false positives on the part of the results that have come back from VirusTotal, I hope you appreciate that we had to take action based on the results that we have received. If these VirusTotal results change again, after establishing that these are false positives, we would be happy to re-list the package versions. Please let me know if you have any questions about any of this. |
|
Hi @gep13 we have encountered a number of false positives because malicious actors have used our software as part of their own applications. However, the actual ngrok application itself does not contain malware but we are tagged as a PUA/PUP by some antivirus tools as a result. |
|
Some additional documentation if this helps: https://ngrok.com/docs/faq/#why-is-my-antivirus-software-reporting-the-ngrok-agent-as-a-virus--malware--or-potentially-unwanted-application-pau |
|
@salilsub thanks for getting back to me about this, really appreciate it! The information that you have linked to in your docs is exactly what we are looking for. If you can update the description section of the nuspec file for the Chocolatey Package, and re-submit the package version, we should be able to continue with moderation. We understand that these things happen, and it is horrible when it does, we just also need Chocolatey Package users, and also moderators, to be able to easily find this information when needed. That is why adding it to the description of the package is so important. |
|
👋 I thought I would touch base about the change that was made in this PR: This is exactly the change that we were hoping to see, and it looks like a new package version was pushed by https://community.chocolatey.org/packages/ngrok/3.12.1 After making the change to the nuspec file, was |
|
@gep13 I'm not sure if we did run |
Sounds good! Let me know if there is anything that I can help with. |
|
@gep13 My eng team re-ran the pipeline and I am seeing the updated information in the Description section. Are there any next steps we would need to take? |
|
Got a false positive for MacOS/Multiverze from Microsoft Defender it seems:
cd /Users/nikbr/Library/Caches/Homebrew/downloads/
unzip 173e01c560acafe0434e501020bf8b18ee8e9b82036649a9f9d94234d1e66745--ngrok-v3-3.14.1-stable-darwin-arm64.zip
Archive: 173e01c560acafe0434e501020bf8b18ee8e9b82036649a9f9d94234d1e66745--ngrok-v3-3.14.1-stable-darwin-arm64.zip
inflating: ngrok
codesign -d -vvv ngrok
Executable=/Users/nikbr/Library/Caches/Homebrew/downloads/ngrok
Identifier=a.out
Format=Mach-O thin (arm64)
CodeDirectory v=20500 size=225009 flags=0x10000(runtime) hashes=7026+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=da208060ab9b5c3e5de282d15208faad3e468059
CandidateCDHashFull sha256=da208060ab9b5c3e5de282d15208faad3e468059971a464f46fd3af2df9648e0
Hash choices=sha256
CMSDigest=da208060ab9b5c3e5de282d15208faad3e468059971a464f46fd3af2df9648e0
CMSDigestType=2
CDHash=da208060ab9b5c3e5de282d15208faad3e468059
Signature size=8963
Authority=Developer ID Application: ngrok LLC (TEX8MHRDQ9)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=22 Aug 2024 at 20:19:35
Info.plist=not bound
TeamIdentifier=TEX8MHRDQ9
Runtime Version=11.0.0
Sealed Resources=none
Internal requirements count=1 size=168 |
The last two Chocolatey Package Versions:
Have resulted in higher than normal/desired VirusTotal detection results.
The last moderation comment left on the package was the following:
Is there something that can be done to help get this package approved? Thanks!
The text was updated successfully, but these errors were encountered: