MSFT Defender Win32/Varpes.L!plock in SABnzbd-1.0.0RC1-win32

Questions and bug reports for Beta releases should be posted here.
Forum rules
Help us help you:
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
ptr727
Newbie
Newbie
Posts: 16
Joined: January 22nd, 2013, 10:57 pm

MSFT Defender Win32/Varpes.L!plock in SABnzbd-1.0.0RC1-win32

Post by ptr727 »

MSFT Defender on my Win10 system just tagged SABnzbd-1.0.0RC1-win32-setup.exe as infected with Win32/Varpes.L!plock.
This must be a new def for the detection, as the file has been on my disk for a while, and now is the first time Defender complained.

Anybody else experience anything like this?
I hope it is a FP?

P.
ALbino
Full Member
Full Member
Posts: 214
Joined: October 23rd, 2014, 12:28 am

Re: MSFT Defender Win32/Varpes.L!plock in SABnzbd-1.0.0RC1-w

Post by ALbino »

I just ran it through Virus Total and it comes back failing on 2 out of 54 AV scanners:
SHA256: 6f1375aa6872012e5090a3fd81a20498e2a66748b972ea57d18f749a5ca2ab80
File name: SABnzbd-1.0.0RC1-win32-setup-github.exe
Detection ratio: 2 / 54
Analysis date: 2016-02-16 03:28:00 UTC ( 2 minutes ago )

ClamAV: Win.Trojan.FakeAV-75137
Rising: PE:Malware.RDM.02!5.8 [F]
https://www.virustotal.com/en/file/6f13 ... 455593280/
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: MSFT Defender Win32/Varpes.L!plock in SABnzbd-1.0.0RC1-w

Post by shypike »

Very likely a false positive.
Two out of 54 and both reporting different viruses.
I'll check. In the past we've had an FP due to a compressed SQLite library.
Maybe we forgot to uncompress it on the latest VMWare build image.
Post Reply