SABnzbd Forums

In the latest version of Sabnzdb (version 4.2.0) Windows defender found a serious trojan: Win32/Wavatac.B!ml . This was not present in 4.1.0

The usual:

* report to Microsoft it's not a virus/trojan
* wait 2 weeks and try again

Sorry but the "usual" is basically trusting the development team that it is
A) not a trojan
B) if it would be a trojan it would not be (mis)used.
A seperat scan of the file proved that there is indeed a trojan present in the executable.

Nitroglycerine wrote: ↑January 4th, 2024, 6:15 am Sorry but the "usual" is basically trusting the development team that it is
A) not a trojan
B) if it would be a trojan it would not be (mis)used.
A seperat scan of the file proved that there is indeed a trojan present in the executable.

Then you have to decide for yourself:
trust the SABnzbd development team it's not a trojan
or trust Microsoft it is a trojan, and don't use 4.2.0 and stay on 4.1.0

And really, that is the usual: each time there is a new SABnzbd release, during the first days / first week after a release, some anti virus software think it's a virus / trojan. That alert will go away after one or two weeks. You can follow that on virustotal.

EDIT

You can see the jury's verdict here: https://www.virustotal.com/gui/file/a30 ... ?nocache=1

" 6 security vendors and no sandboxes flagged this file as malicious" , including Microsoft
and ... 62 anti-virus setups that say "Undetected", so clean & safe.

So: 6 against 62.

In the coming days: each day you could click on that virustotal link, click Reanalyse (top right corner), and see how the jury verdict develops.

https://sabnzbd.org/wiki/faq#virusscanners

It's the same with every release we make. See above for some explanation why and the same info sander already gave, to check virus total.
It's already down from 6 false positives to 5.

safihre wrote: ↑January 4th, 2024, 10:10 am https://sabnzbd.org/wiki/faq#virusscanners

It's the same with every release we make. See above for some explanation why and the same info sander already gave, to check virus total.
It's already down from 6 false positives to 5.

And Microsoft now says it's OK. That is nice & fast:

Microsoft Undetected

Hello,
I have the same problem. Trying to install 4.2.0 but Windows defender erase the file before the end of installation ! On windows 11 defender seems to be stubborn ! I know defender is wrong but it, it doesn't know. Don't know what to do ...

domiget wrote: ↑January 4th, 2024, 12:53 pm Hello,
I have the same problem. Trying to install 4.2.0 but Windows defender erase the file before the end of installation ! On windows 11 defender seems to be stubborn ! I know defender is wrong but it, it doesn't know. Don't know what to do ...

Wait.

I found a solution :
I've excluded the file Sabnzbd from defender. It's ok now.

I saw GrayWare/Win32.Wacapew in 4.2.1. I can wait a little bit.

sander wrote: ↑January 4th, 2024, 1:06 pm

domiget wrote: ↑January 4th, 2024, 12:53 pm Hello,
I have the same problem. Trying to install 4.2.0 but Windows defender erase the file before the end of installation ! On windows 11 defender seems to be stubborn ! I know defender is wrong but it, it doesn't know. Don't know what to do ...

Wait.

Okay, i wait. I've uninstall the 4.2.0 and 4.2.1 after, scanned with defender and re install the 4.1.0.
Thanks for helping.

Good news: on https://sabnzbd.org/downloads there is a new version 4.2.1 ... built in a different way ... which does not trigger Microsoft Defender.

So can you try that and feedback if Defender is happy?

sander wrote: ↑January 6th, 2024, 5:41 am Good news: on https://sabnzbd.org/downloads there is a new version 4.2.1 ... built in a different way ... which does not trigger Microsoft Defender.

So can you try that and feedback if Defender is happy?

Triggered it for me today on 4.2.1 , whitelisted and then installed fine

When did you download it? I updated the release about 6 hours ago.

safihre wrote: ↑January 6th, 2024, 12:32 pm When did you download it? I updated the release about 6 hours ago.

About 9am GMT on 6th