That link you posted just takes me to the virustotal home page... Which file exactly did you scan? Where did you download it?
I downloaded from the offical BleachBit web site the file BleachBit-0.8.7-setup.exe (MD5 ac84e90f55c44f4839a3249deec51c78) and uploaded to virustotal.com which scanned it with 40 scanners and mentioned 3 (not 4) flags. TrendMicro has PAK_Generic.001: Yes, BleachBit does use an executable packer to improve speed and reduce disk space usage (that is what BleachBit is about), but it's easy for any decent anti-virus software to unpack BleachBit to check for viruses. The software is using bad heuristics which is like a human making a racial stereotype.
"Rising" flags the file with Trojan.Win32.Generic.1272BF85 which is also non-specific, and it's a no-name virus scanner.
Another way of looking at it is this: 37 virus scanners found no problem.
In conclusion, I believe the red flags are merely false positives, which happens with antivirus software. If you think this is not common, a brand name software (Symantec) removed operating system files because of a false positive. If you download the same MD5 as above, you should be OK, and if you are interested, I can show you where to find digitally signed hashes for all BleachBit releases (to prove the non-tampering).
Prevx told me they are removing the false positive for "Medium Risk Malware," and I hope the other vendors do the same, but sometimes the vendors are not responsive (especially because when a non-customer contacts them). If you are a customer of TrendMicro or Rising, I can show you the contact URLs.
andrew
Wed, 03/02/2011 - 17:12
Permalink
False positive
That link you posted just takes me to the virustotal home page... Which file exactly did you scan? Where did you download it?
I downloaded from the offical BleachBit web site the file BleachBit-0.8.7-setup.exe (MD5 ac84e90f55c44f4839a3249deec51c78) and uploaded to virustotal.com which scanned it with 40 scanners and mentioned 3 (not 4) flags. TrendMicro has PAK_Generic.001: Yes, BleachBit does use an executable packer to improve speed and reduce disk space usage (that is what BleachBit is about), but it's easy for any decent anti-virus software to unpack BleachBit to check for viruses. The software is using bad heuristics which is like a human making a racial stereotype.
"Rising" flags the file with Trojan.Win32.Generic.1272BF85 which is also non-specific, and it's a no-name virus scanner.
Another way of looking at it is this: 37 virus scanners found no problem.
In conclusion, I believe the red flags are merely false positives, which happens with antivirus software. If you think this is not common, a brand name software (Symantec) removed operating system files because of a false positive. If you download the same MD5 as above, you should be OK, and if you are interested, I can show you where to find digitally signed hashes for all BleachBit releases (to prove the non-tampering).
---
Andrew, lead developer
andrew
Fri, 03/04/2011 - 07:32
Permalink
Prevx
Prevx told me they are removing the false positive for "Medium Risk Malware," and I hope the other vendors do the same, but sometimes the vendors are not responsive (especially because when a non-customer contacts them). If you are a customer of TrendMicro or Rising, I can show you the contact URLs.
---
Andrew, lead developer
Vincent Hugh Jarse (not verified)
Sat, 07/30/2011 - 16:51
Permalink
EECH!!! Use Linux for crying
EECH!!!
Use Linux for crying out loud and get out the cradle of microshaft!
Never had I had to use a negativity checker! Unless its biological.