How secure is BleachBit?

Forums: 
Forum tags: 

Virus total found 4 risks http://www.virustotal.com/file-scan/report.html?id=7f41dd5ac4cac4a210776...

That link you posted just takes me to the virustotal home page... Which file exactly did you scan? Where did you download it?

I downloaded from the offical BleachBit web site the file BleachBit-0.8.7-setup.exe (MD5 ac84e90f55c44f4839a3249deec51c78) and uploaded to virustotal.com which scanned it with 40 scanners and mentioned 3 (not 4) flags. TrendMicro has PAK_Generic.001: Yes, BleachBit does use an executable packer to improve speed and reduce disk space usage (that is what BleachBit is about), but it's easy for any decent anti-virus software to unpack BleachBit to check for viruses. The software is using bad heuristics which is like a human making a racial stereotype.

"Rising" flags the file with Trojan.Win32.Generic.1272BF85 which is also non-specific, and it's a no-name virus scanner.

Another way of looking at it is this: 37 virus scanners found no problem.

In conclusion, I believe the red flags are merely false positives, which happens with antivirus software. If you think this is not common, a brand name software (Symantec) removed operating system files because of a false positive. If you download the same MD5 as above, you should be OK, and if you are interested, I can show you where to find digitally signed hashes for all BleachBit releases (to prove the non-tampering).

---
Andrew, lead developer

Prevx told me they are removing the false positive for "Medium Risk Malware," and I hope the other vendors do the same, but sometimes the vendors are not responsive (especially because when a non-customer contacts them). If you are a customer of TrendMicro or Rising, I can show you the contact URLs.

---
Andrew, lead developer

EECH!!!

Use Linux for crying out loud and get out the cradle of microshaft!

Never had I had to use a negativity checker! Unless its biological.