Avast signals FileRepMalware [Misc] in jamulus_3.10.0_win.exe

[Aerodrummer]

Avast doesn't let me install jamulus_3.10.0_win.exe. When I doubleclick to install, the file goes directly into the quarantaine folder.
Virustotal.com reports: 3 security vendors and 1 sandbox flagged this file as malicious. The security vendors are:
Avast
AVG
McAfee-GW-Edition

[pljones]

The best suggestion is to use a different virus checker. See
https://www.virustotal.com/gui/file/125d477916e8175237ed8380231623b5325aff1960ab28f41d2701b74a42e4cb/detection
for comparisons.

[ann0see]

@pljones unlocked for transparency reasons.

[dcorson-ticino-com]

You can tell Avast to make an exception to let Jamulus be installed and also send a false positive notice to them.

[ann0see]

@dcorson-ticino-com also reported this to us internally, and we're aware of it. We belive it's a false positive. As mentioned above, you can scan the app with another anti virus scanner or compile the app from source (see COMPILING.md in the repo).

After some research, it's mainly an issue with software that is not yet that popular: https://www.thewindowsclub.com/what-is-filerepmalware Eventually, it should disappear.

[QJKX]

It's possible the AV vendor uses digital signatures in their reputation modeling - and that signing releases would either eliminate, or speed up the acceptance of a new release.

[mcfnord]

Do you know other ways unsigned code might be impeded?

[Aerodrummer]

Hi, thanks for your responses and for having reopened this discussion. I was a bit surprised by pljones short answer to change my antivirus I’m using for maybe 20 years. And the link provided just put me back to Virustotal where I was already like you can read in my first post.

(Virustotal.com reports: 3 security vendors and 1 sandbox flagged this file as malicious. The security vendors are: Avast, AVG, McAfee-GW-Edition.)

At least the two first are main actors for (free) Antivirus programs. Also having closed the discussion right after I found a bit strange.
First, I’m not asking for myself, I’m not new with Jamulus and I don’t need help with this. I know that I can set an exception in Avast, but all the others I know might get afraid to see this (I’m sure they will). And I don’t want to take the responsibility for them. So I just wanted to report.

I was quite active in the old forum, but I’ve never made the step to the new one. This is maybe the reason why I haven’t posted at the right place. If it's so, sorry for that. I’m also running a private server with several instances since more than 3 years, actually as a virtual machine in Proxmox, and 3.10.0 is already installed. By the way thanks for having created the repo for Debian.

@ann0see

After some research, it's mainly an issue with software that is not yet that popular

Maybe, but I’m not sure. What you are saying is something I’ve got with nearly each new version of Jamulus: Avast stops the installation and tells that it’s an unknown file and it needs to send it to their labs to analyze it. And some minutes later it told that all is OK and I could continue with the installation. This time it’s different, the installation fails! and the installation file just disappears. I’ve never seen this before with Jamulus.

@dcorson-ticino-com

You can tell Avast to make an exception to let Jamulus be installed and also send a false positive notice to them.

Already done.

[ann0see]

Also having closed the discussion right after I found a bit strange.

me too. That’s why I re opened it. Probably it was a misclick.

but all the others I know might get afraid to see this (I’m sure they will). And I don’t want to take the responsibility for them. So I just wanted to report.

True. I would als be annoyed if my anti virus (Bitdefender) reported an error. I haven’t seen any Indicators of malicious actions, but better safe than sorry.
Therefore, I‘d do some more research as you did. So everything is good.

[QJKX]

At least the two first are main actors for (free) Antivirus programs.

Avast and AVG are the same company.

[Aerodrummer]

@QJKX Good point, I didn't know, it wasn’t always like this. But there is also McAfee-GW-Edition and one sandbox claiming malware in it.
BTW, has someone read the sandbox results at Virustotal, maybe there is a sign for what they don’t like.
https://www.virustotal.com/gui/file/125d477916e8175237ed8380231623b5325aff1960ab28f41d2701b74a42e4cb/behavior

[QJKX]

Yomi Sandbox Behavioural Analysis

The rules it matches are

• "dropping and running it's own files" - it's a self-extracting installer, so that's how it works - the approach might be unacceptable for corporations who buy this kind of AV product.
• "It Tries to detect injection methods" - it checks the windows version.

There's some stuff about Sigma Rules on the main VT page - but that's mostly about running a powershell script in an insecure way which is necessary for any unsigned powershell script. What's weird is it's all called by something in a python 2.7 directory - but that's not listed as something the program created or renamed or invoked - maybe it's a background process on the sandbox?

But there is also McAfee-GW-Edition and one sandbox claiming malware in it.

This is more of the same - threat "intelligence" / low reputation score ("Artemis").

[QJKX]

Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data.

Subjectively, I suggest most people are better off just using the default Microsoft Antivirus over a third party product.

In the past Microsoft Defender was disabled by default on new PCs by some PC companies so they could get a backhander for preinstalling "trial" AV software, that then pressures the user in to buying a subscription for their "safety".

Uninstall Avast and the default AV should automatically kick in.

Microsoft Instructions/Info:

"Stay protected with Windows Security"

• Windows Security is built-in to Windows 10 and 11 and includes an antivirus program called Microsoft Defender Antivirus.

• If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on automatically.

• For info on how to uninstall an app, see Repair or remove an app in Windows.

[ann0see]

It would be interesting if avast also flags the binary. If that's the case, we could have a look at the installer - which seems to enable the warning.