You are here

[Closed] 12 Anti-Virus Engines on VirusTotal have an issue with a file

10 posts / 0 new
Last post
PortableGood
Offline
Last seen: 9 months 3 weeks ago
Joined: 2014-10-06 11:51
[Closed] 12 Anti-Virus Engines on VirusTotal have an issue with a file

The file is fusion.dll and is part of the CDeX app.

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 1 month 1 week ago
DeveloperModerator
Joined: 2008-07-24 18:46
Results

Here's the results of a scan I just did on CDEx Portable's installer (1.8.4): https://www.virustotal.com/en/file/01e9ea3022ee138cfd7bbb5ab6b7c197bb496...

I'm not able to download a fresh copy of cdex on my corporate network, do you have a link to the analysis?

mjashby
Offline
Last seen: 8 months 3 weeks ago
Developer
Joined: 2008-09-19 13:35
VirusTotal

Advising the Portableapps Team of potential software problems is fine but VirusTotal reports need to be considered in the correct context. If 12 Engines that they test files with flagged a possible issue with a specific file, that leave at least another 38 that didn't; and as part of VirusTotal's stated scanning objective is also to identify and report 'false positives' as well as any perceived 'threats', as they say themselves, the online scanning of files on VirusTotal should not be considered by end users as an effective AntiVirus/Malware scanning solution. It primarily designed as a tool for informing software developers, including security software providers (but not end users), of the potential for issues which may, or may not, prove to be 'threats'.

However, if this example is perceived as a genuine concern then the correct approach is to report the issue to the CDeX app developer; and also to use an effective, up-to-date, production-grade AntiVirus and Malware solution to scan the files (and your system) before you decide whether or not you want to use the software without some further assurance. Certainly don't rely on VirusTotal to provide any user protection against files that have already been downloaded, and have presumably survived live security scanning.

PortableGood
Offline
Last seen: 9 months 3 weeks ago
Joined: 2014-10-06 11:51
Just FYI, many of the tools

Just FYI, many of the tools that VirusTotal employs use identical databases. This can lead to distorted data regarding both the safety and danger of files.

You can research each engine to determine which database it uses.

John T. Haller
John T. Haller's picture
Offline
Last seen: 4 hours 11 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Adware Detection In Local Installer, Not Part of Portable

The detection you're referring to is a generic adware detection. CDex's local installer uses a bundleware installer. Fusion.dll is the component that the installer uses to display it.

CDex Portable does a live download of the CDex installer and extracts the app files from it without running it. That DLL isn't used by the app and can be safely deleted.

Gord already built the updater 1.85 version of the app, so I'll adjust the live installer to ensure the extra DLLs that aren't used aren't left on your device to trigger any false positives.

Sometimes, the impossible can become possible, if you're awesome!

PortableGood
Offline
Last seen: 9 months 3 weeks ago
Joined: 2014-10-06 11:51
Meaning...

Thanks John.

When you write "does a live download", do you mean that when the user installs CDex Portable via the Portable Apps Launcher, it is installing another installer, which in turns downloads the actual CDex Installer? Or is it different from that process?

John T. Haller
John T. Haller's picture
Offline
Last seen: 4 hours 11 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Downloads CDex Installer and Extracts

The CDex Portable installer downloads the regular CDex installer as you install. That's the live part. (When installing or updating via the platform, the updater/app store handles the download.) It doesn't run the local installer, though. It extracts the files from the local installer using an embedded 7-Zip client within the PA.c Installer. That's why the bundleware bits aren't a concern in the portable version, since the local installer isn't run so the bundleware components are never used.

Sometimes, the impossible can become possible, if you're awesome!

PortableGood
Offline
Last seen: 9 months 3 weeks ago
Joined: 2014-10-06 11:51
Fantastic explanation. Thank you.

Fantastic explanation. Thank you.

John T. Haller
John T. Haller's picture
Offline
Last seen: 4 hours 11 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
CDex Portable 1.85 removes the unused files

CDex Portable 1.85 was just posted which removes the local installer's DLLs which are not used by the portable installer or the app itself. This should cut down on false positive issues once installed.

Sometimes, the impossible can become possible, if you're awesome!

PortableGood
Offline
Last seen: 9 months 3 weeks ago
Joined: 2014-10-06 11:51
That's great news! Thanks!

That's great news! Thanks! Smile

Log in or register to post comments