Upon running a modpack with this mod bitdefender has marked it as infected The fil

Correction, it is a false positive. <span class="email-hidden-togg

<a target="_blank" rel="noopener noreferrer nofollow" href="https://camo.githubusercon

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

what's funny, the latest <a href="https://github.com/VidTu/Ksyxis/actions/runs/8736657

Mod is being marked as a virus via BitDefender about ksyxis HOT 15 CLOSED

Treazul commented on September 27, 2024

Mod is being marked as a virus via BitDefender

from ksyxis.

Comments (15)

Treazul commented on September 27, 2024 1

It's probably just a false positive. I've submitted the file to the av and let them know

…

On Fri, 10 May 2024 at 18:55, VidTu ***@***.***> wrote: @Treazul <https://github.com/Treazul> either your specific JAR is infected, your PC is infected with something else or you're getting man-in-the-middle-attacked: https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47 — Reply to this email directly, view it on GitHub <#25 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from ksyxis.

Treazul commented on September 27, 2024 1

Correction, it is a false positive.

…

On Fri, 10 May 2024 at 19:07, Sam ***@***.***> wrote: It's probably just a false positive. I've submitted the file to the av and let them know On Fri, 10 May 2024 at 18:55, VidTu ***@***.***> wrote: > @Treazul <https://github.com/Treazul> either your specific JAR is > infected, your PC is infected with something else or you're getting > man-in-the-middle-attacked: > https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47 > > — > Reply to this email directly, view it on GitHub > <#25 (comment)>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

from ksyxis.

VidTu commented on September 27, 2024

from ksyxis.

Treazul commented on September 27, 2024

from ksyxis.

VidTu commented on September 27, 2024

@Treazul either your specific JAR is infected, your PC is infected with something else or you're getting man-in-the-middle-attacked: https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47

from ksyxis.

Treazul commented on September 27, 2024

Scratch that. I clicked "Reanalyse" on virus total and it's reporting [image: image.png]

…

On Fri, 10 May 2024 at 19:13, Sam ***@***.***> wrote: Correction, it is a false positive. On Fri, 10 May 2024 at 19:07, Sam ***@***.***> wrote: > It's probably just a false positive. I've submitted the file to the av > and let them know > > On Fri, 10 May 2024 at 18:55, VidTu ***@***.***> wrote: > >> @Treazul <https://github.com/Treazul> either your specific JAR is >> infected, your PC is infected with something else or you're getting >> man-in-the-middle-attacked: >> https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47 >> >> — >> Reply to this email directly, view it on GitHub >> <#25 (comment)>, or >> unsubscribe >> <https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM> >> . >> You are receiving this because you were mentioned.Message ID: >> ***@***.***> >> >

from ksyxis.

VidTu commented on September 27, 2024

for fs sake, what they don't like

from ksyxis.

VidTu commented on September 27, 2024

maybe they don't like the way it uses a lot of method injections like here for multiversion support

from ksyxis.

VidTu commented on September 27, 2024

what's funny, the latest gh actions snapshot is not being detected (even after reanalyzing) by any vendor

from ksyxis.

Dorrivix commented on September 27, 2024

*got this on mod version 1.2.2, the file extension isn't .jar, it's .bNIhAX

the full file my av shows is Ksyxis-1,2,2,jar.bNIhAX

download method: modpack via prism launcher, downloading from modrinth.

trying to download the mod again seems to end with a random string as the file extension, not just ".bNlhAX"

my AV is called "Vipre".

from ksyxis.

VidTu commented on September 27, 2024

@Dorrivix it seems like your antimalware renames it

from ksyxis.

Dorrivix commented on September 27, 2024

it doesn't trigger with downloading version 1.2.1

from ksyxis.

VidTu commented on September 27, 2024

well it also doesn't with 1.2.3-SNAPSHOT, you can reverse engineer 1.2.2 JAR and find nothing there. it was probably incorporated in some bigger malware (such as infected Minecraft modpack) and now antimalware flags it. i will not update JAR until I'll add 1.20.5 compat in a few days.

from ksyxis.

VidTu commented on September 27, 2024

hopefully fixed in 1.3.0.

from ksyxis.

VidTu commented on September 27, 2024

BitDefender no longer flags 1.2.2 as infected, other vendors should follow shortly

from ksyxis.

Mod is being marked as a virus via BitDefender about ksyxis HOT 15 CLOSED

Comments (15)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent