Bug 363594 - Virus or false positive in Windows version of Kate ?
Summary: Virus or false positive in Windows version of Kate ?
Status: RESOLVED FIXED
Alias: None
Product: kate
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Microsoft Windows Linux
: NOR normal
Target Milestone: ---
Assignee: KWrite Developers
URL: https://www.virustotal.com/fr/file/1b...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-27 12:58 UTC by David Vantyghem
Modified: 2016-05-29 10:30 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Vantyghem 2016-05-27 12:58:46 UTC
Windows version 16.07.70 : https://kate-editor.org
A Trojan is detected by two different antivirus. Perhaps a false positive due to the installer ?

Reproducible: Always

Steps to Reproduce:
1. Check Kate Windows version in Virustotal
Comment 1 Dominik Haumann 2016-05-27 14:00:37 UTC
Thanks for the report. We were made aware of this issue already by others.

In short: The installer does NOT contain a virus.

Long story: NSIS based installers are unfortunately known for this issue, that is, some virus scanners list false positives and claim they found a virus, see e.g. http://nsis.sourceforge.net/NSIS_False_Positives

Btw., I just deleted the .exe you linked to, since we have more up-to-date installers. Please use the newer ones (VirusTotal will probably also report a false positive virus).

I'll close this report for now.
Comment 2 David Vantyghem 2016-05-27 14:47:18 UTC
On https://kate-editor.org, link to download Kate is dead, link to download kate-windows.git too.
Where can I download the version with the new installer ?
Comment 3 David Vantyghem 2016-05-27 15:14:21 UTC
On https://kate-editor.org/2016/04/29/kate-16-04-on-windows-64bit/, link to download Kate is dead, link to download kate-windows.git too. Where can I download the version with the new installer ?
Comment 4 Dominik Haumann 2016-05-28 12:44:27 UTC
The link is fixed now, thanks - http://download.kde.org/unstable/kate/
There, you can choose either the 32bit or the 64bit version.
Comment 5 David Vantyghem 2016-05-29 07:26:23 UTC
This version is 16.04.1. The version I tested was 16.07.70 in the "About" window (the file name was 16.04.1). Was it a more recent version ?
In the version I tested, MSVC++ 2015 was not included in the package, it is included now. I think it's not a good solution to include it because we must download it even it's unnecessary and because you put proprietary software into a free software package. A good solution is to test if MSVC++ is already installed and if not, download and install it, like Shareaza, PHPServer, Hexchat, Handbrake... are doing.
Comment 6 Dominik Haumann 2016-05-29 10:30:00 UTC
Well, I was building Kate from the development version, therefore, it already said 16.07.70 (will be 16.08 later). But I built it at the time 16.04 was released, so effectively the code is the same.

So yes, 16.04 in its current form should definitely bet better / more recent, since the branch gets also the stability fixes. Sorry for messing up the version number.

And please keep this bug closed: The discussion of the redistributable belongs into another report, please don't hijack.