363594 – Virus or false positive in Windows version of Kate ?

Bug 363594 - Virus or false positive in Windows version of Kate ?

Summary: Virus or false positive in Windows version of Kate ?

Status:	RESOLVED FIXED

Alias:	None

Product:	kate
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Microsoft Windows Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	KWrite Developers

URL:	https://www.virustotal.com/fr/file/1b...
Keywords:

Depends on:
Blocks:

Reported:	2016-05-27 12:58 UTC by David Vantyghem
Modified:	2016-05-29 10:30 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description David Vantyghem 2016-05-27 12:58:46 UTC

Windows version 16.07.70 : https://kate-editor.org
A Trojan is detected by two different antivirus. Perhaps a false positive due to the installer ?

Reproducible: Always

Steps to Reproduce:
1. Check Kate Windows version in Virustotal

Comment 1 Dominik Haumann 2016-05-27 14:00:37 UTC

Thanks for the report. We were made aware of this issue already by others.

In short: The installer does NOT contain a virus.

Long story: NSIS based installers are unfortunately known for this issue, that is, some virus scanners list false positives and claim they found a virus, see e.g. http://nsis.sourceforge.net/NSIS_False_Positives

Btw., I just deleted the .exe you linked to, since we have more up-to-date installers. Please use the newer ones (VirusTotal will probably also report a false positive virus).

I'll close this report for now.

Comment 2 David Vantyghem 2016-05-27 14:47:18 UTC

On https://kate-editor.org, link to download Kate is dead, link to download kate-windows.git too.
Where can I download the version with the new installer ?

Comment 3 David Vantyghem 2016-05-27 15:14:21 UTC

On https://kate-editor.org/2016/04/29/kate-16-04-on-windows-64bit/, link to download Kate is dead, link to download kate-windows.git too. Where can I download the version with the new installer ?

Comment 4 Dominik Haumann 2016-05-28 12:44:27 UTC

The link is fixed now, thanks - http://download.kde.org/unstable/kate/
There, you can choose either the 32bit or the 64bit version.

Comment 5 David Vantyghem 2016-05-29 07:26:23 UTC

This version is 16.04.1. The version I tested was 16.07.70 in the "About" window (the file name was 16.04.1). Was it a more recent version ?
In the version I tested, MSVC++ 2015 was not included in the package, it is included now. I think it's not a good solution to include it because we must download it even it's unnecessary and because you put proprietary software into a free software package. A good solution is to test if MSVC++ is already installed and if not, download and install it, like Shareaza, PHPServer, Hexchat, Handbrake... are doing.

Comment 6 Dominik Haumann 2016-05-29 10:30:00 UTC

Well, I was building Kate from the development version, therefore, it already said 16.07.70 (will be 16.08 later). But I built it at the time 16.04 was released, so effectively the code is the same.

So yes, 16.04 in its current form should definitely bet better / more recent, since the branch gets also the stability fixes. Sorry for messing up the version number.

And please keep this bug closed: The discussion of the redistributable belongs into another report, please don't hijack.