On Thursday, December 9, 2021 at 4:25:14 PM UTC-5 jmroos...@gmail.com wrote:
Hello, are you the maintainer of your software on chocolatey? Do you have issues with false positives? Hope that's all this is. I don't even know why the repo installed this package; I didn't get a dependency error when I uninstalled it...maybe I removed the software it came with. The file was created on the 3rd, but didn't get picked up until a full drive idle scan this morning. So real-time missed it. Probably because I have chocolatey trusted. Everything is supposed to be scanned already, I thought. Then again, they offer integrated virus scanning as a paid feature; I hope that doesn't mean they don't scan pushed packages by default.Usually Kaspersky is pretty good about labeling PUA detections (will say not-a-virus right on the label) and it isn't heuristic either which is naturally a lot more likely to be false. So it tripped some signature. That doesn't mean it can't be a false positive though. Unfortunately I deleted the file before I thought to upload it to VirusTotal or send it in. I scanned the Windows zip and source code from Github to see if it caused a detection as well though and didn't detect anything. Also, pandoc-citeproc.exe is not in those archives anyway, perhaps those data are associated with the chocolatey package specifically?Just wanted to inform. I don't think anything bad happened to my PC. I hope it isn't indicative of someone somehow sneaking trojans into other legitimate chocolatey packages after they've been pushed to the repo. That seems like a stretch though.If you have any insight on this I'd appreciate it. I might just need to switch antivirus providers. Their firewall has been aggravating me for days as it is. Have a nice day.