New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FALSE POSITIVE NOTIFY] - Weird update on Virus Total database #236
Comments
The Log4J vulnerability warning has nothing to do with XSeries, because it doesn't even log anything. |
My plugins that use this library also got flagged as malware and some of my users are understandably concerned. Once upon a time when I used method handles instead of reflection I also triggered some antivirus. So it might be some code that could have accessed system resources but wasn't used for that purpose. |
My main plugin other than XSeries, also uses a lot of system APIs and extreme reflection to mess with class loaders and other "suspicious-looking" code, but VirusTotal is totally (no pun intended) fine with it. It's not obfuscated. (It doesn't shade XSeries itself tho) |
Hello, sorry for the delay, the antivirus is: "BitDefender" has a free version and it is the same, and do you think you can tell me how to exclude shaded, please? |
It's in the readme page. <exclude>com/cryptomorin/xseries/SkullUtils*</exclude> |
Now it seems to be the switch statment in https://www.virustotal.com/gui/file/ab72a4c20c91848f62f1dfb57f72be1e58d978eda8439cfa5e750a2c762c6dcf |
I'm really unsure why it'd flag that method specifically. Because there are other methods that use even longer switch statements like that. |
I believe this can be closed now as it is no longer triggering positives in the latest version. |
Huh, that's weird. That's great to hear tho. Thanks for checking. |
Hi, I’ve been using XSeries for a long time and I have no doubt that it’s very good and also safe, as it’s even open source. However, I work on plugin commissions, and I’ve been using XSeries for a year now, but just this week several people have been unable to download what I do, as it’s flagged as a virus. I tried removing all the libraries, and I realized that it came from XSeries. I mainly wanted to confirm if everything is okay with the library and so on. I attach evidence of the same jar, only removing the XSeries.
(maybe it comes from something else, I don't think so, but hey, sorry if it's nonsense but it's something to know haha)
maven version:
com.github.cryptomorin
XSeries
9.3.1
edit: with last version (9.6.0) happens the same issue
The text was updated successfully, but these errors were encountered: