Home Tutorials Download Beta Store Forum Documentation KnowledgeBase Wiki Blog

ShiVa3D

Return to Bugs

False virus warning for java plugin?

Report bugs and issues

False virus warning for java plugin?

Postby beezir » 02 Sep 2010, 07:54

I recently tried the tech demos via browser plugin and my virus scanner reported the trojan Java/Rowindal.A and blocked the java app from running. I suspect it's a false positive due to the mechanism used for installing the plugin.

I'm running on Windows 7 64-bit, virus scanner is ESET NOD32.

The specific file is http://cdn.stonetrip.com/players/1.8.1/installer/S3DInstaller2.jar and the exact message is "probably a variant of Java/Rowandal.A trojan".
beezir
Fresh Boarder
Fresh Boarder
 
Posts: 2

Re: False virus warning for java plugin?

Postby Dje » 02 Sep 2010, 10:28

Hum.. just installed ESET NOD32 and no warning so far... tested twice.
Is somebody else having the same issue ?

We will try to contact ESET to check that point.

Thank you for reporting.
User avatar
Dje
Platinum Boarder
Platinum Boarder
 
Posts: 601

Re: False virus warning for java plugin?

Postby beezir » 02 Sep 2010, 16:28

I played around with it a little bit. It looks like the "heuristics" or "advanced heuristics" options in web protection -> threatsense settings is the culprit. Warning disappears if I disable those. Also, it only seems to trigger on the java plugin installation part - once the plugin is installed there are no more warnings.
beezir
Fresh Boarder
Fresh Boarder
 
Posts: 2

Re: False virus warning for java plugin?

Postby giggsy » 10 Dec 2010, 11:09

Hi!

I just ran into the same issue with a little test game of mine:
Win7 64bit Prof., NOD32 anti virus 4 getting:
Object: http://cdn.stonetrip.com/players/1.8.1/installer/S3DInstaller3.jar
Threat: Probably a variant of java/Rowindal.A trojan


For now, I just deactivated the AV and installed it, but I guess "normal" users cant do this if they dont have any admin rights ;)
User avatar
giggsy
Platinum Boarder
Platinum Boarder
 
Posts: 1093
Location: Austria

Re: False virus warning for java plugin?

Postby Dje » 10 Dec 2010, 11:14

We are goin' to work on the plugin right after Christmas, we will take an in depth look at this problem.
User avatar
Dje
Platinum Boarder
Platinum Boarder
 
Posts: 601

Re: False virus warning for java plugin?

Postby makkar » 04 Mar 2013, 13:23

Are the virus issues under control now? I got a virus warning report without details that my page with embedded Shiva content gives some warning:

http://www.archimmersion.com/3DVirtualConference/3DVirtualBooth_ATT.html

I hope to receive more information about this.
User avatar
makkar
Platinum Boarder
Platinum Boarder
 
Posts: 1482

Re: False virus warning for java plugin?

Postby makkar » 04 Mar 2013, 14:00

Seems like it is about the plugin executable:
Image

Which in English says that the URL was listed among the malware spreading pages, so it was blocked.
User avatar
makkar
Platinum Boarder
Platinum Boarder
 
Posts: 1482

Re: False virus warning for java plugin?

Postby broozar » 04 Mar 2013, 14:56

about the recent warning:

our installer is virus free and our website does neither host nor distribute malware. NOD32 is also the only scanner that gives you this false positive. we have tried contacting ESET weeks ago, to no success, so it is unlikely that they will take our website off their index.
User avatar
broozar
Platinum Boarder
Platinum Boarder
 
Posts: 3340
Location: Berlin - Germany

Re: False virus warning for java plugin?

Postby makkar » 04 Mar 2013, 16:30

I understand, nevertheless this isn't a situation worth resigning into. I hope Stonetrip will keep trying at ESET for clearing up the situation.

You know it wasn't a totally calming message for my potential client that the makers of the plugin are unlikely to be able to correct the situation.
User avatar
makkar
Platinum Boarder
Platinum Boarder
 
Posts: 1482

Re: False virus warning for java plugin?

Postby broozar » 04 Mar 2013, 16:47

We would like to fix the situation, and we are trying to, but this matter really is out of our hands.
User avatar
broozar
Platinum Boarder
Platinum Boarder
 
Posts: 3340
Location: Berlin - Germany

Re: False virus warning for java plugin?

Postby makkar » 04 Mar 2013, 16:52

I tried to verify the URL with VirusTotal, first it came out clean, the second run gave 3 malicious ratings. So there are other places you might try prove the plugin is malware free.

Try here:
https://www.virustotal.com/en/#url

And enter this into the input field:
http://www.stonetrip.com/players/1.8.1/installer/S3DWebPlayer-1.8.1.0.exe
User avatar
makkar
Platinum Boarder
Platinum Boarder
 
Posts: 1482

Re: False virus warning for java plugin?

Postby makkar » 04 Mar 2013, 17:14

I tried to contact ESET, too. I am waiting for their reply.
User avatar
makkar
Platinum Boarder
Platinum Boarder
 
Posts: 1482

Re: False virus warning for java plugin?

Postby makkar » 04 Mar 2013, 17:27

They replied that they sent the URL to their lab for checking....
User avatar
makkar
Platinum Boarder
Platinum Boarder
 
Posts: 1482

Re: False virus warning for java plugin?

Postby broozar » 04 Mar 2013, 20:52

maybe they only respond to customer mails...

also, how can 2 runs of the same service with the same file yield 2 different results. the virusTotal results do not signify viruses at all, they just show that our site may be malicious. only 3 out of 36 checkers gave the "malicious" warning - on grounds unknown, all the "big" companies gave us a green light.

in fact, the actual virus check on the very same site turns out negative: https://www.virustotal.com/en/file/affe962f56e41b806e4db65e22db12bcee7ecc2df261a065058c9282e2e27b0f/analysis/1362408106/

FYI, stonetrip.com and shivaengine.com link to the same site/webspace. all tests run with shivaengine.com turn out negative. now you be the judge of how reliable this service is. i know this is hard to sell to a low-tech customer who believes in virus and malware checkers. therefor we will try to resolve these issues if possible.

please keep us informed about your email correspondence with ESET, because they seemed to ignore us when we contacted them weeks ago.

PS: personally, i believe that everyone is innocent until proven guilty, and we can only run the virus checkers on our software so often with no warnings going off to prove to everyone that it is clean. additionally, all shiva-builds are created on a non-internet connected virtual machine. so we take great care in producing the software. it makes me sad that a company just has to call itself "internet security" and accuse a company like us of hosting malicious sites/software without backing their claims, and is immediately believed by customers.
User avatar
broozar
Platinum Boarder
Platinum Boarder
 
Posts: 3340
Location: Berlin - Germany

Re: False virus warning for java plugin?

Postby DrShivaGo » 04 Mar 2013, 22:46

Yea, I know this scenario from another game engine and another "security" company. They are just interested in to have possibly long black lists! They use them to claim they can find more viruses than their competitors. It's really sad practice because the majority of our customers are rather unexperienced consumers than software developers and this determines pretty much whom they trust more. These common opinions are difficult to change even if more and more viruses are distributed through something like "security check" or use camouflage as ad-ware remover or similar...
DrShivaGo
Expert Boarder
Expert Boarder
 
Posts: 99

Next

Return to Bugs