Virus in FileZilla_3.45.1_macosx?

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
fredformac
500 Command not understood
Posts: 1
Joined: 2019-10-04 07:00
First name: Fritz
Last name: S

Virus in FileZilla_3.45.1_macosx?

#1 Post by fredformac » 2019-10-04 07:05

I downloeded FileZilla_3.45.1_macosx-x86.app.tar.bz2 and test it on VirusTotal.
One warning comes:
https://www.virustotal.com/gui/file/d57 ... /detection
Adware.Mac.InstallCore.516

I zipped the FileZilla.app and upload them - the same
https://www.virustotal.com/gui/file/9b5 ... /detection

Whats wrong?

Greetings
Fred
--
nice greetings
Fred

User avatar
boco
Contributor
Posts: 24751
Joined: 2006-05-01 03:28
Location: Germany

Re: Virus in FileZilla_3.45.1_macosx?

#2 Post by boco » 2019-10-04 07:40

The SHA256 checksum matches the official Mac OS package. That's the non-bundled package that doesn't contain any sponsored offers.

You do know that Antivirus scanners are not infallible? Let's check:

- Official package
- non-bundled
- checksum matches
- detection count 1 of 57 engines
- detected as Adware, NOT AS VIRUS

Result: False positive.

Looks like the DrWeb AV is either very lazy (the InstallCore detection is usually with the sponsored packages), wrongly detects the Nullsoft Installer, or, most probably, is fed wrongly by its users (cloud detection/rating).
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

dorsdn
500 Command not understood
Posts: 1
Joined: 2019-10-09 06:04
First name: Torsten

Re: Virus in FileZilla_3.45.1_macosx?

#3 Post by dorsdn » 2019-10-09 06:17

Hello,

Same here with windows 64bit installation first with exe. After I accepted that Bullguard wanted to block a certain dll. (see picture)

I guess I can accept that, too?!

Best Regards,Torsten
Attachments
filezilla.JPG
filezilla.JPG (28.85 KiB) Viewed 1258 times

User avatar
botg
Site Admin
Posts: 32423
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Virus in FileZilla_3.45.1_macosx?

#4 Post by botg » 2019-10-09 07:10

It's a false-positive, the offer-enabled installer is not infected.

franrodalg
500 Command not understood
Posts: 2
Joined: 2019-10-18 15:12

Re: Virus in FileZilla_3.45.1_macosx?

#5 Post by franrodalg » 2019-10-18 15:22

Hi,

I got v3.45.1 from the automatic update link that FileZilla provides. A colleague, however, needed to download it anew, but got a security threat warning when trying to install the application. I thus downloaded it as well from

https://download.filezilla-project.org/ ... -setup.dmg

and checked the contents of the application package. Within the folder "Contents/MacOS/" there is a single file called ransom. Are you really convinced that the warnings are false positives?

BTW, in my own installed version, that folder contains four files: filezilla, fzputtygen, fzsftp and fzstorj

User avatar
boco
Contributor
Posts: 24751
Joined: 2006-05-01 03:28
Location: Germany

Re: Virus in FileZilla_3.45.1_macosx?

#6 Post by boco » 2019-10-18 22:07

I cannot really help (no Mac user) but the file's name is "ramson", not "ransom". It looks like it's bearing an Apple certificate.

Of course, that is not telling anything about the file itself, but it simply might be a (badly chosen) codename. Ramson is a garlic-like type of plant.

@botg needs to take a look.


The app packages from the https://filezilla-project.org/download.php?show_all=1 site should not upset any good functioning AV.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

franrodalg
500 Command not understood
Posts: 2
Joined: 2019-10-18 15:12

Re: Virus in FileZilla_3.45.1_macosx?

#7 Post by franrodalg » 2019-10-19 09:50

You're right, the file name is ramson. Apparently, both I and her AV software had misread it. I will share with her the download link you provide, thanks. It seems to contain the same application as I have already installed.

User avatar
botg
Site Admin
Posts: 32423
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Virus in FileZilla_3.45.1_macosx?

#8 Post by botg » 2019-10-21 07:13

It's a false-positive, there is no malware in the offer-enable installer.

Post Reply