FileZilla Forums

I downloeded FileZilla_3.45.1_macosx-x86.app.tar.bz2 and test it on VirusTotal.
One warning comes:
https://www.virustotal.com/gui/file/d57 ... /detection
Adware.Mac.InstallCore.516

I zipped the FileZilla.app and upload them - the same
https://www.virustotal.com/gui/file/9b5 ... /detection

Whats wrong?

Greetings
Fred

The SHA256 checksum matches the official Mac OS package. That's the non-bundled package that doesn't contain any sponsored offers.

You do know that Antivirus scanners are not infallible? Let's check:

- Official package
- non-bundled
- checksum matches
- detection count 1 of 57 engines
- detected as Adware, NOT AS VIRUS

Result: False positive.

Looks like the DrWeb AV is either very lazy (the InstallCore detection is usually with the sponsored packages), wrongly detects the Nullsoft Installer, or, most probably, is fed wrongly by its users (cloud detection/rating).

Hello,

Same here with windows 64bit installation first with exe. After I accepted that Bullguard wanted to block a certain dll. (see picture)

I guess I can accept that, too?!

Best Regards,Torsten

It's a false-positive, the offer-enabled installer is not infected.

Hi,

I got v3.45.1 from the automatic update link that FileZilla provides. A colleague, however, needed to download it anew, but got a security threat warning when trying to install the application. I thus downloaded it as well from

https://download.filezilla-project.org/ ... -setup.dmg

and checked the contents of the application package. Within the folder "Contents/MacOS/" there is a single file called ransom. Are you really convinced that the warnings are false positives?

BTW, in my own installed version, that folder contains four files: filezilla, fzputtygen, fzsftp and fzstorj

I cannot really help (no Mac user) but the file's name is "ramson", not "ransom". It looks like it's bearing an Apple certificate.

Of course, that is not telling anything about the file itself, but it simply might be a (badly chosen) codename. Ramson is a garlic-like type of plant.

@botg needs to take a look.


The app packages from the https://filezilla-project.org/download.php?show_all=1 site should not upset any good functioning AV.

You're right, the file name is ramson. Apparently, both I and her AV software had misread it. I will share with her the download link you provide, thanks. It seems to contain the same application as I have already installed.

It's a false-positive, there is no malware in the offer-enable installer.