Detected Malware latest Windows release | VirusTotal
17 views
Skip to first unread message
Josh
Jul 2, 2024, 12:16:03 AM (yesterday) Jul 2
to tesseract-ocr
Hello there,
I was scanning the installer for the latest Windows release of tesseract. 1 security vendor flagged the file as malicious. Is there a reason that might be?
Misti Hamon
Jul 2, 2024, 11:31:28 AM (17 hours ago) Jul 2
to tesser...@googlegroups.com
I'm not one of the developers, and I don't do anything for windows anymore (this issue is one of them). It sounds like, reading through your link, that there isn't anything actually malicious, just one of the certificates has expired (or, is near expiring and your system clock is off in some way - reporting utc as local time, maybe, or the certificate didn't specify its timezone correctly).
If this is the case, it's why a lot of "small" devs I know are backing away from providing builds for windows, if you don't pay Microsoft for a "certificate" that you are a legitimate developer and sign all your code with it, the anti-virus blocks you as malicious (gone are the days of actually scanned software for the fingerprints of known malware, now they just check if everything is signed with a valid pay--microsoft-to-play certificate that has not expired)
--
You received this message because you are subscribed to the Google Groups "tesseract-ocr" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tesseract-oc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tesseract-ocr/b6e38821-1c7a-4b8e-be20-dde9c0983cebn%40googlegroups.com.
Tom Morris
Jul 2, 2024, 1:55:12 PM (15 hours ago) Jul 2
to tesseract-ocr
On Tuesday, July 2, 2024 at 12:16:03 AM UTC-4 joshbr...@gmail.com wrote:
I was scanning the installer for the latest Windows release of tesseract. 1 security vendor flagged the file as malicious. Is there a reason that might be?https://www.virustotal.com/gui/file/c885fff6998e0608ba4bb8ab51436e1c6775c2bafc2559a19b423e18678b60c9/detection
That web site currently says 0 vendors flagged the file, so I suspect it was a transient false positive, but, unfortunately, the site doesn't appear to keep a history of its updates. Also anyone can request a re-analysis and when I looked it said it had been last updated 45 minutes ago.
You don't say anything about the provenance of the file that you tested, but based on the file name, I'm guessing it's UB-Mannheim's unofficial binary build. They provide those as a convenience, but you certainly can build your own if you want the peace of mind of knowing exactly what it includes.
Tom
Reply all
Reply to author
Forward
0 new messages