[vim/vim] xxd.exe is detected by an awful lot of virus scanners (Issue #15093)

148 views
Skip to first unread message

Henk Poley

unread,
Jun 24, 2024, 5:21:52 AM6/24/24
to vim/vim, Subscribed

Steps to reproduce

Maybe a false positive, but:

  1. Run Windows
  2. Download installer from: https://github.com/vim/vim-win32-installer/releases/download/v9.1.0512/gvim_9.1.0512_x64.exe
  3. C:\Program Files\Vim\vim91\xxd.exe is probably detected by your virusscanner (e.g. Windows Defender does).

See on VirusTotal:

Expected behaviour

No virus detection.

Version of Vim

Windows gvim 9.1.0512

Environment

Windows 11 23H2

Logs and stack traces

No response


Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/15093@github.com>

Henk Poley

unread,
Jun 24, 2024, 5:46:27 AM6/24/24
to vim/vim, Subscribed

Should I (re)post this at vim/vim-win32-installer? E.g. https://github.com/vim/vim-win32-installer/issues


Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/15093/2186073526@github.com>

K.Takata

unread,
Jun 24, 2024, 5:48:48 AM6/24/24
to vim/vim, Subscribed

Closed #15093 as not planned.


Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issue/15093/issue_event/13263536205@github.com>

K.Takata

unread,
Jun 24, 2024, 5:48:52 AM6/24/24
to vim/vim, Subscribed

Please see this FAQ: https://github.com/vim/vim-win32-installer/wiki
There is not much we can do about it. If you don't mind helping us, please inform it to each anti-virus vendor.


Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/15093/2186078619@github.com>

Henk Poley

unread,
Jun 24, 2024, 5:52:26 AM6/24/24
to vim/vim, Subscribed

Yeah, but it's not really detecting the Nullsoft installer (very much, only by some obscure scanners).

I'll try contacting Microsoft, Bitdefender and TrendMicro. I think the most legitimate from the bunch.


Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/15093/2186085721@github.com>

Henk Poley

unread,
Jun 24, 2024, 8:39:09 AM6/24/24
to vim/vim, Subscribed

Just for reference, increase in detections on VirusTotal seems to have started with gvim 9.1.0466 from 5 June 2024.


Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/15093/2186482970@github.com>

Henk Poley

unread,
Jun 25, 2024, 3:30:42 AM6/25/24
to vim/vim, Subscribed

I've submitted a false positive review to Bitdefender and Microsoft.

Locally Bitdefender no longer detects and removes xxd.exe 9.1.0514

On VirusTotal those both still detect xxd.exe 🤷‍♂️. I suppose most of the other scanners just "went along with the big guys".


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/15093/2188181656@github.com>

Reply all
Reply to author
Forward
0 new messages