A hello world wxWidgets application is marked as malicious/a virus by various AV vendors (Issue #22147)
BullyWiiPlaza
Describe the bug
When I compile the simple hello world example statically and upload it to VirusTotal, I get 9 AV detections: https://stackoverflow.com/questions/71193681
Expected vs observed behaviour
A expect a hello world application to yields 0 AV detections.
Patch or snippet allowing to reproduce the problem
See the StackOverflow post above for the full source code.
Skip this step if the problem can be reproduced in one of the samples without any changes.
To Reproduce
Steps to reproduce the behaviour, please make them as detailed as possible, e.g.
- Create a new Visual C++ project and make sure the
SubSystemis set toWindows (/SUBSYSTEM:WINDOWS) - Install the vcpkg wxWidgets package via e.g.
vcpkg install wxWidgets:x64-windows-static - Copy and paste the hello world source code into the Main.cpp file
- Compile the project
- Upload the generated EXE (~ 4MB) to VirusTotal
- Observe the AV detections
Platform and version information
- wxWidgets version you use: v3.1.5
- wxWidgets port you use: [e.g. wxMSW, wxGTK, wxOSX]
- OS and its version: Windows 11
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
PB
I do not use vcpkg and I was unable to reproduce the issue with self-built wxWidgets.
Step 1. I built wxWidgets 3.1.5 in 64-bit static configuration with MSVC 2019 16.11.10 using solution WXDIR/build/msw/wx_vc16.sln.
Step 2. I then copied the Hello Word code to my project linking to wxWidgets built in Step 1 and built the project.
Step 3. I checked the resulting executable with the VirusTotal website, which reported no issues at all.
So my conclusions are, assuming those issues are not false alarms (which I would not be surprised at) that either the wxWidgets vcpkg package or your computer are compromised. wxWidgets vcpkg package is not maintained by wxWidgets team so the issues must be reported to its maintainers, i.e., the vcpgkg team.
However, I am not sure what exactly you mean by "compile statically", I linked wxWidgets statically but the CRT is still linked dynamically. Not sure what vcpkg does for "static" and how linking the CRT statically may affect the malware check.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
BullyWiiPlaza
However, I am not sure what exactly you mean by "compile statically", I linked wxWidgets statically but the CRT is still linked dynamically. Not sure what vcpkg does for "static" and how linking the CRT statically may affect the malware check.
I also compiled with a static CRT since it seemingly doesn't let you mix a dynamic CRT with a static library (when using vcpkg libraries). The linker error would be LNK2038 mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MD_DynamicRelease' in wxWidgetsHelloWorld.obj.
I'll open an issue for vcpkg but you can finally also try using vcpkg and see if you can then reproduce the AV detections. I highly doubt my PC is infected in any way or even in this strange fashion. There is also no malware in the compiled EXE at all, just false AV detections.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
VZ
I have no idea what could we possibly do about this, so the only course of action I can suggest is to try contacting the AV vendors.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.