submit helper to (at least the official) malware analysis
after dealing with windows security false positives, it might be interesting to integrate submission to some malware analysis services within our CI
it seems it would be easy to submit to the joesandbox at least: https://github.com/joesecurity/jbxapi
Activity
after dealing with windows security false positives, it might be interesting to integrate submission with our CI
it seems to be easy to submit to the joesandbox at least: https://github.com/joesecurity/jbxapi
It seems that you either have to run it yourself, or you submit it to their cloud service. Looking at https://www.joesecurity.org/joe-sandbox-cloud#accounts the free tier doesn't have REST API support :o
mentioned in merge request !94 (closed)
ok, so maybe at least we should dispute the classification by Windows Defender:
Microsoft security researchers analyze suspicious files to determine if they are threats, unwanted applications, or normal files. Submit files you think are malware or files that you believe have been incorrectly classified as malware. For more information, read the submission guidelines.
I will submit it with our official account.
Edited by Kali Kanekomentioned in issue #222
-
another option is to get something to monitor virustotal, there are some tools/libraries here: https://support.virustotal.com/hc/en-us/articles/360006819798-API-Scripts-and-client-libraries
thinking twice, I think I wouldn't submit from the ci, since I suspect the fact that an installer is not signed with a valid authenticode will count negatively in whatever heuristic it is used.
-
sigcheck also has virustotal integration. checking after signing would be a good thing to do, imho. https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
added 2021 RiseupQ1 label