Jump to content
The Uniform Server Community
sudeepjd

Uniform Server Zero Malware is a False Positive

Recommended Posts

We have received some concerns from the community that Uniform Server Zero XIV 14.0.0 is being flagged as a Trojan or Malware by some antivirus scanners. This is because we have included a couple of compiled AutoIT scripts in the new version. Unfortunately some of the antivirus scanners seem to be flagging ANY AutoIT programs as malware just because they are written in AutoIT (See Note Below). A forum discussion can be found at https://www.autoitscript.com/forum/topic/126034-protect-yourself-against-false-virus-detection/

We have submitted these files to VirusTotal as well to see if they can get excluded as a not a virus. 

The specific files in Uniform Server XIV 14.0.0 are as follows:

  • core/mysql/bin/mysqlhide.exe -> This hides the console window for MySQL8.
  • home/us_pear/Intall_PEAR.exe -> This is in the ZeroXIV_pear_1_0_0.exe module, which completely automates the PEAR installation.

The source code of these files can be found at our UniformServer Github repo at https://github.com/iamola/uniserver/tree/master/UniController/autoit

 

Note: I tested a blank compiled AutoIT file with nothing more than a comment at https://www.virustotal.com/gui/file/236867139b4fc19924f1e228aaec3c8b3bee7f40717277bdb906f0ab15874930/detection and it seems to be caught as malware by scanning engines.

Share this post


Link to post
Share on other sites

With the released update of UniController v2.3.1, we have removed the need for the AutoIT script MySQLHide.. and so the latest version of UniformServer Zero XIV 14.0.1 will not have the script and will scan clean.

home/us_pear/Intall_PEAR.exe -> This is in the ZeroXIV_pear_1_0_0.exe module, which completely automates the PEAR installation still contains the AutoIT script which completely automates the PEAR installation, and may scan as a false positive.

Share this post


Link to post
Share on other sites

×
×
  • Create New...