Possible virus in a release

[MaverickCT]

Hi
I just downloaded a copy of "Firebird-5.0.1.1469-0-windows-x86.zip"
and when i ran my virus checker it told me there was a virus in the file in NBackup.exe. Please see the attached screenshot

Firebird-5.0.1.1469-0-windows-x86.exe did notreport a virus

I hope this is not a false alarm but better safe than sorry

[mrotteveel]

As far as I can tell, it is a false positive. The 14 scanners of Jotti don't report issues: https://virusscan.jotti.org/en-US/filescanjob/xab5d7ydge, nor for nbackup.exe individually: https://virusscan.jotti.org/en-US/filescanjob/wttk44jss2

On VirusTotal, out of 72 scanners, one (Xcitium) reports the same Trojan (https://www.virustotal.com/gui/file/938bc1afd3e7a2113d59868861d6f1bcc3ed9732df4e83c9e0c8a10494d385e8) (two if you scan the entire zip, but the other one I can discount 100%, because that is triggered by a (potential) lookup to a Microsoft IP address for debug builds, which the zip contains for one of the examples).

I think it is a false positive. Likely it trips over some kind of signature which is either a common compiler artifact, or a combination of factors which looks suspicious.

[asfernandes]

Would like to add that this build happens in Github Actions pipeline without manual intervention.

[mrotteveel]

I have submitted the file to Comodo for analysis as a false-positive on https://www.comodo.com/home/internet-security/submit.php

[mrotteveel]

I received a response from Comodo today:

Hello,

This is to inform you that the false-positive with nbackup.exe (SHA1: 16d9a6503b249616ae50d629aee6fe6da90c36fc) has been fixed.
You can update to AV database version 37359 of your Comodo security product and confirm it.

Regards,
Comodo Antivirus Lab

With that, I'll close this ticket.