alert on soldat dl page & vir

[mrhx]

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fsoldat.pl%2Fen%2Fdownload%2Fsoldatserver2.7.8_1.6.8.zip&client=googlechrome&hl=en

So I checked the soldatserver2.7.8_1.6.8.zip and Avira found trojan. Virustotal 6/57 - https://www.virustotal.com/pl/file/ade8dcf6e12aac6daae22aed9120d89f7e4c4e6c4363147bcdbd997c1d29ed4a/analysis/1426023042/

Maybe false positive but soldatserver2.7.5_1.6.5.zip 0/57 on virustotal.

[Shoozza]

Thanks, we were notified by a user about download warnings a few days ago but didn't know why they happened.

I scanned the executable files in the zip file:
soldatserver_legacy.exe       15 / 57
soldatserver_osx               0 / 54
soldatserver                   0 / 54
soldatserver.exe               1 / 55 (WS.Reputation.1    20141120)
soldatserver_legacy            0 / 54

The only file that might be problematic is soldatserver_legacy.exe.
To be sure I suggest to only use the non legacy version for now.

More scans here:
soldatserver2.7.7_1.6.7.zip     3 / 55 (1 / 48 before rescan - only Avira detected someting 9 months ago)
soldatserver2.7.6_1.6.6.zip     0 / 57
soldatserver2.7.5_1.6.5.zip     0 / 57

My assumption is that the "scriptcore plugin/extension system" (loading of dlls in non safe mode) is falsely detected as a Trojan.
I submitted the soldatserver_legacy.exe to Avira for review, let's see how that works out.

Apparently the detection was a false positive: https://analysis.avira.com/en/status?uniqueid=dcSsNJ5Tv8vFU8Ry6LjSwOXRY13LcOFx&incidentid=1839382

For future reference: http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm

[Name]

Did we have enough yet?