Cura 2.3.1 flagged by Virustotal

[Fast6er 0]

Hi team-

My new workplace has very stringent software security policies, including thorough inspection of software that hasn't previously been vetted.

One of the steps is a Virustotal scan, and Cura 2.3.1 threw 4 flags. FWIW, 2.3.0 threw 2 flags.

As such, I have no recourse to install the software on my corporate computer, which is a real downer.

Is there anything that can be done to address these (assuming) false positives, or, (worst case) malicious code?

Thanks in advance for any help or insight.

[IRobertI 445]

If your workplace had competent IT people they would know that 4 positives on Virustotal doesn't really mean anything.

[Fast6er 0]

If you knew who my employer was, you may revise your opinion

Here's the report:

linky

As I mentioned, this is one metric of several they use, and these results make them wary. The responsibility lies on either me or Ultimaker to prove that Cura is safe to install and run. My experience is purely anecdotal across several machines and versions, and that's not worth much to them. Their suggestion was that I ask for Ultimaker's input.

[DaHai8 69]

I find it a little odd that the file being analyzed is a win64 program, yet the Virustotal scan categorizes it as a win32 / 386 processor executible.

Are they sure they analyzed the right file or are their catagories that far out of date?

[nallath 710]

"Generic Trojan" -> there is fairly little we can do about this. We tried getting Cura listed on the whitelist of some of the virus scanner companies, but it's a lot of work getting it done with every single one of them.

We suspect that it's the combination of Cura being able to send statistics (if you agree) and it using a local (socket) connection with the backend.

What would it take to prove that it's safe? Show them the source code? That we can do!

[Fast6er 0]

Thanks for your responses.

nallath, sending you a message