Hi Christina, Virus checkers often falsely identify NSIS-based exe installers (such as the one Pidgin and many Pidgin plugins use) as a "generic" trojan, as some small part of the installer system matches some other small part of generic trojans. Normally these false-positives go away after virus definition updates after a day or so, sometimes the files have to be manually sent for false-positive verification. I've just sent the installer exe to Baidu on their submit files page at http://antivirus.baidu.com/en/submit-file.php
With regards to signing of programs, you'll see that the executable has a timestamp in it of when it has been signed (Virustotal also shows this on the "File detail" tab). Unlike websites, when exe files (or other object files) are signed, they have a certificate that's valid for a range of dates, as well as a verified signing time that's approved by a trusted third party and the signing time must be within these dates for the file to be valid (Virustotal shows this on the "file detail" tab too). If you view the digitial signature details, you'll see that the file has been timestamped by Comodo but trusted by Certum. So the short answer is, there's nothing wrong with the exe. Cheers, Eion On 23 January 2018 at 07:40, Christina Barker <chris19200...@live.com> wrote: > Upon scanning the Pidgin2.12.0.exe file using VirusTotal 2 vendors show > that this executable contains malware (see link to report below). > Furthermore the signature chain to validate the authenticity of this > download is also broken as one of the certificates expired over 6 months > ago. I confirmed this is true for files served up by at least 3 of the > mirrors in use. > > > > Can someone please confirm where I can download a clean and properly > certified copy of the executable from? > > > > Thanks! > > > > https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2 > ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/ > > > > Signers > > [+] Open Source Developer, Daniel Atallah > <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> > > Status This certificate or one of the certificates in the certificate > chain is not time valid. > Issuer Certum Code Signing CA SHA2 > Valid from 8:55 PM 6/19/2016 > Valid to 8:55 PM 6/19/2017 > Valid usage Code Signing > Algorithm sha256RSA > Thumbprint D3AD05E6A0DD4B777829B84CF8E371181ACD04A7 > Serial number 5C C5 71 21 D5 6F 9C CD B9 90 C4 11 89 AE 4C 0D > > [+] Certum Code Signing CA SHA2 > <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> > > [+] Certum Trusted Network CA > <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> > > Counter signers > > [+] COMODO SHA-256 Time Stamping Signer > <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> > > [+] USERTrust (Code Signing) > <https://www.virustotal.com/en/file/ad2e65a2b968e2f0ce08bbe9227ab2ba314df6e869f22848fcc4b68783cb40cc/analysis/1516532140/> > > > > > > Christina Barker > > GSEC, GCFE, GCIH, GNFA > > > > *[image: Template_GSEC]* > <https://www.youracclaim.com/badges/7c0a122a-c1df-4e50-a2b2-fb304087c1b2> > *[image: Template_GCFE]* > <https://www.youracclaim.com/badges/c714b60b-774a-4731-ad06-21545a2a99a9> > *[image: Template_GCIH]* > <https://www.youracclaim.com/badges/60b33f8a-a7fd-4c74-b4be-e5d73cf9ec15> > [image: GIAC Network Forensic Analyst (GNFA)] > > > > _______________________________________________ > Support@pidgin.im mailing list > Want to unsubscribe? Use this link: > https://pidgin.im/cgi-bin/mailman/listinfo/support >
_______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support
