Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclemma-dev] Is the AV detection on the Eclemma docs plugin on the 2023-12 release of JDT a FP?

I've reported it as a false positive to the AV vendors. Hopefully they'll remove the signatures.

Thanks,
Alan

On 2023-12-26 5:41 a.m., Marc Hoffmann wrote:
Hi Alan,

thanks for raising this issue! For me it looks like a false positive:

1) Eclipse distro build is a different bild than on GitHub. Therefore the different signature.
2) Distro jar (org.eclipse.eclemma.doc_3.1.8.202311140945.jar) triggers several warnings (see below), GitHub release jar (org.eclipse.eclemma.doc_3.1.8.202312121452.jar) is green.
3) I compared both JARs: No differences beside the Meta information about build timestamp und release commit.

Is there anything we can do about it?

Best regards,
-marc




> On 26. Dec 2023, at 09:03, Al T via eclemma-dev <eclemma-dev@xxxxxxxxxxx> wrote:
>
> Sorry if this isn't the correct place to ask this.
>
> The plugin named "org.eclipse.eclemma.doc_3.1.8.202311140945.jar" with SHA256 E5F6C8694784E7DC01B69621885DCF848DD266357C5B250FF2058E63278C3AC4 in the 2023-12 release of Eclipse IDE is detected by multiple AV engines on VirusTotal. It's included in both the Eclipse IDE JDT and JEE 2023-12 releases. It doesn't match the 3.1.8 build on the Eclemma website and Github. Is this a false positive?
>
> Thanks,
> Alan
>
> _______________________________________________
> eclemma-dev mailing list
> eclemma-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/eclemma-dev


Back to the top