Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

virustotal detect file as virus #20

Open
ghost opened this issue Feb 7, 2021 · 12 comments
Open

virustotal detect file as virus #20

ghost opened this issue Feb 7, 2021 · 12 comments

Comments

@ghost
Copy link

ghost commented Feb 7, 2021

the script is very good and simple to use the problem is that virustotal detect that the obfuscated file as a virus Html.Win32.Script.504508

virustotal url

@ghost ghost changed the title virustotqal detect file as virus virustotal detect file as virus Feb 8, 2021
@jsgm
Copy link

jsgm commented Feb 26, 2021

I'm having this issue as well, did you manage to solve it in some way?

@2braincells2go
Copy link

LOVE this obfuscator class, but same issue and had to stop using on our school network. Others that talked about this but think author not interested in helping. I am 99.9% sure it is false positive, but on our school network such alerts are forbidden. Makes me very sad.

@jsgm
Copy link

jsgm commented Feb 26, 2021

LOVE this obfuscator class, but same issue and had to stop using on our school network. Others that talked about this but think author not interested in helping. I am 99.9% sure it is false positive, but on our school network such alerts are forbidden. Makes me very sad.

This obfuscator is in my opinion much stronger that others I've seen. Sadly my files are getting deleted in cPanel based hostings.

The antivirus reasonably detect them as suspicious files so I guess there is no way to solve this unless you whitelist the obfuscated files :(

@ghost
Copy link
Author

ghost commented Feb 26, 2021

LOVE this obfuscator class, but same issue and had to stop using on our school network. Others that talked about this but think author not interested in helping. I am 99.9% sure it is false positive, but on our school network such alerts are forbidden. Makes me very sad.

This obfuscator is in my opinion much stronger that others I've seen. Sadly my files are getting deleted in cPanel based hostings.

The antivirus reasonably detect them as suspicious files so I guess there is no way to solve this unless you whitelist the obfuscated files :(

The same thing happened to a customer of mine who bought my product with some obfuscated code (to protect the license). Also hosting provider like Namecheap ( i thing GoDaddy too) detected suspicious files even as SHELL but my code is absolutely clean and clear, they suspended my customer wordpress hosting service
I also pointed this out to VirusTotal without getting any response (I MUST have a VirusTotal premium account to solve the situation, a mafia made to make you spend money.)
Too bad because i think it's a great free tool to protect developers' code.
I hope the developer @pH-7 ph-7 reads our comments and fixes the situation would make us a huge gift.

@jsgm
Copy link

jsgm commented Feb 26, 2021

LOVE this obfuscator class, but same issue and had to stop using on our school network. Others that talked about this but think author not interested in helping. I am 99.9% sure it is false positive, but on our school network such alerts are forbidden. Makes me very sad.

This obfuscator is in my opinion much stronger that others I've seen. Sadly my files are getting deleted in cPanel based hostings.
The antivirus reasonably detect them as suspicious files so I guess there is no way to solve this unless you whitelist the obfuscated files :(

The same thing happened to a customer of mine who bought my product with some obfuscated code (to protect the license). Also hosting provider like Namecheap ( i thing GoDaddy too) detected suspicious files even as SHELL but my code is absolutely clean and clear, they suspended my customer wordpress hosting service
I also pointed this out to VirusTotal without getting any response (I MUST have a VirusTotal premium account to solve the situation, a mafia made to make you spend money.)
Too bad because i think it's a great free tool to protect developers' code.
I hope the developer @pH-7 ph-7 reads our comments and fixes the situation would make us a huge gift.

What alternative did you use for the case of your customer? I'm not sure how to proceed since I use the Obfuscator for licensing as well

@2braincells2go
Copy link

Ended up using https://phpbolt.com/download-phpbolt/ Not really what we wanted but only protecting some mock tests on school network. Can't really say how strong PHPBolt is out in open web, only used on closed network.

Get overview here https://techglimpse.com/php-encoders-protect-source-code/

Much rather use this class, but it is forbidden from net work at this time.

@ghost
Copy link
Author

ghost commented Feb 26, 2021

Ended up using https://phpbolt.com/download-phpbolt/ Not really what we wanted but only protecting some mock tests on school network. Can't really say how strong PHPBolt is out in open web, only used on closed network.

Get overview here https://techglimpse.com/php-encoders-protect-source-code/

Much rather use this class, but it is forbidden from net work at this time.

it works well the problem is that cPanel didn't have it by default (like ioncube for example) the newbie user doesn't know how to install it.

@ghost
Copy link
Author

ghost commented Feb 26, 2021

LOVE this obfuscator class, but same issue and had to stop using on our school network. Others that talked about this but think author not interested in helping. I am 99.9% sure it is false positive, but on our school network such alerts are forbidden. Makes me very sad.

This obfuscator is in my opinion much stronger that others I've seen. Sadly my files are getting deleted in cPanel based hostings.
The antivirus reasonably detect them as suspicious files so I guess there is no way to solve this unless you whitelist the obfuscated files :(

The same thing happened to a customer of mine who bought my product with some obfuscated code (to protect the license). Also hosting provider like Namecheap ( i thing GoDaddy too) detected suspicious files even as SHELL but my code is absolutely clean and clear, they suspended my customer wordpress hosting service
I also pointed this out to VirusTotal without getting any response (I MUST have a VirusTotal premium account to solve the situation, a mafia made to make you spend money.)
Too bad because i think it's a great free tool to protect developers' code.
I hope the developer @pH-7 ph-7 reads our comments and fixes the situation would make us a huge gift.

What alternative did you use for the case of your customer? I'm not sure how to proceed since I use the Obfuscator for licensing as well

at the moment the only alternative is Ioncube, but it costs too much for me.

@oleteacher
Copy link

Ended up using https://phpbolt.com/download-phpbolt/ Not really what we wanted but only protecting some mock tests on school network. Can't really say how strong PHPBolt is out in open web, only used on closed network.
Get overview here https://techglimpse.com/php-encoders-protect-source-code/
Much rather use this class, but it is forbidden from net work at this time.

it works well the problem is that cPanel didn't have it by default (like ioncube for example) the newbie user doesn't know how to install it.

Not hard to install, but not something I do. From my years of past cPanel experience, many hosting provides will install something like phpbolt for you. Best to simply ask.

@ghost
Copy link
Author

ghost commented Feb 26, 2021

I know, i installed it in minutes, but you can't force customers to do so unfortunately.

@oleteacher
Copy link

I know, i installed it in minutes, but you can't force customers to do so unfortunately.

Oh, I see now. Pretty much open source developer and only using encryption to protect mock school tests. Some sneaky (smart) students always seem to trick system unless encrypted.

Seem if you are charging, you can build in encryption cost. My brother sells his work and uses the ioncube online version and very reasonable https://www.ioncube.com/online_encoder.php

@pH-7
Copy link
Owner

pH-7 commented Mar 3, 2021

This is a known issue. And I do know how much it can be annoying. Unfortunately, I cannot do anything to prevent this.
Because the files are obfuscated, anti-virus and other Web hosting’s security scans don’t trust those files since they cannot read and know what’s inside of those files. Although, you know that your code is safe, but since it’s obfuscated, security scans cannot know this and then flag obfuscated files as suspicious.
At the moment, there is no way I can find of, to prevent this. Any suggestions are more than welcome 🤗 If you fund a way to prevent this, please create a PR and I will be glad to review your changes 🥳

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants