API tools faq
paste
Dratornic

.7z files flagged as malware?

Dratornic
Oct 23rd, 2024 (edited)
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.84 KB | None | 0 0
raw download clone embed print report
  1. # Was one of my .7z files flagged as malware?
  2.  
  3. You're probably using Windows Defender and if the file was detected with a "!ml" suffix, it's related to Microsoft's machine learning detection which can generate false positives.
  4.  
  5. You will have to either change your antivirus to something else like Bitdefender (free) or manually add an exemption for that .7z file in order to download the file.
  6.  
  7. ## But my browser is flagging your .7z file as malware...
  8.  
  9. Browsers do not have in-built antivirus capabilities, the most browsers could do is have the URL flagged as malicious with a warning screen to users (requires AI or manual reporting from users and inputs from the browser's maintainer like Google).
  10.  
  11. Hence, please check your system's antivirus, as browsers use it to scan and report to themselves and show whether or not a file contains viruses on the browser's download page.
  12.  
  13. ## Sources:
  14.  
  15. - https://www.reddit.com/r/antivirus/comments/14vbcu7/windows_defender_finds_trojanwin32wacatacbml/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
  16. - https://answers.microsoft.com/en-us/windows/forum/all/compile-files-been-prompts-as-wacatacbml/ff50044f-13e6-4ab1-85af-18c337eef069
  17.  
  18. ## My take on this explaining why it's a false positive:
  19.  
  20. Unless there's a zero-day vulnerability like CVE-2017-17969 in the software you're using like 7z or WinRAR, opening .7z files or extracting files from .7z files are usually safe.
  21. After extracting the files, as long as you don't run any executables or scripts, you will be fine.
  22.  
  23. That said, .unitypackage is technically a .tar.gz archive file. Thus, you can run a scan on the .unitypackage file and if it's clean, you can also try to open the file as an archive using software like 7z or WinRAR.
  24. In the event that an error occurs when opening it as an archive, it's most likely not an archive or could be corrupted (red flag!!).
  25.  
  26. Afterwards, if you want to be even sure that there's no malware, you can try opening the .unitypackage in Unity and scanning the contents after importing it into your Unity project (tho be careful with importing .dll files or C# scripts as it will be executed upon import if I'm not wrong).
  27.  
  28. ## Now, why do I upload .7z files instead of the original .zip or .rar files?:
  29.  
  30. I have written a Python script to auto re-zip from .zip or .rar to .7z as .7z usually compresses better with .PSD files, reducing the overall file size.
  31. This would in turn mean lesser bandwidth to download the file from your end and I wouldn't have to create more burner accounts for more free storage on MEGA.
  32.  
  33. ## Updates
  34.  
  35. 11/2024 Update: https://nvd.nist.gov/vuln/detail/CVE-2024-11612 CVE detected in .7z software, please update it to the latest or at least 24.07!!!
  36.  
  37. 12/2024 Update: .zip files have also been known to be detected as false positives the same way my .7z files were detected.
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!