Multiple .debug files in Windows release flagged as malware
GIMP version: 2.10.20 r1
Operating System: Windows
Package: Installer from gimp.org
Description of the bug/feature
Multiple files within the Windows installer from gimp.org are flagged by VirusTotal related malware scanners as malicious. Understandably, these are (likely) false positives, however the problem remains. Some threat prevention systems use VirusTotal for indicators of malicious files (Carbonblack Protection, etc.). The files that are flagged that I have run into appear to just be the .debug PE's for things like plugins (web-browser.exe.debug, for example, not normal EXE's or DLL's:
This appears to have been discussed in the r/gimp subreddit as well:
https://www.reddit.com/r/GIMP/comments/gf7omm/windows_security_detects_threats_in_the_gimp/
I'm thinking, perhaps a non-debug build could be made available for normal use cases, then a debug build for situations where an individual or developer may need to provide more detailed crash reports? The issue with false positives still needs to be addressed with the various AV vendors, but since this has been going on for a while I'm not sure that is going to be resolved anytime soon.
I don't have a full list of .debug files considered "malicious" at the moment.
Reproduction
Is the bug reproducible? Always (with .debug files that have known "malicious" hashes)
Reproduction steps:
- Download and install GIMP for Windows installer from gimp.org on a machine that uses a threat prevention system that uses VirusTotal (such as Carbonblack Protection).
- Enjoy the "File Security Alert" emails.