07/27/2015 12:01 AM 12,525,080 KoLmafia-16077.jar
C:\KoL\KoLMafia>certutil -hashfile KoLmafia-16077.jar MD5
MD5 hash of file KoLmafia-16077.jar:
e9 22 5d ba d8 01 34 8d 0c ce 71 1e 78 e4 21 07
CertUtil: -hashfile command completed successfully.
C:\KoL\KoLMafia>certutil -hashfile KoLmafia-16077.jar SHA1
SHA1 hash of file KoLmafia-16077.jar:
e7 26 10 5c 35 d3 be ba e3 49 c7 7d 17 ec 66 d2 f1 eb 15 2c
CertUtil: -hashfile command completed successfully.
At least if that happened I would have known it was a firewall problem. Unfortunately Avast didn't even complain about the jar. No scary message at all. I think I need to dump Avast; in many ways it just isn't as good as it was 5 years ago.
Here is a post from Avast telling how to report a false positive. It suggests that you run your file through VirusTotal. I did so; I uploaded SVNFileUtil.class and it ran it through 54 different virus checkers. Avast says "Java:CVE-2012-0507-DL [Expl]". The other 53 say "clean".I expect it's 16072, where that file was changed. Unless someone finds that the new version of SVNKit is malicious (unlikely), your report should actually go to Avast for a false positive.
and attached that .class file.This is a compiled Java .class file from SVNKit by tmate software.
We incorporate that program into our Java program. We recently upgraded the version of that package that we include and one of our users now says that avast reports:
URL: http://builds.kolmafia.us/KoLmafia-16073.jar|org\tmatesoft\svn\core\internal\wc\SVNFileUtil.class
Infection: Java:CVE-2012-0507-DL [Expl]
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
I have looked at SVNFileUtil.java and, unsurprisingly, there is no malicious code in it.
As you suggested, I ran the file through VirusTotal. It found 1/54 positives - Avast was the only one who thought there was an exploit in it.
I would appreciate it if you would examine this binary, figure out why you think it contains a Java exploit, and adjust your detection to not trigger on our program.
Thank you.