VirusTotal - FALSE POSITIVE - Sangfor Engine Zero

MrSam_1

MrSam_1

Well-known member
Staff member
Administrator
Dec 1, 2018
17,930
24,307
120
babiato.tech
Right Folks,

I'm getting fed up with dealing with this...

VirusTotal recently added a new detection engine called Sangfor Engine Zero which is some Chinese company that for some reason detects a "virus/malware" in about 90% of stuff.

THESE ARE ALWAYS FALSE POSITIVES.

For example look at this...here is my genuine Elementor Pro downloaded directly from the Elementor site....

Capture.JPG

Capture2.JPG

Another example, go to GitHub and download the Lottie Web Source Code Zip file (which is from AirBnB for fricks sake) and check that VT too and you will see the same thing (thanks to @Mscv50 for that one).

github.com

Release v5.6.8 · airbnb/lottie-web

mersion 5.6.8
github.com github.com

So stop freaking out people and claiming that any nulled stuff from @Tomz @TassieNZ @CyberDeviL @NullMaster has viruses as this simply is not the case!!!!
 
  • Like
  • Love
Reactions: Judge, ahmedkta, abahnull and 15 others
Mscv50

Mscv50

! 𝖎'𝖒 𝖜𝖆𝖙𝖈𝖍𝖎𝖓𝖌 𝖞𝖔𝖚 !
Babiato Lover
GiveAway Master
Trusted Uploader
Jan 10, 2020
3,713
18,802
113
🦇The Dark Night🦇
medw1311 said:
Right Folks,

I'm getting fed up with dealing with this...

VirusTotal recently added a new detection engine called Sangfor Engine Zero which is some Chinese company that for some reason detects a "virus/malware" in about 90% of stuff.

THESE ARE ALWAYS FALSE POSITIVES.

For example look at this...here is my genuine Elementor Pro downloaded directly from the Elementor site....

Capture.JPG

Capture2.JPG

Another example, go to GitHub and download the Lottie Web Source Code Zip file (which is from AirBnB for fricks sake) and check that VT too and you will see the same thing (thanks to @Mscv50 for that one).

github.com

Release v5.6.8 · airbnb/lottie-web

mersion 5.6.8
github.com github.com

So stop freaking out people and claiming that any nulled stuff from @Tomz @TassieNZ @CyberDeviL @NullMaster has viruses as this simply is not the case!!!!
Click to expand...

You will find the same source code "lottie" from github in Elementor Pro :
\wp-content\plugins\elementor-pro\assets\lib\lottie\lottie.js
 
h1seera

h1seera

Active member
Jan 11, 2020
122
39
28
I almost rejected a code from developer due to this. My developer send me code in rar file and when I scanned it with virustotal it gave the same error. The developer told me he is using icons from github and the rest he developed from scratch. Certainly wasted my 3-4 hours
 
  • Haha
Reactions: tanierlyons and TassieNZ
MrSam_1

MrSam_1

Well-known member
Staff member
Administrator
Dec 1, 2018
17,930
24,307
120
babiato.tech
h1seera said:
I almost rejected a code from developer due to this. My developer send me code in rar file and when I scanned it with virustotal it gave the same error. The developer told me he is using icons from github and the rest he developed from scratch. Certainly wasted my 3-4 hours
Click to expand...
Believe me, it's driving us crazy here on the forum. 90% of scans come back positive! :)
 
  • Like
Reactions: MrSam_1, Auwal and katalk
M

Minochoppa

New member
Feb 26, 2020
1
0
1
I am getting this in all files, i test some old files downloaded from here as well. This is Divi theme, i tested both old and new. I am not able to find the file in which they are detecting this. can someone check?

1607674874101.png
 
V

vsv

New member
Nov 10, 2020
26
9
3
wow I am glad I cam across this thread, literally just uploaded first file to vt and there it was in black and white - one engine detected this file - Sangfor Engine Zero. I will ingore it from now on I think.

Should be stickied to every board in cases someone misses this
 
  • Like
Reactions: tanierlyons
Foxester

Foxester

Member
Aug 10, 2020
57
43
18
sometimes js even XML file consider as virus or malware it just a false postive

Edit: just saw the official website https://www.sangfor.com/innovations/engine-zero.html they claim it was AI engine with machine learning so it basically learning things on Virustotal do how to detect the virus

if you guys don't know about virustotal is an online classroom for antivirus so they can use the data to find virus more effieclty and improve their product
 
Last edited:
  • Like
Reactions: tanierlyons
M

mppgreat

New member
Sep 18, 2019
6
1
3
May be it's using Signature based detection so it's giving false positive. Here in our forum Null Masters edit code to activate the licence/plugin.

No need to worry. This is a trusted community.
 
  • Like
Reactions: AlexRazor
yaohan89

yaohan89

New member
Sep 7, 2018
3
1
3
Medw1311 said:
Right Folks,

I'm getting fed up with dealing with this...

VirusTotal recently added a new detection engine called Sangfor Engine Zero which is some Chinese company that for some reason detects a "virus/malware" in about 90% of stuff.

THESE ARE ALWAYS FALSE POSITIVES.

For example look at this...here is my genuine Elementor Pro downloaded directly from the Elementor site....

Capture.JPG

Capture2.JPG

Another example, go to GitHub and download the Lottie Web Source Code Zip file (which is from AirBnB for fricks sake) and check that VT too and you will see the same thing (thanks to @Mscv50 for that one).

github.com

Release v5.6.8 · airbnb/lottie-web

mersion 5.6.8
github.com github.com

So stop freaking out people and claiming that any nulled stuff from @Tomz @TassieNZ @CyberDeviL @NullMaster has viruses as this simply is not the case!!!!
Click to expand...
Thanks for the info.
 
You must log in or register to reply here.

Latest posts

Forum statistics

Threads
66,795
Messages
892,834
Members
217,027
Latest member
GT5434

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom