I tried posting this on Reddit but the mods have to approve it and haven’t yet. I’ll warn you guys.

I just downloaded the HumbleBundle Programming MEGA Bundle 2024 by Packt via torrent and stored it in my NAS. That system ran a virus check and found the file pragmaticmicroserviceswithcandazure.zip had a virus Win.Packed.Pwsx-10034067-0 in it. Is this common on HumbleBundle? I would expect something like this on a cybersecurity bundle for studying viruses but not on one about microservices. This zip file is for the book Pragmatic Microservices with C# and Azure.

  • Sparking@lemm.ee
    link
    fedilink
    English
    arrow-up
    19
    ·
    5 days ago

    There is a chance that it is setting off a false positive some kind of heuristic. But it is definitely worth looking into more. Is it setting off windows defender?

    • Eezyville@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      5 days ago

      It’s not in Windows. The bundle was bought on their website and I used the torrent option to get the files through downloading them to my Linux server acting as a NAS. That server runs regular virus scans before I let it interact with any other system.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    5 days ago

    You said you are running linux so you are pretty safe from a windows virus. Judging by the book and the alert it likely saw some PowerShell code and got a bit concerned about PowerShell inside a pdf inside a zip, a known way to deliver malware.

    I would do 2 things.

    Contact humble support, it may have been reported and they can reassure you of the validity of the file. Secondly, Submit the file to virus total and see if anything else sees it as a known malware sample.

    • Eezyville@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 days ago

      Hey thanks for the reply. I just discovered this virustotal website and submitted the file there. Here is the results from their scan. It looks like only ClamAV found the virus so it may be a false positive. I just got worried because I often buy books from HumbleBundle and this is the second time ClamAV quarantined a file from them.

      • Ptsf@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 days ago

        Might be worth tracking down one of the researchers submitting to the clamav software repos and forwarding them a copy of the flagged zip. If they don’t dig in and find malware, they could at least improve the detection algo

      • givesomefucks@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        16
        ·
        edit-2
        5 days ago

        I downloaded the torrents directly from their website

        You most definitely did not…

        You may have downloaded the tracker from the website, which is something entirely different and open to things being injected.

        • CrayonRosary@lemmy.world
          link
          fedilink
          English
          arrow-up
          19
          arrow-down
          1
          ·
          edit-2
          5 days ago

          You’re being pedantic. The file extension is .torrent. Lay people call those torrents.

          You, yourself just used “tracker” wrong. The tracker is the server hosting the torrent peer list, etc. Not the .torrent file.

          And then your followup comment is just you calling the original commenter ignorant. You’re not helping at all.

          Torrent files contain hashes that verify the contents of the associated files. They are not easy to fake by injecting malware. That would require finding a hash collision so your malware files (plus some padding) hash to the same value found in the legitimate torrent file. That not some easy task to do.

          Downloading a torrent file from a legitimate site—and its associated data—is as secure as downloading any file from that same site.

          • givesomefucks@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            8
            ·
            5 days ago

            The tracker is the server hosting the torrent peer list, etc. Not the .torrent file.

            Yes.

            Which is what OP actually downloaded from Humble…

            This ain’t difficult, but I’m not explaining it anymore when you’re running around calling me an ass.

            • CrayonRosary@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              edit-2
              5 days ago

              It’s true, though. This was you being an ass:

              No, I’m reading what you write and gathering that you have zero idea how torrents work or even what they are…

              What an asshole thing to say. And “running around”… Funny. It was one comment.

              Which is what OP actually downloaded from Humble…

              You said they downloaded the “tracker”. Wrong!

              I’m starting to gather that you have zero idea how torrents work or even what they are…

        • Eezyville@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          3
          ·
          5 days ago

          I re-downloaded the zip file in question but this time directly. Scanned it again and it came back OK. So you’re telling me that HumbleBundle will let these torrents potentially have viruses? I thought the files came from some resources HumbleBundle controlled.

          • givesomefucks@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            16
            ·
            5 days ago

            No, I’m reading what you write and gathering that you have zero idea how torrents work or even what they are…

  • recursive_recursion they/them@lemmy.ca
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 days ago

    Could you provide some screenshots?

    This is a bit hard to believe without seeing what you’re seeing as I’ve personally never seen Humblebundle provide torrent links(maybe things have changed recently?)

  • IronKrill@lemmy.ca
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    5 days ago

    Not normal, but I have seen 100x more false positives than real detections over the years. Proceed with caution, but as long as it isn’t an EXE you’re running and/or the author seems trustworthy, I wouldn’t worry much.

    • Eezyville@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      5 days ago

      The virus detection program was ClamAV on my linux box. It does regular scans after I finish torrents.