VirusTotal reports that "exiftool-11.41" has the ad spyware called "HW32.Packed".
"HW32.Packed.86D1 modifies system files, add's new folders, creates Windows tasks and shows advertisements on your computer and browser."
Please clarify if it has this.
Thank you for your help.
I got a clean result. (https://www.virustotal.com/gui/url/cec60fa7f0d837e13829adefaad4949f6214afa3cfd14e5959333a812c4cb59d/detection)
BTW, The VIrusTotal web site runs ExifTool to extract metadata from the files it analyzes. ;)
Apparently, we have different results.
This is the VirusTotal report I received
https://www.virustotal.com/#/file/24eb2ece32535759959cc1b9ac452f89a49e9e28355b8d9a5f875ac6de903213/detection (https://www.virustotal.com/#/file/24eb2ece32535759959cc1b9ac452f89a49e9e28355b8d9a5f875ac6de903213/detection)
I downloaded "exiftool-11.41.zip" from
https://exiftool.org/ (https://exiftool.org/)
https://exiftool.org/exiftool-11.41.zip (https://exiftool.org/exiftool-11.41.zip)
Unclear why we differ.
The difference is between uploading the file and passing the url of the zip file. The uploaded zip file appears to run different set of tests.
That said, one checker out of 65 flags it, 1.5% of the total number checkers. I would consider that a false positive.
We have definitely seen false positives before. Virus checkers don't tend to like exiftool.exe because it unpacks an executable into a temporary directory and runs from there.
- Phil
Phil - Thank you for the clarification.
Perhaps, on the ExifTool FAQ, you might want to mention that you have no ad code like OpenCandy, "HW32.Packed", or any other nasty "got you". I am amazed how often nowadays legitimate developers add such stuff to their code so I usually ask them when VirusTotal flags something.
Thank you for developing this useful tool.