-
2026 staff recruitment is open! Check it out and consider applying!
Virus
- Thread starter lc01
- Start date
Joriku
Working in the mines, need something?
While using virustotal, it scans using x amount of known anti-virus sources: "by scanning files, URLs, domains, and IP addresses against a large number of antivirus engines and other security tools to detect maliciousness"
Just cause some programs showcases it as a "potential virus" doesn't mean it actually is a virus, their scanning methods are also not as strong as using an anti-virus program itself.
There's also false-positives in some scenarios, which means it's flagged as a potential malware, but not actually a confirmed malware and/or "i.e. harmless items detected as malicious by one or more scanners". This can come with an auto downloader for an otserver that is now marked as a known developer.
Using an HTTP download source will most likely flag it more often than an https source will do as well since ots developers are not confirmed developers in databases. "This program source is unknown", you most likely seen this on your windows machine running a program at some point.
Docs
Ai re-written response to my statement since it may be misunderstood and/or miss a few clear points in it
Source: ChatGPT
"
When you upload a file, URL, domain, or IP to VirusTotal, it checks it against a bunch of antivirus engines and security tools to see if it matches anything malicious. It’s a quick way to get an idea if something’s potentially dangerous.
But just because it gets flagged doesn’t mean it’s definitely a virus. Sometimes, antivirus tools make mistakes and flag stuff that’s actually harmless—that’s called a false positive. So even if something gets marked as malicious, it might not be.
For example, if you’re using a program to download files for an OT server, some security engines might flag it as suspicious, even though it’s completely safe. This happens a lot with newer or lesser-known programs since their developers might not have a reputation in the security world.
Also, files downloaded over HTTP (rather than the more secure HTTPS) tend to get flagged more often. HTTP’s less secure, so antivirus engines are extra cautious with files from that source. If the developer isn't well-known, the file's more likely to get flagged as suspicious.
Just remember, VirusTotal is useful, but it’s not foolproof. It’s a good idea to run anything suspicious through your own antivirus just to be safe."
Just cause some programs showcases it as a "potential virus" doesn't mean it actually is a virus, their scanning methods are also not as strong as using an anti-virus program itself.
There's also false-positives in some scenarios, which means it's flagged as a potential malware, but not actually a confirmed malware and/or "i.e. harmless items detected as malicious by one or more scanners". This can come with an auto downloader for an otserver that is now marked as a known developer.
Using an HTTP download source will most likely flag it more often than an https source will do as well since ots developers are not confirmed developers in databases. "This program source is unknown", you most likely seen this on your windows machine running a program at some point.
Docs
Ai re-written response to my statement since it may be misunderstood and/or miss a few clear points in it
Source: ChatGPT
"
When you upload a file, URL, domain, or IP to VirusTotal, it checks it against a bunch of antivirus engines and security tools to see if it matches anything malicious. It’s a quick way to get an idea if something’s potentially dangerous.
But just because it gets flagged doesn’t mean it’s definitely a virus. Sometimes, antivirus tools make mistakes and flag stuff that’s actually harmless—that’s called a false positive. So even if something gets marked as malicious, it might not be.
For example, if you’re using a program to download files for an OT server, some security engines might flag it as suspicious, even though it’s completely safe. This happens a lot with newer or lesser-known programs since their developers might not have a reputation in the security world.
Also, files downloaded over HTTP (rather than the more secure HTTPS) tend to get flagged more often. HTTP’s less secure, so antivirus engines are extra cautious with files from that source. If the developer isn't well-known, the file's more likely to get flagged as suspicious.
Just remember, VirusTotal is useful, but it’s not foolproof. It’s a good idea to run anything suspicious through your own antivirus just to be safe."