DBngin icon indicating copy to clipboard operation
DBngin copied to clipboard
verified publisher icon TablePlus

Possible Malware Detected in postgresql_17.0.zip Included in DBngin for macOS

Open RiatRayendra opened this issue 1 month ago • 2 comments

Hi DBngin Team, I’d like to report a potential security issue. After installing DBngin on macOS, my antivirus flagged the following file as malware: file_name = /Applications/DBngin.app/Contents/Resources/postgresql_17.0.zip file_hash=d064dde73caf7d1b923261e9f36cc181 To verify, I scanned the file on VirusTotal and it shows multiple detections: (Reference) https://www.virustotal.com/gui/file/e6e70461bb856db24ed3bbe8cd89606a0353e0d9c33f8550ae7e9318067b9b7b/detection Could you please review this and confirm whether the file is safe or if there’s a false positive? Let me know if you need the full file hash or any additional details. Thank you!

RiatRayendra avatar Nov 28 '25 11:11 RiatRayendra

Hi @RiatRayendra, thank you for letting me know. However, I'm quite sure it's a false alarm. We build it on an isolated MacBook Pro, sign it, and then send it to Apple for notarization. I don't see how it could be malware.

huyphams avatar Nov 28 '25 16:11 huyphams

Hi @huyphams Thank you for the explanation regarding your build and notarization process. While we understand this is likely a false positive, could you please reach out to the vendors listed on VirusTotal to report this and have the detection cleared? We prefer to remain risk-averse and have decided to postpone using DBngin until the file is explicitly reported as clean on VirusTotal.

RiatRayendra avatar Nov 29 '25 15:11 RiatRayendra