Telegram.Bot icon indicating copy to clipboard operation
Telegram.Bot copied to clipboard

Published 20 hours ago verified publisher icon TelegramBots

Telegram.Bot.dll PUA classification with ESET problem

Open bestByteCode opened this issue 1 year ago • 6 comments

Hi,

I recently encountered an issue where the Telegram.Bot.dll is being flagged as a Potential Unwanted Application (PUA) by ESET's security software. This flagging may affect the user experience and trust in the Telegram.Bot library.

You can see details here. https://www.virustotal.com/gui/file/e1238a1eb84e0b3f3ed3a7bcc01c90aeec44fa8f1790d02aa1b6cad5383c295e

Could you please look into this matter? It might involve reaching out to ESET for clarification or resolving any security concerns that led to this classification. Your attention to this issue would be greatly appreciated, as it could help ensure the library remains a trusted tool for developers.

bestByteCode avatar Feb 13 '24 01:02 bestByteCode

@bestByteCode Thanks for your report. I've sent an email to ESET.

tuscen avatar Feb 13 '24 07:02 tuscen

@tuscen Do you have any update on this? We're still blocked this.

bestByteCode avatar Feb 26 '24 17:02 bestByteCode

Still no answer from ESET, unfortunately. I guess public backlash on social media can push this further like it always does with large companies, but I don't have many followers on social media profiles

tuscen avatar Feb 26 '24 17:02 tuscen

Have the same problem with Bitdefender and Telegram.Bot.dll

fbhp avatar Apr 04 '24 06:04 fbhp

There's still not much progress, unfortunately. We're working with the Nuget team to find a solution

tuscen avatar Apr 04 '24 15:04 tuscen

Have the same promlem , using .net library for tg bots image

keksikq09 avatar Jun 05 '24 17:06 keksikq09

@tuscen Is there any progress from ESET or Nuget team side?

bairog avatar Jul 02 '24 14:07 bairog

@bairog No, the issue is still not resolved and we don't know when it will be resolved.

tuscen avatar Jul 02 '24 15:07 tuscen

@tuscen Do I understand correctly that nugets from alternative feed (https://nuget.voids.site/packages/Telegram.Bot) supports latest API but can be classified as malware by ESET/Bitdefender/etc?

bairog avatar Jul 02 '24 15:07 bairog

@bairog yes, correct. This feed is currently our main one. I'm trying to create a separate public azure feed for release packages to replace it

tuscen avatar Jul 02 '24 15:07 tuscen

I'm trying to create a separate public azure feed for release packages to replace it

But that will not solve the problem of antiviruses false positives. Ok, now I better understand the current situation, thank you.

bairog avatar Jul 02 '24 18:07 bairog

No need to keep this issue opened. We're still working on resolving this issue of course, you'll be all informed once PUA classification has been lifted.

See also pinned issue #1375

wiz0u avatar Jul 10 '24 12:07 wiz0u