Meshroom icon indicating copy to clipboard operation
Meshroom copied to clipboard
verified publisher icon alicevision

[bug] Virus Gen:variant.midie.172507 Infection

Open TheJessieKirk opened this issue 2 months ago • 4 comments

Describe the bug Bitdefender detects virus Gen:variant.midie.172507 in file bin/tbb12.dll when Meshroom is downloaded from Zenodo link on Github: https://zenodo.org/records/16887472/files/Meshroom-2025.1.0-Windows.zip

To Reproduce Steps to reproduce the behavior:

  1. Go to https://github.com/alicevision/Meshroom/releases
  2. Click on Download Meshroom-2025.1.0 for Windows
  3. Wait for Bitdefender to scan
  4. Receive notification from Bitdefender, which then quarantines the file.

Expected behavior We expect distributed software to be clean.

Desktop:

  • OS: Windows 10
  • Meshroom version: please specify if you are using a release version or your own build
    • Binary version 2025.1.0
    • Commit reference 024b6f3

TheJessieKirk avatar Oct 17 '25 13:10 TheJessieKirk

The dll mentioned is from this project: https://github.com/uxlfoundation/oneTBB/ (developers are from Intel: https://github.com/uxlfoundation/oneTBB/blob/47d2b2c88baccfd8307e45f4726eafc729312866/MAINTAINERS.md?plain=1#L115) Meshroom builds directly pull the code from the project: https://github.com/alicevision/AliceVision/blob/48c8f8f00e50b360e13c3d7e2eed97c4131b1aec/src/cmake/Dependencies.cmake#L282 I checked the dll to the pre-release, it´s the same file. Virustotal reports "11/72 security vendors flagged this file as malicious"

The source for it being flagged seems to be: "PE claims to be from renown IT company but is not digitally signed" "Version info field "CompanyName" with value "Intel Corporation" contains the company name "intel"Version info field "LegalCopyright" with value "Copyright 2005-2024 Intel Corporation. All Rights Reserved. (->metadefender.com)

This looks like a false positive. If the dll is built from source during the Meshroom build process it is not signed.

natowi avatar Oct 18 '25 10:10 natowi

Hi,

The dll is indeed built from source (on Windows, we are building it with vcpkg's tbb port) and packaged as is in the release.

cbentejac avatar Oct 21 '25 15:10 cbentejac

HI, We found the same warning Gen:variant.midie.172507 in alicevision/... tbb12.dll with BITDEFENDER. Is it a false positive or is there a new release?

lapurdrupal avatar Oct 24 '25 09:10 lapurdrupal

@lapurdrupal as stated above, the warning is most likely thrown, because the dll is supposed to be signed by intel, which we cannot do since we build it from source code.

natowi avatar Oct 24 '25 14:10 natowi