I tried scanning my Firefox Portable along with other files with an up-to-date Clamwin:
K:\FirefoxPortable124\App\Firefox64\notificationserver.dll: Win.Virus.Zard-10023240-0 FOUND
That's not what I hoped to hear. I checked the PA site's info on virus reporting:
https://portableapps.com/support#false_positive
This page gave three links to explore for each app, which ultimately led to:
https://metadefender.opswat.com/results/file/bzI0MDMyMzZYZjJCQmdva0F5R3J...
https://www.virustotal.com/gui/file/0d8ce555891acdd44b730abb2f1b10c5601c...
This says a virus was undetected in Virus Total for the overall app. The next one showed how it did not detect a problem, even with Clamwin as one of the virus scanners it said to use:
https://www.virustotal.com/gui/file/756817dda53a5ce8160959989099225f5a7e...
I also found this in previous notificationserver.dll files from previous portable FF versions but Clamwin is the only one to find the virus. So what does this mean? Is Clamwin right? I tested to see if FF could function without the notificationserver.dll and it does, so that is a quick fix, if in fact this is a problem. I wonder what thoughts are on this.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
As explained in the first link to our Support page, this is a false positive. If your antivirus, whichever one it is, shows a file as bad and every other antivirus shows it as fine, your antivirus has a false positive issue with it. It's always worked this way. ClamAV has false positives just like everything else. A bit more frequently on Windows than the top Windows antivirus engines. I notice one about every other month.
When your antivirus finds something bad, upload that specific file to VirusTotal. It'll be your better answer on if it is actually bad. There will be differences between your antivirus installed locally and the copy on VirusTotal, and MetaDefender as they could have different updates of virus definitions or different settings.
notificationserver.dll from the US English build of Firefox Portable matches the installed version, both with an SHA256 of e6bfabb6fd847cdaf802b8ce712fa8fdc1c506f414d334b8cf011bf0b67b2772. It shows as clean in the current ClamWin Portable with the latest virus definitions of 04:26 23 Mar 2024. You can check Help About to see your current versions. Make sure you're using the current ClamWin Portable 0.103.2.1 Rev 0.103.11r1 so you have the latest Win32 engine. You can hover over it in the PortableApps.com Platform to see the version. Or, if you're running it solo, open up ClamWinPortable\App\AppInfo\appinfo.ini and look at the version listed in there.
Sometimes, the impossible can become possible, if you're awesome!
I wrote in the evening after that scan (due to a computer finding a web ad that did a lot of weird stuff) so after today's ClamWin update I feel a lot better. Perhaps it is human nature to see one thing go wrong (virus report or otherwise) and then presume that's the thing to focus on. Thanks for responding (and for all the work to get the apps to us in general!)