Bug 1225292

Summary: games:tools/steam: Bug
Product: [openSUSE] openSUSE.org Reporter: Argenis Mangual Velazquez <argenis>
Component: 3rd party softwareAssignee: Callum Farmer <gmbr3>
Status: NEW --- QA Contact: E-mail List <screening-team-bugs>
Severity: Critical    
Priority: P5 - None CC: opensuse
Version: unspecified   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE Leap 15.5   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Virustotal scan of the Proton Experimental i386 windows folder

Description Argenis Mangual Velazquez 2024-05-26 07:17:35 UTC 
I'm not sure if I should put these here or to Steam themselves, as the Opensuse package requests addons from Steam's own servers, but when you download Proton experimental packages, there's variants of Babar, Fugrafa, and Fragtor malware found when scanning Steam's folders with anti-malware.
Comment 1 Dirk Stoecker 2024-05-27 11:47:38 UTC 
You report lacks a lot of information:
* Which software did you use for Virus scanning
* Which files have been reported
* Did you very the reports against false positives, e.g. with https://www.virustotal.com/

Typically I'd expect that it is a false positive.
Comment 2 Argenis Mangual Velazquez 2024-05-27 19:38:06 UTC 
Created attachment 875141 [details]
Virustotal scan of the Proton Experimental i386 windows folder

It's definitively not a false positive, but I'd guess this is Steam's fault not so much Opensuse, though it is a malware vector.
Comment 3 Argenis Mangual Velazquez 2024-05-27 19:40:15 UTC 
Hi, I scanned the entire Proton Experimental i388 Windows directory that seems to have the malware, and it's definitively not a false positive.

Though this is probably Steam's fault, and at least I cannot submit a ticket with them for this specific item for some reason.

At least it would be nice for OpenSuse/Suse to know about this, it's a massive problem for those migrating from windows as that is the Proton that plays the most amount of Windows games.
Comment 4 Dirk Stoecker 2024-05-27 20:23:01 UTC 
Still looks like a false positive to me. The reported results are all Generic or Heuristic. Happens to a least one of my own software as well for freshly compiled binaries as it includes a HTTP server component. But there is a slight chance it's real.

I'd suggest
a) In VirusTotal was something like "report as false positive" in two forms if I remember correct. Something like "I'm the author and sure it's a false positive" and "I suspect it may be wrong". I recommend to report it as false with the second category. They will check it then and either mark it as a virus/trojan with a real name or flag it as false.
b) Report it to Steam: https://github.com/ValveSoftware/Proton/issues - Again they will need more details: File names, file sizes, dates, ... The screenshot is not enough.