Bug 1225292 - games:tools/steam: Bug
Summary: games:tools/steam: Bug
Status: NEW
Alias: None
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software (show other bugs)
Version: unspecified
Hardware: x86-64 openSUSE Leap 15.5
: P5 - None : Critical (vote)
Target Milestone: ---
Assignee: Callum Farmer
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-26 07:17 UTC by Argenis Mangual Velazquez
Modified: 2024-05-27 20:23 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Virustotal scan of the Proton Experimental i386 windows folder (100.02 KB, image/png)
2024-05-27 19:38 UTC, Argenis Mangual Velazquez 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Argenis Mangual Velazquez 2024-05-26 07:17:35 UTC 
I'm not sure if I should put these here or to Steam themselves, as the Opensuse package requests addons from Steam's own servers, but when you download Proton experimental packages, there's variants of Babar, Fugrafa, and Fragtor malware found when scanning Steam's folders with anti-malware.
Comment 1 Dirk Stoecker 2024-05-27 11:47:38 UTC 
You report lacks a lot of information:
* Which software did you use for Virus scanning
* Which files have been reported
* Did you very the reports against false positives, e.g. with https://www.virustotal.com/

Typically I'd expect that it is a false positive.
Comment 2 Argenis Mangual Velazquez 2024-05-27 19:38:06 UTC 
Created attachment 875141 [details]
Virustotal scan of the Proton Experimental i386 windows folder

It's definitively not a false positive, but I'd guess this is Steam's fault not so much Opensuse, though it is a malware vector.
Comment 3 Argenis Mangual Velazquez 2024-05-27 19:40:15 UTC 
Hi, I scanned the entire Proton Experimental i388 Windows directory that seems to have the malware, and it's definitively not a false positive.

Though this is probably Steam's fault, and at least I cannot submit a ticket with them for this specific item for some reason.

At least it would be nice for OpenSuse/Suse to know about this, it's a massive problem for those migrating from windows as that is the Proton that plays the most amount of Windows games.
Comment 4 Dirk Stoecker 2024-05-27 20:23:01 UTC 
Still looks like a false positive to me. The reported results are all Generic or Heuristic. Happens to a least one of my own software as well for freshly compiled binaries as it includes a HTTP server component. But there is a slight chance it's real.

I'd suggest
a) In VirusTotal was something like "report as false positive" in two forms if I remember correct. Something like "I'm the author and sure it's a false positive" and "I suspect it may be wrong". I recommend to report it as false with the second category. They will check it then and either mark it as a virus/trojan with a real name or flag it as false.
b) Report it to Steam: https://github.com/ValveSoftware/Proton/issues - Again they will need more details: File names, file sizes, dates, ... The screenshot is not enough.