Hi
Looking at sponsors page, I was curious about fosshub (didn’t know it)
And going to fosshub Krita’s page, there’s 1/15 in antivirus column…
And in detail:
Avast! is considering the provided binaries are infected:
Is the problem is known?
I think it’s related to windows installer?
Is it something that can be fixed? (I mean, having one antivirus telling that Krita’s installer is infected, even if it’s not the case, it could be worrying)
Grum999
Avast claims/believes there’s a ‘decompression bomb’ (zip bomb) inside the installer. If there was a zip bomb in there then that would affect the installation process.
I assume that Avast has made a mistake. It is bad for reputation though and could put some very cautious people off from downloading it.
No detections on VirusTotal, but many warnings. And they won’t remove those warnings, I know that from experience, have been registered there for a long time. Sh…
The only good thing there is, that they are more precise, not only “Detected”.
VirusTotal log for krita-x86-4.4.3-setup.exe
Michelist
If you test the portable version of Krita, you should have less warnings I think…
Grum999
An interesting question would be: What results are there with the installer .exe files for GIMP, Inkscape, Blender, etc?
Maybe it will be good to report it as false positive to avast here - False Positive File Form . I don’t know if they listen to feedback.
gimp: nothing
blender: avast! detect a bomb decompression on macOs version only.
(from fosshub site)
Grum999
It sounds like avast is over-paranoid. The zip bomb is a very old vandalism technique (not a virus) and any modern ‘security scan’ application would detect them.
I’ve reported the false positive using the link provided and I gave the website link for the 4.4.3 Windows setup .exe which is now superceded by 4.4.5.
I wonder, what does avast say about the 4.4.5 setup .exe?
I wonder how many times we would have to report the false positive.
I got a speedy response:
"Hello,
Thank you for contacting Avast.
The provided file doesn’t seem to be detected by Avast. Could you please send us a screenshot of the detection message you’re getting? Creating a screenshot | Avast
Prokop
The Avast Support Team"
Then I gave a speedy reply:
"Hello Prokop,
I reported this on behalf of the Krita community at krita-artists.org.
Here is the link to the topic which discusses it, this topic contains screenshots:
fosshub and antivirus: krita infected?
It seems that Avast is the only anti-virus application that finds a problem with the file and the problem is detected as a compression bomb.
The screenshots are actually third party reports.
Thank you for your time in looking into this.
Regards
Ahab Greybeard"
From fosshub FAQ
FossHub uses Jotti’s malware scan service. We scan each file we upload automatically, and we also show the file signatures. If you notice a specific file reported as infected, please make sure that we are not talking about a false positive.
We encourage you to upload any suspicious file to:
VirusTotal (https://www.virustotal.com)
Jotti’s malware scan (https://virusscan.jotti.org).
So going to jotti.org
avast still continue to think Krita (4.4.5) installer is infected.
But there’s no real information abut antivirus version used (only Jun 11, 2021 that I suppose is date about database signatures version)
Grum999
Wow, some must have reacted very quickly, both here on KA, as well as on Krita.org and have on Krita download, KDE/Jenkins files exchanged and / or locked.
For this my applause! Guys you are great!
You / he / she / it, well, whoever was so fast to swap the files on the above sources that I, believing the download button label ( it claims: “i.e. Download Krita 4.4.5
Released on 09 June 2021” ) on Krita-Download, downloaded the krita-x86-4.4.3-setup.exe without checking it to upload it to VirusTotal, convinced that I would check the krita-x86-4.4.5-setup.exe in question again … I am speechless XD
Until a few minutes ago I still believed I had uploaded the 4.4.5 to VirusTotal for verification! Crazy!
This community gives me the greatest joy of life! I am deeply grateful to all of you and bow to so much effort!
Michelist … who still laughs at himself…
The “bomb decompression” is probably related to bundles. A bundle is a zip file, if you have a portable Krita, then it’s a .zip file, and inside it there are bundles which are also zip files, and voila, you have “decompression bomb”. .kra files are zip files too, and they are packaged with Krita (templates), the same goes for palettes. The “Open Document” standard is that this is a .zip file with stuff inside… So every program that uses Open Document standard and packages some resources/templates in that standard with the program, is “decompression bomb”, ehh…
Not only that… If it were a human, I’d say it’s a narcissist as well. It seems to “think” it’s the most important thing in the whole universe - and has to remind everyone all the time of this “fact”.
A while ago, don’t know exactly when that happened, Avast started acting extremely agressive. With each and every install or update of any program, it intervened, prevented the install process and threw a warning message along the lines of “… potential danger … will be examined … yada…yada…” Some moments later it said “all OK” - and I had to do the install again 
These days I always make a manual scan (which curiously comes up clean…), then deactivate Avast before the install. Whenever possible, I use portable versions.
After some investigation, the Avast people got back to me:
"Thank you for your reply and sorry for the delayed response.
It seems that the Jotti.org scanner is using an older version of the Avast scanner (most likely VPS version 5, which is discontinued since early 2020).
If you scan the file with the latest version of Avast, there is no detection. In fact, the file’s digital signature is whitelisted, so no detection will be shown when you run this file on a system with Avast.
I recommend using a different online malware scanner such as VirusTotal.com to get more relevant results.
If you have any further questions, don’t hesitate to contact me again."
I think that was predictable 
It’s nice of them to whitelist Krita’s signature 
It would be even nicer if Jotti would update their scanners!
Michelist
That’s sure!
Using an outdated antivirus is practically like using no antivirus, and if it returns false positive… 
Anyway that’s a good news to see avast giving an answer and inform that last version include the binaries in whitelist
Grum999
