Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

React-Three_drei.js flags as malware only on Avast Antivirus #2239

Open
JamesMasino opened this issue Nov 28, 2024 · 7 comments
Open

React-Three_drei.js flags as malware only on Avast Antivirus #2239

JamesMasino opened this issue Nov 28, 2024 · 7 comments
Labels
bug Something isn't working

Comments

@JamesMasino
Copy link

  • three version: 0.164.1
  • @react-three/fiber version: 8.16.8
  • @react-three/drei version: 9.107.0
  • node version: 20.12.2
  • npm (or yarn) version: 10.6.0

Problem description:

The dependency @react-three_drei.js is false flagged as a Trojan Horse virus by Avast, specifically a "JS:Prontexi-Z [Trj]" threat. I'm unsure what part of the library is being flagged.

Relevant code:

Part of the problem is that I can't track down which snippet of drei is flagging Avast's database. So I'm unable to provide relevant code.

Suggested solution:

If someone who would know how to identify what JS:Prontexi-Z is and find it within @react-three_drei, either it could be removed or updated to not be automatically flagged as a Trojan Horse virus.

Obviously this is only a problem with Avast, maybe a representative of Poimandres could reach out to Avast to get them to update their own database.
@JamesMasino JamesMasino added the bug Something isn't working label Nov 28, 2024
@JamesMasino
Copy link
Author

Screenshot 2024-11-28 165948

Here's a screenshot, this is an automatic backup being flagged (this is why the file name has a date in it)

@futuritech
Copy link

Confirmed here too , with "@react-three/drei": "^9.117.3".

@RafaMol
Copy link

RafaMol commented Dec 17, 2024

Hi. I also get the same ERROR. It is with the DREI and LEVA libraries in Three.js. Do you know if this library can harm my PC? Thanks

@mh0223
Copy link

mh0223 commented Dec 24, 2024

Same Here... Is it ok to continue using @react-three/drei ..?

@DennisSmolek
Copy link
Contributor

Looking through Avast's write up on it they give little to no details.

It looks like It's common to false flag libraries too which makes it hard to chase down.

Are you using and PDF software or you site?

Can you try any of the sandbox pages of this repo and see if they fire? If they don't, it's probably something else in your project getting dinged.

@DennisSmolek DennisSmolek mentioned this issue Jan 2, 2025
Open
@futuritech
Copy link

futuritech commented Jan 2, 2025
edited
Loading

in my case online Sandboxes work well

i think is only relative to the compiled version of drei
done at least by vitejs after npm run dev.
(in my case im on a vitejs context version ^5.4.11)

if i import drei in my App like

import { DreiModuleExample  } from '@react-three/drei'
export default function App() {
  return (
    <Canvas>
      <DreiModuleExample  />
      {/* remaining app code */}
    </Canvas>
  )
}

a file @react-threee_drei_DATE_.js is generated and
this is this file that avast block and move to quarantine (resulting in a 404 on browser experience)

@DennisSmolek
Copy link
Contributor

in my case online Sandboxes work well

can you provide a link to one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@DennisSmolek @JamesMasino @mh0223 @RafaMol @futuritech