Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

React-Three_drei.js flags as malware only on Avast Antivirus #2239

Open
JamesMasino opened this issue Nov 28, 2024 · 9 comments
Open

React-Three_drei.js flags as malware only on Avast Antivirus #2239

JamesMasino opened this issue Nov 28, 2024 · 9 comments
Labels
bug Something isn't working

Comments

@JamesMasino
Copy link

  • three version: 0.164.1
  • @react-three/fiber version: 8.16.8
  • @react-three/drei version: 9.107.0
  • node version: 20.12.2
  • npm (or yarn) version: 10.6.0

Problem description:

The dependency @react-three_drei.js is false flagged as a Trojan Horse virus by Avast, specifically a "JS:Prontexi-Z [Trj]" threat. I'm unsure what part of the library is being flagged.

Relevant code:

Part of the problem is that I can't track down which snippet of drei is flagging Avast's database. So I'm unable to provide relevant code.

Suggested solution:

If someone who would know how to identify what JS:Prontexi-Z is and find it within @react-three_drei, either it could be removed or updated to not be automatically flagged as a Trojan Horse virus.

Obviously this is only a problem with Avast, maybe a representative of Poimandres could reach out to Avast to get them to update their own database.

@JamesMasino JamesMasino added the bug Something isn't working label Nov 28, 2024
@JamesMasino
Copy link
Author

Screenshot 2024-11-28 165948

Here's a screenshot, this is an automatic backup being flagged (this is why the file name has a date in it)

@futuritech
Copy link

Confirmed here too , with "@react-three/drei": "^9.117.3".

@RafaMol
Copy link

RafaMol commented Dec 17, 2024

Hi. I also get the same ERROR. It is with the DREI and LEVA libraries in Three.js. Do you know if this library can harm my PC? Thanks

@mh0223
Copy link

mh0223 commented Dec 24, 2024

Same Here... Is it ok to continue using @react-three/drei ..?

@DennisSmolek
Copy link
Contributor

Looking through Avast's write up on it they give little to no details.

It looks like It's common to false flag libraries too which makes it hard to chase down.

Are you using and PDF software or you site?

Can you try any of the sandbox pages of this repo and see if they fire? If they don't, it's probably something else in your project getting dinged.

@futuritech
Copy link

futuritech commented Jan 2, 2025

in my case online Sandboxes work well

i think is only relative to the compiled version of drei
done at least by vitejs after npm run dev.
(in my case im on a vitejs context version ^5.4.11)

if i import drei in my App like

import { DreiModuleExample  } from '@react-three/drei'
export default function App() {
  return (
    <Canvas>
      <DreiModuleExample  />
      {/* remaining app code */}
    </Canvas>
  )
}

a file @react-threee_drei_DATE_.js is generated and
this is this file that avast block and move to quarantine (resulting in a 404 on browser experience)

@DennisSmolek
Copy link
Contributor

in my case online Sandboxes work well

can you provide a link to one?

@futuritech
Copy link

futuritech commented Jan 8, 2025

i meant that online drei codesandboxes work

the problem is instead with local developpemet on vitesjs/react fiber/drei combo,
at least on windows 11 environnement, after npm run dev

Pseudo-process to reproduce

  1. npm create vite@latest
  2. cd my-threejs-app
  3. npm install three @react-three/fiber @react-three/drei
  4. edit main.jsx
import React from "react";
import { Canvas } from "@react-three/fiber";
import { OrbitControls, Box } from "@react-three/drei";

function App() {
  return (
    <Canvas>
      {/* Camera Controls */}
      <OrbitControls />

      {/* Lights */}
      <ambientLight intensity={0.5} />
      <pointLight position={[10, 10, 10]} />

      {/* Objects */}
      <Box>
        <meshStandardMaterial attach="material" color="orange" />
      </Box>
    </Canvas>
  );
}

export default App;
  1. npm run dev
  2. o + enter (open in browser)

=> RESULT : AVAST BLOCK AND REMOVE \node_modules\.vite\deps\@react-three_drei.js (with a Prontexy-Z warning like below)
=> OR
you can restore \node_modules\.vite\deps\@react-three_drei.js from quarantine , zip it, and upload to virustotal.com to see that avast flag this file as malicious

@DennisSmolek
Copy link
Contributor

i meant that online drei codesandboxes work

the problem is instead with local developpemet on vitesjs/react fiber/drei combo, at least on windows 11 environnement, after npm run dev

So I’m unable to reproduce this at all on the same environment.

I believe you, I just can’t make it happen nor have any documentation or clue as to what is triggering it. They have no detailed explanation nor outline to what triggers it.

can you share that generated file? I’ll compare it against what my local and all the sandboxes build

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

5 participants