nuBuilder Forum

Hi there!
Its just seemingly so weird that sourceforge kina discourages folks from downloading the fresh version of nubilder tool.
Why is that the case, especially given that it consists of genleman html/css/js/php set, has a long good development histoty ..?
I personally trust nb much, but i thought the very sign on a download button there deserves your attention.
Thanks much for your efforts guys and timely help

Thank you very much for bringing this to our attention.
nuBuilder also uses some third-party software, which may trigger malware warnings. For now, I've set version 4.6 as the default download, as it doesn't generate any such warnings.
I've submitted a support ticket to SourceForge to request the removal of this false positive malware detection.


The support ticket contains this text:

Out of 55 antivirus engines scanned on VirusTotal.com, only one flagged the file—none of the major vendors raised any concerns. This strongly suggests a false positive.

The detection is likely the result of heuristic or pattern-matching algorithms, which can occasionally misidentify compressed files or code patterns commonly used in web applications.

No malicious behavior has been observed during the execution or analysis of the nuBuilder files. Furthermore, nuBuilder has no history of malware-related issues, with a longstanding track record of safe use. This appears to be the first such report after years of clean operation.

Further analysis suggests that this "malware" is likely caused by TinyFileManager and not by the nuBuilder Core files. However, the exact reason remains unclear, and I have already opened an issue on the GitHub repository. There have also been similar issues reported there in the past.

TinyFileManager is open-source, and its source code is relatively straightforward, which supports the conclusion that this is a false positive.

Good news — SourceForge has removed the malware warning.
I'm still working on getting more information about why the warning was issued in the first place.

I’ve isolated the detection to a single attribute in tinyfilemanager.php:

data-option="fullscreen"

Changing it to, for example,

data-option="fs"

completely prevents ESET-NOD32 from flagging the file. This strongly suggests that their heuristic is literally matching the keyword “fullscreen” (a term commonly abused by malicious scripts) rather than evaluating its context.

I’ve submitted a false-positive report to ESET (per KB141).

Response from the ESET Malware Response Team:

Thank you for your submission.
It is a false positive of our scanner and this issue will be fixed in the next update of detection engine.