MobileRead Forums - View Single Post

KevinH · 01-26-2020, 03:46 PM

Virustotal provides the sha256 sum of the binary it tested in that link report, There are 3 places to download calibre-portable from, but at least one of those alternate sites lists a completely different sha256 sum for that file (i could not find a sha256 checksum for the other two sites).

So perhaps the person who downloaded the file has an already compromised system or uses a download manager that is compromised which results in an infected download?

Not sure either way but if the original is clean (which I believe to be true given Kovid's test results posted) and the sha256 sum of what was tested in the next differs from the original then they are testing two different things.

01-26-2020, 03:46 PM	#17
KevinH Sigil Developer Posts: 8,893 Karma: 6120478 Join Date: Nov 2009 Device: many	Virustotal provides the sha256 sum of the binary it tested in that link report, There are 3 places to download calibre-portable from, but at least one of those alternate sites lists a completely different sha256 sum for that file (i could not find a sha256 checksum for the other two sites). So perhaps the person who downloaded the file has an already compromised system or uses a download manager that is compromised which results in an infected download? Not sure either way but if the original is clean (which I believe to be true given Kovid's test results posted) and the sha256 sum of what was tested in the next differs from the original then they are testing two different things.