• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Content Credentials

Explorer ,
Jan 05, 2022 Jan 05, 2022

Copy link to clipboard

Copied

There have been several instances in the last few exports where when adding content credentials upon export, and then subsequently uploading it, the various systems are recognizing it as a virus. After using virustotal to find the issue, it detects Img.Packed.PngContainsDownloadCmd-6786216-0

 

The metadata that is included in the PNG is as follows:

Produced By

3 social media accounts

1 ethereum wallet address

Any ideas as to why this is being recognized like this?

Included is the same file. With and without content credentials.

 

Screenshot 2022-01-05 185451.png

 

R Ninja
TOPICS
Windows

Views

598

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe
Community Expert ,
Jan 05, 2022 Jan 05, 2022

Copy link to clipboard

Copied

Not sure what's going on here. My only guess (and it's a real shot in the dark) is that the system you're uploading to is looking at the image with content credentials metadata as something suspicious, so it just stops it. I'm not an expert on the matter, though. Have you talked to anyone on the receiving end?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 05, 2022 Jan 05, 2022

Copy link to clipboard

Copied

Me either but it was uploading to a webserver. Then I tried it several places with same rejection. Finally went to virustotal to see if I could find out why. Still confused.

R Ninja

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 05, 2022 Jan 05, 2022

Copy link to clipboard

Copied

I would try talking to any support for those webservers to see what might be going on. (Maybe somebody here can chime in, too.) I'm almost certain it's a security issue they didn't account for.

 

Content Credentials is also still in beta; you might have just exploited a bug somehow.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 08, 2022 Jan 08, 2022

Copy link to clipboard

Copied

I actually did and they sent me the login report of the same thing above being uploaded. It was me trying to upload a photo with content credentials enabled. I did a test on another picture and now I'm even more confused. Kaspersky throws no errors at at, while VirusTotal throws the same malware as before Img.Packed.PngContainsDownloadCmd-6786216-0. The only thing I can think of is that my ethereum wallet is attached to content credentials. I don't know why that would make a difference considering cc was in a part created and implemented with several NFT marketplaces to show ownership. 

 

R Ninja

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 08, 2022 Jan 08, 2022

Copy link to clipboard

Copied

I will note that it is only on PNG that it throws this malware and only with ClamAV. Ive replicated the same photo as a JPG and with CC embeded with not issues. I have also ran multiple scans online and only those useing ClavAV as a validator had the same red flag. When I go to https://verify.contentauthenticity.org/ to verify credentials, it has no issue identifying the credentials with out issue of any malware detected.

R Ninja

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 08, 2022 Jan 08, 2022

Copy link to clipboard

Copied

Ahh, OK, so otherwise, it's fine? I was under the impression that the server wouldn't let you upload the image itself. So it's just a particular antivirus that's telling you there's malware? I wouldn't worry too much about it, if that's the case.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 08, 2022 Jan 08, 2022

Copy link to clipboard

Copied

LATEST

You're impression was right. My webserver wouldn't let me upload it to cpanel. Said it was corrupted with malware. After investigating and it seems that its this one antivirus that some servers used that recognizes it this way. Repeating the same content credentials on a JPG however doesnt throw any flags. So strange. As for now it make it look like the PNG I am uploading is trying to download something. Like its infected with a trojan. I've reach out to the antivirus support Clam, and submitted a bug report on github. 

R Ninja

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines