Virus warnings: ZIP file, not just a screen!


you claimed in several of the discussions about virus warnings when downloading PDF Creator that what is being blocked by virus scanner is just only a screen which means to offer us some software that we may feel free to decline. However, it’s not just that. The link my virus scanner blocked when I downloaded PDF Creator is, according to the protocol:

As you can see, this is not a html page which would be expected in a popup screen but a zip file. A virus scanner is supposed to block zip files from unknown sources because their likelihood to carry a virus is quite large.

And then, when so many people find that their respective virus scanner detects a virus in the page of your commercial partner you can be pretty sure that there IS a virus! You’d do well by not just discarding these warnings as “false”. You’ll be in some very serious trouble if someone actually gets infected with a virus because of what your commercial partner sends to your customers. What if a company receives a virus from them and they lose a lot of important data because of this virus? That’ll cost you a fortune!

I understand that you need to finance your free software by some other way. But nevertheless, you should be more careful choosing your commercial partners!

And please be assured that this is NOT criticism of PDF Creator which is a very good piece of software. :wink:


Hi Max,

I can understand your concern and went ahead and downloaded the zip file, which contains a html and 3 jpegs. If you have a virtual machine or a safe method to download and analize the zip file, please do so, you will find it doesn’t contain anything dangerous.
Here is also a link to the virustotal report of the .zip file, so you only need to hash it and not to open it to be sure it is safe:
Since it is not password protected, the anti virus software can directly look into its contents and there is no reason to generally block any zip file from unknown sources, it should only block if the content can’t be examined completely (from my personal point of view).
We do check anything we upload to our servers carefully and would not make any statement about our files being safe without being sure about it. 
Here is a more detailed description of what open candy does on your system:

What kind of information does OpenCandy collect from users running OpenCandy-powered installers?
In order to measure the performance of the installer you are running or recently ran and to report grand total counts and revenues (aggregate statistics) to our partners, we collect, or aggregate, the following NON-personally identifiable information:

A. Operating system version and language, country location and timezone of the computer running the installer, and the language of the developer’s installer
B. That the developer’s installer was initiated, and whether it was completed or canceled
C. Whether any third-party recommendations were made and if so, whether they were accepted or declined
D. If a third-party recommendation was accepted, whether the recommended app’s installer has been downloaded and the installer initiated
E. That the recommended third-party installer was initiated, and whether it was completed or canceled.

best regards,