I’ve just uploaded our Windows installer to virustotal myself and I can confirm the results.
We don’t have an explanation why McAfee, Bkav and Sangfor might flag this as malware. Our plugin in based on the official open source Steinberg VST3SDK and vstgui. We are using Inno Setup for the installer, which also is open source. Our development happens mainly on Linux systems and just the packaging and testing for Windows are done on a clean Windows machine. We think it’s close to impossible that our product could be compromised by anything third-party and we certainly haven’t added any malicious code ourselves.
But basically, you need to trust us here. We are a new player in the market and may not have a respected name yet, but we are trying to get there. We will discuss how to fix these false positives. Maybe digitally signing the Windows installer package will already help.
What I suspect that is happening:
Probably the makers of crypto/malware also used the open source installer Inno Setup for their malware, so the scanners will find the files which were flagged as malware also in our installer, but they are simply part of the installer software, nothing harmful. On top of that, we are new in the business, not trusted by the malware scanner engines. Our installer isn’t a popular and proven binary which gets us some points in their scoring. IMO this is why we are getting detected as malware.