My antivirus detected a virus in the application downloaded from the website.
Steps to reproduce the behavior:
Hi Alexey,
Thanks for reporting this. This is a false positive and your installation is safe.
Dr.Web’s JS.Siggen5.44590 signature is flagging the es5-ext npm package, which is a transitive dependency in Mailspring. This package contains what’s known as “protestware” - it includes a postinstall script that displays an anti-war message to users whose system timezone is set to a Russian timezone.
The code does not:
It simply prints a message during npm installation (which doesn’t even run in the packaged app you downloaded).
Several Russian antivirus vendors (including Dr.Web and Kaspersky) have incorrectly classified this package as malware. The maintainer of es5-ext has documented this issue: GitHub Issue #186
The Mailspring codebase is open source and you can verify there’s no malicious code: GitHub - Foundry376/Mailspring: 💌 A beautiful, fast and fully open source mail client for Mac, Windows and Linux.
This is a known issue affecting many Electron apps that use es5-ext as a dependency. The security research community has documented this extensively - see Checkmarx’s analysis which confirms the code is protestware, not malware.
Let me know if you have any other questions!
Yep I mentioned this in a similar post. Only Dr.Web marks it as a “virus”. You did a better job explaining it than my quick Google search on the topic previously: Virus Trojan JS.Siggen5.44590 on Mailspring Pro Piad version - #2 by compuguy
