A total refund for pro version I paid
Threat: Infected archive
Detected by module: Scanner
Time of detection: 12/22/25 11:57 PM
Object name: app.asar
Owner: root
Modified: 12/22/25 11:57 PM
Size: 98.20 MB
Path:
/snap/mailspring/550/usr/share/mailspring/resources/app.asar
Last action: Delete; Result: Failed - Permission denied.
Detected threats:
app.asar/_postinstall.js - infected with JS.Siggen5.44590
A few minutes of googling will confirm that a particular library (I’m guessing es5-ext?) is flagged as a “Virus” by a Russian anti-virus for reasons that are are more, well, political versus actually malicious:
It is not a virus.
One of the software libraries I rely on to create the Social Stream Ninja (standalone app) is es5-ext. Since 2022, that library began printing to the developer output an Anti-War message when it is installed/compiled. The message only targets Russian software developers who are using the library, based on their time-zone settings.
The message essentially reads: Russia’s invasion of Ukraine, the largest European conflict since WWII, has caused massive casualties and is fueled by government censorship. Seek out alternative views to help prevent further conflicts.
VirusTotal shows that only DrWeb lists it as a virus. DrWeb is a Russian anti-virus scanner and considers the message malicious.
This is a false positive. The detection is triggered by the es5-ext JavaScript library bundled in Mailspring, which displays an anti-war message — this was flagged as suspicious behavior by some AV engines. The library has since been updated. Please update to v1.21.1 and the detection should no longer occur. You can also add Mailspring’s directory to your DrWeb exclusions.