False positive when running through virustotal?

[ysk3a]

I currently have v2.16.28 and noticed .30 was released.
I ran some of the files for the latest winmerge release from the website and github release through virustotal but it returned with some red warnings. could these be false positives? I don't know what these are or cause.

NANO-Antivirus
Trojan.Script.Vbs-heuristic.druvzi

• WinMerge-2.16.30-x64-Setup.exe
• winmerge-2.16.30-x64-exe.zip

---

NANO-Antivirus
Trojan.Script.Vbs-heuristic.druvzi

ESET-NOD32
VBS/HackTool.Agent.BO Potentially Unsafe

• winmerge-2.16.30.zip
• winmerge-2.16.30-full-src.7z
• the source code downloaded from github releases

[sdottaka]

In version 2.16.31 Beta, the False Positive detection Trojan.Script.Vbs-heuristic.druvzi is gone.

It seems that Trojan.Script.Vbs-heuristic.druvzi was detected when the *.sct file of the plugin contained a JScript eval function. For this reason, I fixed it in 2.16.31 so that eval is not used.

VBS/HackTool.Agent.BO is still not supported because it is a compressed source code file and is considered less important.