-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avast thinks Julia is a virus #28840
Comments
Any ideas what it takes to make it change its mind? |
@ViralBShah I'm not sure.. Here's the details although may not be very helpful. |
Did we forget to sign the installer? Usually signed binaries are exempt from these kinds of detections. cc @ararslan |
I think the buildbots sign them and I re-sign them just in case. @nshusa, can you check whether this happens with other versions of Julia, e.g. 0.7 or 0.6? They're available on https://julialang.org/downloads. |
Okay, good to know. I'll recheck the 1.0 Windows binaries in a bit. |
I've signed the 1.0 Windows binaries again and reuploaded them. Could you try again? |
@ararslan That fixed the issue! Thanks :) |
- `docker`: 18.09.0-ce-tp4 - `haproxy`: `SIGUSR1` (docker-library/haproxy#72) - `julia`: update 1.0.0 Windows executable hashes (JuliaLang/julia#28840 (comment)) - `postgres`: escape user input for `psql` invocations (docker-library/postgres#489) - `wordpress`: add `WORDPRESS_DB_CHARSET` and `WORDPRESS_DB_COLLATE` vars (docker-library/wordpress#327), WP-CLI 2.0.1
- `docker`: 18.09.0-ce-tp4 - `haproxy`: `SIGUSR1` (docker-library/haproxy#72) - `julia`: update 1.0.0 Windows executable hashes (JuliaLang/julia#28840 (comment)) - `postgres`: escape user input for `psql` invocations (docker-library/postgres#489) - `wordpress`: add `WORDPRESS_DB_CHARSET` and `WORDPRESS_DB_COLLATE` vars (docker-library/wordpress#327), WP-CLI 2.0.1
Hi, I am having the same issue with julia 1.0.3 64-bit and Avast. It keeps deleting my installation from my PC with Windows 10. Thank you very much in advance. Cheers, |
As far as I can see, we're following Avast's "Clean" guidelines. You could report this as a false positive to Avast here: https://www.avast.com/false-positive-file-form.php. |
Are the binaries signed? That's been a problem in the past. |
I reported this to Avast and waiting for the response. |
I sign them as part of the release process, but there's always a chance I (or something else) can mess it up. I don't have consistent access to a Windows machine to verify that 1.0.3 is properly signed, unfortunately. Either way, we shouldn't be identified as a virus. |
I think people would quickly let us know if binaries were not signed. |
The Avast has whitelisted the julia executable. I just received a message from them. |
Julia binary was a virus. I downloaded and installed. Then my Windows 10 file access control information started corrupted. So I had to reinstall Windows plus dozens of other packages. It was a very painful experience! I still havn't fully restored yet. Probably Julia site was hacked. I have to say that many other people had similar problem I had. |
Which binary did you download that you believe to be compromised and did you check the fog to make sure you weren't mitm'd? |
I don't know which version I downloaded because I had to reset Windows. So I don't have a copy of that file. But was about a week ago. I am sure it was Julia. I didn't install any other things on that day. After installing Julia, suddenly I could not send emails from Eudora. This traced to contamination of file access control information. I tried to fix it. But problem got bigger and bigger. So I had to reset Windows 10 completely. The funny thing is that the installer does not suggest to install on normal Windows app directory "C:\Program File. Windows 10 blocks if I tried to install on "C:\Program Files'. So I ran the installer as administrator. After that things got corrupted. The version I downloaded was a virus. |
PS: Exact download date was 11, July, 2019. |
Unfortunately without knowing where you got the file from, there is nothing actionable her however all officially binaries are provided with signatures of verify validaty and integrity. In addition, we sign these binaries using the appropriate OS mechanism, which is another layer of protection. We've had no other reports of any suspicious binary and I don't see any other evidence of compromise. There is of course also the possibility that the binary was legit, but something went wrong during the install process. We haven't had any reports of such corruption either, but it sounds like there was something unusual about your install, so if you remember additional details, do post those. |
In addition to corruption to file access control information, my email account was spam-listed. But a few days later was lifted. Obviously the virus was monitoring my computer usage and corrupting what I use. I think Avast noticed this. |
So is there any way to prevent this from happening? Like contacting Avast or something. |
Yes, please do contact Avast and let them know that their product is mistakenly identifying Julia as malware. |
Done. Waiting for their response: |
Email from AVAST: Re: Avast: Report a URL https://julialang-s3.julialang.org/bin/winnt/x64/1.3/julia-1.3.0-rc2-win64.exe [ ref:_00Db0Z3Sf._5000N1y2znT:ref ]:
|
Julia version: 1.0.0
Operating System: Windows 10
Both 32-bit and 64-bit installers get this issue
Installation directory: C:\Users\chief\AppData\Local\Julia-1.0.0
Downloaded installer from https://julialang.org/downloads/
Here's my test
32-bit installation
64-bit installation
The text was updated successfully, but these errors were encountered: