New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Antivirus false positive reports #573

Open
luclu opened this Issue May 6, 2016 · 10 comments

Comments

Projects
None yet
5 participants
@luclu
Member

luclu commented May 6, 2016

There have been several reports of false positives. There seem to be two cases:


Case 1: Binary blocked
These are due to Mist's feature of being able to mine on the test-net, which is regarded as malicious by some AVs - as so-called silent miners are used to steal cpu/gpu-resources.

-> If affected please add an exception to your AV until your AV's heuristic/hash-db is updated.

Reports:
#277
#380
#349


Case 2: Blockchain-db files
.ldb-files under Ethereum/chaindata/ are beeing recognized as malicious.

-> If affected please add an exception to the chaindata/-folder. If the chain got corrupted by the AV's actions, please remove the folder. You will need to resync afterwards.

Reports:
#581
#574
#615
Reddit: Avast (for OSX) gave me a virus alert when syncing the Ethereum Wallet.

@More-decentral

This comment has been minimized.

Show comment
Hide comment
@More-decentral

More-decentral May 7, 2016

My antivirus software Avast has false positive reports. It moved a couple of blockchain files (xxxxxx.ldb) under ~/Library/Ethereum/Chaindata/ to an isolated area (virus chest). Even after I make the software to restore those files, my Ethereum Wallet cannot run properly. Any advices on how to fix it? Thanks.

More-decentral commented May 7, 2016

My antivirus software Avast has false positive reports. It moved a couple of blockchain files (xxxxxx.ldb) under ~/Library/Ethereum/Chaindata/ to an isolated area (virus chest). Even after I make the software to restore those files, my Ethereum Wallet cannot run properly. Any advices on how to fix it? Thanks.

@More-decentral

This comment has been minimized.

Show comment
Hide comment
@More-decentral

More-decentral May 13, 2016

I ended up re-downloading the whole blockchain. I also periodically check the virus chest of Avast. If it moves any of the blockchain files to the chest, I would restore those files to their original folder. So far so good.

More-decentral commented May 13, 2016

I ended up re-downloading the whole blockchain. I also periodically check the virus chest of Avast. If it moves any of the blockchain files to the chest, I would restore those files to their original folder. So far so good.

@FaguiCurtain

This comment has been minimized.

Show comment
Hide comment
@FaguiCurtain

FaguiCurtain May 28, 2016

I wanted to setup AVAST to all files from the Ethereum folder would not be scanned but i couldn't find it in the list of folders when i wanted to customize the settings in AVAST

FaguiCurtain commented May 28, 2016

I wanted to setup AVAST to all files from the Ethereum folder would not be scanned but i couldn't find it in the list of folders when i wanted to customize the settings in AVAST

@dominik42

This comment has been minimized.

Show comment
Hide comment
@dominik42

dominik42 Jun 3, 2016

unfortunately, only the hard tour works for me:

  1. exclude ~/Library/Ethereum/chaindata from Avast file system scan (Avast / Settings / FileSystemScan / Settings)
  2. delete the whole blockchain in ~/Library/Ethereum/chaindata
  3. restart Mist / Ethereum Wallet

dominik42 commented Jun 3, 2016

unfortunately, only the hard tour works for me:

  1. exclude ~/Library/Ethereum/chaindata from Avast file system scan (Avast / Settings / FileSystemScan / Settings)
  2. delete the whole blockchain in ~/Library/Ethereum/chaindata
  3. restart Mist / Ethereum Wallet
@FaguiCurtain

This comment has been minimized.

Show comment
Hide comment
@FaguiCurtain

FaguiCurtain Jun 3, 2016

@dominik42
when i go to Avast, strangely i don't see ~/Library/Ethereum/chaindata in my folders, so i cannot select it... why is it so ???

FaguiCurtain commented Jun 3, 2016

@dominik42
when i go to Avast, strangely i don't see ~/Library/Ethereum/chaindata in my folders, so i cannot select it... why is it so ???

@dominik42

This comment has been minimized.

Show comment
Hide comment
@dominik42

dominik42 Jun 3, 2016

~/Library is hidden by default so press Shift-Cmd-Dot ('.') within the open file browser window. That makes the hidden files and directories visible immediately.

dominik42 commented Jun 3, 2016

~/Library is hidden by default so press Shift-Cmd-Dot ('.') within the open file browser window. That makes the hidden files and directories visible immediately.

@FaguiCurtain

This comment has been minimized.

Show comment
Hide comment
@FaguiCurtain

FaguiCurtain Jun 3, 2016

I'm seeing ~/Library but I'm not seeing /Ethereum inside it

FaguiCurtain commented Jun 3, 2016

I'm seeing ~/Library but I'm not seeing /Ethereum inside it

@dominik42

This comment has been minimized.

Show comment
Hide comment
@dominik42

dominik42 Jun 3, 2016

I'm using ethereum wallet 0.7.4 on Mac OS X 10.11.5 (El Capitan) and /Users//Library/Ethereum seems to be the default datadir. Did you configure another one, e.g. via --datadir

dominik42 commented Jun 3, 2016

I'm using ethereum wallet 0.7.4 on Mac OS X 10.11.5 (El Capitan) and /Users//Library/Ethereum seems to be the default datadir. Did you configure another one, e.g. via --datadir

@FaguiCurtain

This comment has been minimized.

Show comment
Hide comment
@FaguiCurtain

FaguiCurtain Jun 3, 2016

using the terminal i can see the directory, but inside Avast, i cannot see it

FaguiCurtain commented Jun 3, 2016

using the terminal i can see the directory, but inside Avast, i cannot see it

@ethereumtesting

This comment has been minimized.

Show comment
Hide comment
@ethereumtesting

ethereumtesting Jun 27, 2016

Has anyone determined if RCE can occur on the viruses embedded on the blockchain? e.g. A call back into the local blockchain to trigger the malware ?

ethereumtesting commented Jun 27, 2016

Has anyone determined if RCE can occur on the viruses embedded on the blockchain? e.g. A call back into the local blockchain to trigger the malware ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment