New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

avast tells me ocaml installer is trojan. #17

Closed
mnru opened this Issue Oct 1, 2012 · 11 comments

Comments

Projects
None yet
7 participants
@mnru

mnru commented Oct 1, 2012

I don't know where to report my trouble,but according to avast anti virus,the file I got from the URL

http://gallium.inria.fr/~protzenk/caml-installer/ocaml-4.00.0-i686-mingw64.exe

is infected by trojan. Is it really?

@protz

This comment has been minimized.

Show comment
Hide comment
@protz

protz Oct 1, 2012

Owner

It's not, it's just that avast is over-zealous...

On Mon 01 Oct 2012 03:10:58 PM CEST, mnr_u wrote:

I don't know where to report my trouble,but according to avast anti
virus,the file I got from the URL

http://gallium.inria.fr/~protzenk/caml-installer/ocaml-4.00.0-i686-mingw64.exe
http://gallium.inria.fr/%7Eprotzenk/caml-installer/ocaml-4.00.0-i686-mingw64.exe

is infected by trojan. Is it really?


Reply to this email directly or view it on GitHub
#17.

Owner

protz commented Oct 1, 2012

It's not, it's just that avast is over-zealous...

On Mon 01 Oct 2012 03:10:58 PM CEST, mnr_u wrote:

I don't know where to report my trouble,but according to avast anti
virus,the file I got from the URL

http://gallium.inria.fr/~protzenk/caml-installer/ocaml-4.00.0-i686-mingw64.exe
http://gallium.inria.fr/%7Eprotzenk/caml-installer/ocaml-4.00.0-i686-mingw64.exe

is infected by trojan. Is it really?


Reply to this email directly or view it on GitHub
#17.

@mnru

This comment has been minimized.

Show comment
Hide comment
@mnru

mnru Oct 2, 2012

http://forum.avast.com/index.php?topic=106465.0

I posted this issue to Japanese avast user forum and got reply.

I think the possibility of infection is not low.

mnru commented Oct 2, 2012

http://forum.avast.com/index.php?topic=106465.0

I posted this issue to Japanese avast user forum and got reply.

I think the possibility of infection is not low.

@protz

This comment has been minimized.

Show comment
Hide comment
@protz

protz Oct 2, 2012

Owner

I compiled camlp4o.exe, camlp4orf.exe and tkcompiler.exe myself, and I
can assure you that these are just regular executables that are part of
the OCaml distribution. Since these are bytecode executables, there may
be code that looks suspicious: the bytecode data is appended at the end
of the executable, and the runtime system uses it to run the program,
so I don't know how an antivirus analyzes such a program...

On Tue 02 Oct 2012 07:58:04 PM CEST, mnr_u wrote:

http://forum.avast.com/index.php?topic=106465.0

I posted this issue to Japanese avast user forum and got reply.

I think the possibility of infection is not low.


Reply to this email directly or view it on GitHub
#17 (comment).

Owner

protz commented Oct 2, 2012

I compiled camlp4o.exe, camlp4orf.exe and tkcompiler.exe myself, and I
can assure you that these are just regular executables that are part of
the OCaml distribution. Since these are bytecode executables, there may
be code that looks suspicious: the bytecode data is appended at the end
of the executable, and the runtime system uses it to run the program,
so I don't know how an antivirus analyzes such a program...

On Tue 02 Oct 2012 07:58:04 PM CEST, mnr_u wrote:

http://forum.avast.com/index.php?topic=106465.0

I posted this issue to Japanese avast user forum and got reply.

I think the possibility of infection is not low.


Reply to this email directly or view it on GitHub
#17 (comment).

@marcdexet

This comment has been minimized.

Show comment
Hide comment
@marcdexet

marcdexet Dec 4, 2012

I got the same problem with Symantec
Detected Trojan.ADH

I got the same problem with Symantec
Detected Trojan.ADH

@protz

This comment has been minimized.

Show comment
Hide comment
@protz

protz Dec 4, 2012

Owner

If you could submit a false positive report to Symantec that'd be great.

Thanks,

jonathan

On Tue 04 Dec 2012 04:55:20 PM CET, Marc DEXET wrote:

I got the same problem with Symantec
Detected Trojan.ADH


Reply to this email directly or view it on GitHub
#17 (comment).

Owner

protz commented Dec 4, 2012

If you could submit a false positive report to Symantec that'd be great.

Thanks,

jonathan

On Tue 04 Dec 2012 04:55:20 PM CET, Marc DEXET wrote:

I got the same problem with Symantec
Detected Trojan.ADH


Reply to this email directly or view it on GitHub
#17 (comment).

@marcdexet

This comment has been minimized.

Show comment
Hide comment
@marcdexet

marcdexet Dec 4, 2012

Report to Symantec done.

Report to Symantec done.

@marcdexet

This comment has been minimized.

Show comment
Hide comment
@marcdexet

marcdexet Dec 5, 2012

Ocaml in a whole is considered as a virus :(

Ocaml in a whole is considered as a virus :(

@doubleffect

This comment has been minimized.

Show comment
Hide comment
@doubleffect

doubleffect Dec 24, 2012

So far I have sadly not found a single anti-virus that wouldn't report OCaml as a virus. I reported it as a false positive to Avast too. The only solution is to add an exception after installation for the folder containing OCaml, I guess, other than switching to Unix-based OS. :/

So far I have sadly not found a single anti-virus that wouldn't report OCaml as a virus. I reported it as a false positive to Avast too. The only solution is to add an exception after installation for the folder containing OCaml, I guess, other than switching to Unix-based OS. :/

@crufter

This comment has been minimized.

Show comment
Hide comment
@crufter

crufter Jan 7, 2013

Avast whines for me too.

I think the download pages should mention it, I bet a lot of newbies are being scared away.

crufter commented Jan 7, 2013

Avast whines for me too.

I think the download pages should mention it, I bet a lot of newbies are being scared away.

@aalexand

This comment has been minimized.

Show comment
Hide comment
@aalexand

aalexand Jan 12, 2013

I got complaint from McAfee anti-virus on OCaml installer too:

tmpimg00

I got complaint from McAfee anti-virus on OCaml installer too:

tmpimg00

@thelema

This comment has been minimized.

Show comment
Hide comment
@thelema

thelema Jan 12, 2013

https://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm
If someone can try these instructions to submit the installer as a false
positive, it will help us all.

On Sat, Jan 12, 2013 at 2:00 AM, aalexand notifications@github.com wrote:

I got complaint from McAfee anti-virus on OCaml installer too:

[image: tmpimg00]https://f.cloud.github.com/assets/1519040/61772/c88d33ec-5c85-11e2-855c-841888392603.png


Reply to this email directly or view it on GitHubhttps://github.com/protz/ocaml-installer/issues/17#issuecomment-12174704.

thelema commented Jan 12, 2013

https://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm
If someone can try these instructions to submit the installer as a false
positive, it will help us all.

On Sat, Jan 12, 2013 at 2:00 AM, aalexand notifications@github.com wrote:

I got complaint from McAfee anti-virus on OCaml installer too:

[image: tmpimg00]https://f.cloud.github.com/assets/1519040/61772/c88d33ec-5c85-11e2-855c-841888392603.png


Reply to this email directly or view it on GitHubhttps://github.com/protz/ocaml-installer/issues/17#issuecomment-12174704.

@protz protz closed this in 570d4f1 Aug 2, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment