Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

avast tells me ocaml installer is trojan. #17

Closed
mnru opened this issue Oct 1, 2012 · 11 comments
Closed

avast tells me ocaml installer is trojan. #17

mnru opened this issue Oct 1, 2012 · 11 comments

Comments

@mnru
Copy link

@mnru mnru commented Oct 1, 2012

I don't know where to report my trouble,but according to avast anti virus,the file I got from the URL

http://gallium.inria.fr/~protzenk/caml-installer/ocaml-4.00.0-i686-mingw64.exe

is infected by trojan. Is it really?

@protz
Copy link
Owner

@protz protz commented Oct 1, 2012

It's not, it's just that avast is over-zealous...

On Mon 01 Oct 2012 03:10:58 PM CEST, mnr_u wrote:

I don't know where to report my trouble,but according to avast anti
virus,the file I got from the URL

http://gallium.inria.fr/~protzenk/caml-installer/ocaml-4.00.0-i686-mingw64.exe
http://gallium.inria.fr/%7Eprotzenk/caml-installer/ocaml-4.00.0-i686-mingw64.exe

is infected by trojan. Is it really?


Reply to this email directly or view it on GitHub
#17.

@mnru
Copy link
Author

@mnru mnru commented Oct 2, 2012

http://forum.avast.com/index.php?topic=106465.0

I posted this issue to Japanese avast user forum and got reply.

I think the possibility of infection is not low.

@protz
Copy link
Owner

@protz protz commented Oct 2, 2012

I compiled camlp4o.exe, camlp4orf.exe and tkcompiler.exe myself, and I
can assure you that these are just regular executables that are part of
the OCaml distribution. Since these are bytecode executables, there may
be code that looks suspicious: the bytecode data is appended at the end
of the executable, and the runtime system uses it to run the program,
so I don't know how an antivirus analyzes such a program...

On Tue 02 Oct 2012 07:58:04 PM CEST, mnr_u wrote:

http://forum.avast.com/index.php?topic=106465.0

I posted this issue to Japanese avast user forum and got reply.

I think the possibility of infection is not low.


Reply to this email directly or view it on GitHub
#17 (comment).

@marcdexet
Copy link

@marcdexet marcdexet commented Dec 4, 2012

I got the same problem with Symantec
Detected Trojan.ADH

@protz
Copy link
Owner

@protz protz commented Dec 4, 2012

If you could submit a false positive report to Symantec that'd be great.

Thanks,

jonathan

On Tue 04 Dec 2012 04:55:20 PM CET, Marc DEXET wrote:

I got the same problem with Symantec
Detected Trojan.ADH


Reply to this email directly or view it on GitHub
#17 (comment).

@marcdexet
Copy link

@marcdexet marcdexet commented Dec 4, 2012

Report to Symantec done.

@marcdexet
Copy link

@marcdexet marcdexet commented Dec 5, 2012

Ocaml in a whole is considered as a virus :(

@doubleffect
Copy link

@doubleffect doubleffect commented Dec 24, 2012

So far I have sadly not found a single anti-virus that wouldn't report OCaml as a virus. I reported it as a false positive to Avast too. The only solution is to add an exception after installation for the folder containing OCaml, I guess, other than switching to Unix-based OS. :/

@crufter
Copy link

@crufter crufter commented Jan 7, 2013

Avast whines for me too.

I think the download pages should mention it, I bet a lot of newbies are being scared away.

@aalexand
Copy link

@aalexand aalexand commented Jan 12, 2013

I got complaint from McAfee anti-virus on OCaml installer too:

tmpimg00

@thelema
Copy link

@thelema thelema commented Jan 12, 2013

https://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm
If someone can try these instructions to submit the installer as a false
positive, it will help us all.

On Sat, Jan 12, 2013 at 2:00 AM, aalexand notifications@github.com wrote:

I got complaint from McAfee anti-virus on OCaml installer too:

[image: tmpimg00]https://f.cloud.github.com/assets/1519040/61772/c88d33ec-5c85-11e2-855c-841888392603.png


Reply to this email directly or view it on GitHubhttps://github.com//issues/17#issuecomment-12174704.

@protz protz closed this in 570d4f1 Aug 2, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.