malware reported by antivirus on R Windows .exe file

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

malware reported by antivirus on R Windows .exe file

Paulo Barata-4
Dear R-list members,

This is just to make a report: Today, 04 June 2018, I attempted to
download R-3.5.0 Patched build for Windows (a .exe file) from the
Austria CRAN https site. My antivirus software, AVG Internet Security
with all the latest updates, aborted the connection, saying that some
malware was found - please see the attached Figure 1.

I went then to the CRAN mirror at Oswaldo Cruz Foundation, Rio de
Janeiro, Brazil, and was able to download the .exe file. I immediately
asked the AVG software to scan the file; it found something suspicious
and sent the file for analysis in their labs. Some hours later, AVG said
that the file was malicious, and sent it to quarantine; I am not able to
figure out which kind of malware was supposed to exist in the file -
please see the attached Figure 2.

Yesterday I was also not able to download the .exe file from the Austria
CRAN site, for the same reason.

I am not able to evaluate the technical corretness of AVG's decisions. I
am only reporting what happened.

Paulo Barata

(Rio de Janeiro - Brazil)


______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.

Fig-1-Link-from-CRAN-Austria-for-R-3.5.0-patched-0n-04-June-2018.png (117K) Download Attachment
Fig-2-R-3.5.0-patched-from-Fiocruz-Brazil-site-on-04-June-2018.png (34K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: malware reported by antivirus on R Windows .exe file

Peter Dalgaard-2
These are almost always false positives. The checks are based on checksumming and sometimes a perfectly innocent .exe will match the checksum of some virus/malware. The .exe is rebuilt nightly and changes slightly between builds, so you may want just retry after a day or so.

(The AV vendors are behaving pretty irresponsibly in these matters, but as long as it only hits a patch build, I don't think anyone cares enough to take action.)

-pd

> On 5 Jun 2018, at 00:03 , Paulo Barata <[hidden email]> wrote:
>
> Dear R-list members,
>
> This is just to make a report: Today, 04 June 2018, I attempted to download R-3.5.0 Patched build for Windows (a .exe file) from the Austria CRAN https site. My antivirus software, AVG Internet Security with all the latest updates, aborted the connection, saying that some malware was found - please see the attached Figure 1.
>
> I went then to the CRAN mirror at Oswaldo Cruz Foundation, Rio de Janeiro, Brazil, and was able to download the .exe file. I immediately asked the AVG software to scan the file; it found something suspicious and sent the file for analysis in their labs. Some hours later, AVG said that the file was malicious, and sent it to quarantine; I am not able to figure out which kind of malware was supposed to exist in the file - please see the attached Figure 2.
>
> Yesterday I was also not able to download the .exe file from the Austria CRAN site, for the same reason.
>
> I am not able to evaluate the technical corretness of AVG's decisions. I am only reporting what happened.
>
> Paulo Barata
>
> (Rio de Janeiro - Brazil)
>
> <Fig-1-Link-from-CRAN-Austria-for-R-3.5.0-patched-0n-04-June-2018.png><Fig-2-R-3.5.0-patched-from-Fiocruz-Brazil-site-on-04-June-2018.png>______________________________________________
> [hidden email] mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.

--
Peter Dalgaard, Professor,
Center for Statistics, Copenhagen Business School
Solbjerg Plads 3, 2000 Frederiksberg, Denmark
Phone: (+45)38153501
Office: A 4.23
Email: [hidden email]  Priv: [hidden email]

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
Reply | Threaded
Open this post in threaded view
|

Re: malware reported by antivirus on R Windows .exe file

Rui Barradas
In reply to this post by Paulo Barata-4
Hello,
I had a similar problem a while ago.And it was also a problem with AVG.Apparently these false positives are a known issue with that AV. At the time I got an answer directing me to an online source on this but it was some 3-4 years ago and I don't believe I still have it.
Anyway, the problem was not worrying.
Hope this helps,
Rui Barradas 



Enviado a partir do meu smartphone Samsung Galaxy.-------- Mensagem original --------De: peter dalgaard <[hidden email]> Data: 05/06/2018  11:19  (GMT+00:00) Para: Paulo Barata <[hidden email]> Cc: [hidden email] Assunto: Re: [R] malware reported by antivirus on R Windows .exe file
These are almost always false positives. The checks are based on checksumming and sometimes a perfectly innocent .exe will match the checksum of some virus/malware. The .exe is rebuilt nightly and changes slightly between builds, so you may want just retry after a day or so.

(The AV vendors are behaving pretty irresponsibly in these matters, but as long as it only hits a patch build, I don't think anyone cares enough to take action.)

-pd

> On 5 Jun 2018, at 00:03 , Paulo Barata <[hidden email]> wrote:
>
> Dear R-list members,
>
> This is just to make a report: Today, 04 June 2018, I attempted to download R-3.5.0 Patched build for Windows (a .exe file) from the Austria CRAN https site. My antivirus software, AVG Internet Security with all the latest updates, aborted the connection, saying that some malware was found - please see the attached Figure 1.
>
> I went then to the CRAN mirror at Oswaldo Cruz Foundation, Rio de Janeiro, Brazil, and was able to download the .exe file. I immediately asked the AVG software to scan the file; it found something suspicious and sent the file for analysis in their labs. Some hours later, AVG said that the file was malicious, and sent it to quarantine; I am not able to figure out which kind of malware was supposed to exist in the file - please see the attached Figure 2.
>
> Yesterday I was also not able to download the .exe file from the Austria CRAN site, for the same reason.
>
> I am not able to evaluate the technical corretness of AVG's decisions. I am only reporting what happened.
>
> Paulo Barata
>
> (Rio de Janeiro - Brazil)
>
> <Fig-1-Link-from-CRAN-Austria-for-R-3.5.0-patched-0n-04-June-2018.png><Fig-2-R-3.5.0-patched-from-Fiocruz-Brazil-site-on-04-June-2018.png>______________________________________________
> [hidden email] mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.

--
Peter Dalgaard, Professor,
Center for Statistics, Copenhagen Business School
Solbjerg Plads 3, 2000 Frederiksberg, Denmark
Phone: (+45)38153501
Office: A 4.23
Email: [hidden email]  Priv: [hidden email]

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.

        [[alternative HTML version deleted]]

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.