An embedded and charset-unspecified text was scrubbed... Name: not available URL: <https://stat.ethz.ch/pipermail/r-devel/attachments/20110128/012bbb7d/attachment.pl>
trojan at current development version?
4 messages · Andreas Mayr, Peter Dalgaard, Uwe Ligges +1 more
On Jan 28, 2011, at 09:47 , Andreas Mayr wrote:
Hi, is it possible, that the current development version for Windows ( http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is infected by a trojan/virus. My antivir-program (www.avira.com) seems to find a trojan in open.exe at bin\i386.
We have seen false positives before (accidental mismatch between virus signatures and legitimate programs). But presumably, the Windows maintainers will double-check, just in case.
Peter Dalgaard Center for Statistics, Copenhagen Business School Solbjerg Plads 3, 2000 Frederiksberg, Denmark Phone: (+45)38153501 Email: pd.mes at cbs.dk Priv: PDalgd at gmail.com
On 28.01.2011 13:49, peter dalgaard wrote:
On Jan 28, 2011, at 09:47 , Andreas Mayr wrote:
Hi, is it possible, that the current development version for Windows ( http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is infected by a trojan/virus. My antivir-program (www.avira.com) seems to find a trojan in open.exe at bin\i386.
We have seen false positives before (accidental mismatch between virus signatures and legitimate programs). But presumably, the Windows maintainers will double-check, just in case.
Oh yes, we got such reports before. People reported to Avira and it went away. Now it is there again. Hopeless, I assume. Duncan: Perhaps we can add at the download page that Avira reports open.exe to be infected from time to time. Best wishes, Uwe
Uwe Ligges <ligges <at> statistik.tu-dortmund.de> writes:
On 28.01.2011 13:49, peter dalgaard wrote:
On Jan 28, 2011, at 09:47 , Andreas Mayr wrote:
Hi, is it possible, that the current development version for Windows ( http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is infected by a trojan/virus. My antivir-program (www.avira.com) seems to find a trojan in open.exe at bin\i386.
We have seen false positives before (accidental mismatch between virus
signatures and legitimate
programs). But presumably, the Windows maintainers will double-check, just in
case.
Oh yes, we got such reports before. People reported to Avira and it went away. Now it is there again. Hopeless, I assume. Duncan: Perhaps we can add at the download page that Avira reports open.exe to be infected from time to time. Best wishes, Uwe
Another note for the paranoid is that the MD5 sum for the binary is posted, so you can at least check consistency. On the other hand, if someone managed to compromise an entire CRAN mirror, they could also post MD5 sums for their nastified version ... you could always go check the MD5 sums on another CRAN mirror (or on the main page), which would make the attacker work much harder ...