Hi, is it possible, that the current development version for Windows ( http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is infected by a trojan/virus. My antivir-program (www.avira.com) seems to find a trojan in open.exe at bin\i386. Best regards, Andreas [[alternative HTML version deleted]]
On Jan 28, 2011, at 09:47 , Andreas Mayr wrote:> Hi, > > is it possible, that the current development version for Windows ( > http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is > infected by a trojan/virus. My antivir-program (www.avira.com) seems to find > a trojan in open.exe at bin\i386.We have seen false positives before (accidental mismatch between virus signatures and legitimate programs). But presumably, the Windows maintainers will double-check, just in case. -- Peter Dalgaard Center for Statistics, Copenhagen Business School Solbjerg Plads 3, 2000 Frederiksberg, Denmark Phone: (+45)38153501 Email: pd.mes at cbs.dk Priv: PDalgd at gmail.com
On 28.01.2011 13:49, peter dalgaard wrote:> > On Jan 28, 2011, at 09:47 , Andreas Mayr wrote: > >> Hi, >> >> is it possible, that the current development version for Windows ( >> http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is >> infected by a trojan/virus. My antivir-program (www.avira.com) seems to find >> a trojan in open.exe at bin\i386. > > We have seen false positives before (accidental mismatch between virus signatures and legitimate programs). But presumably, the Windows maintainers will double-check, just in case.Oh yes, we got such reports before. People reported to Avira and it went away. Now it is there again. Hopeless, I assume. Duncan: Perhaps we can add at the download page that Avira reports open.exe to be infected from time to time. Best wishes, Uwe> >
Uwe Ligges <ligges <at> statistik.tu-dortmund.de> writes:> > > On 28.01.2011 13:49, peter dalgaard wrote: > > > > On Jan 28, 2011, at 09:47 , Andreas Mayr wrote: > > > >> Hi, > >> > >> is it possible, that the current development version for Windows ( > >> http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is > >> infected by a trojan/virus. My antivir-program (www.avira.com) seems to find > >> a trojan in open.exe at bin\i386. > > > > We have seen false positives before (accidental mismatch between virussignatures and legitimate> programs). But presumably, the Windows maintainers will double-check, just incase.> > Oh yes, we got such reports before. People reported to Avira and it went > away. Now it is there again. Hopeless, I assume. > > Duncan: Perhaps we can add at the download page that Avira reports > open.exe to be infected from time to time. > > Best wishes, > Uwe >Another note for the paranoid is that the MD5 sum for the binary is posted, so you can at least check consistency. On the other hand, if someone managed to compromise an entire CRAN mirror, they could also post MD5 sums for their nastified version ... you could always go check the MD5 sums on another CRAN mirror (or on the main page), which would make the attacker work much harder ...