I tried downloading R-2.7.2 (http://cran.cnr.berkeley.edu/bin/windows/base/R-2.7.2-win32.exe, both from Berkeley and cran) and both times I got a warning from Computer Associates eTrust Antivirus (version 7.1.710) that the Win32/Adclicker.JO trojan was detected: The Win32/Adclicker.JO was detected in C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\61HAYRTG\R-2.7.2-WIN32[1].EXE. Has anyone else seen this? Thanks, Dave [[alternative HTML version deleted]]
Dave DeBarr wrote:> I tried downloading R-2.7.2 (http://cran.cnr.berkeley.edu/bin/windows/base/R-2.7.2-win32.exe, both from Berkeley and cran) and both times I got a warning from Computer Associates eTrust Antivirus (version 7.1.710) that the Win32/Adclicker.JO trojan was detected: > The Win32/Adclicker.JO was detected in C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\61HAYRTG\R-2.7.2-WIN32[1].EXE. > > Has anyone else seen this?You're the first to report it, and 2.7.2 has been out for almost a month, so I think it's likely that the CRAN copy is uninfected. Did you check the md5 checksum on it? It matches on the original, so if it doesn't match at your end, you've got a bad download. If it matches and you still get the virus checker reporting, please let me know the details about that infection, and I'll try to do a manual inspection for it. Duncan Murdoch
On 22/09/2008 8:38 PM, Dave DeBarr wrote:> I tried downloading R-2.7.2 (http://cran.cnr.berkeley.edu/bin/windows/base/R-2.7.2-win32.exe, both from Berkeley and cran) and both times I got a warning from Computer Associates eTrust Antivirus (version 7.1.710) that the Win32/Adclicker.JO trojan was detected: > The Win32/Adclicker.JO was detected in C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\61HAYRTG\R-2.7.2-WIN32[1].EXE. > > Has anyone else seen this?It's not R, it's CA: see the message below. Is there any way for you to post the false positive to their tech support? Duncan Murdoch> Path: news.jrsoftware.org!not-for-mail > From: Martin Holmes <mholmes at uvic.ca> > Newsgroups: jrsoftware.innosetup > Subject: The latest silly antivirus false positive > Date: Tue, 23 Sep 2008 07:43:56 -0700 > > Hi folks, > > CA Antivirus this morning flagged all of my recent InnoSetup-created > setup exe files as having the Win32/Adclicker.JO trojan in them. CA, by > default, just deletes infected files, but having been bitten by this > before, I had set it to quarantine them instead, and was able to restore > them. > > So you might want to prepare for a stack of emails from users who have > CA AV installed. > > Cheers, > Martin