Virus report
Richard Kimberly Heck
rikiheck at gmail.com
Wed Nov 27 17:43:04 UTC 2024
On 11/25/24 10:12 AM, Küsters, Ulrich wrote:
>
> Dear LyX developers,
>
> I downloaded the current Lyx version from
> https://lyx.mirror.garr.it/bin/2.4.2/LyX-242-Installer-1-x64.exe
> <https://lyx.mirror.garr.it/bin/2.4.2/LyX-242-Installer-1-x64.exe>.
>
> Virustotal.com reports the virus “W32.AIDetectMalWare” in the uploaded
> Lyx-file diagnosed by the rather unknown virus scanner “Bkav Pro”).
> Such problems did not occur with previous versions of Lyx.
>
> The university computer center advised me to have the current Lyx exe
> analyzed with the Free Automated Malware Analysis
> https://hybrid-analysis.com under a Windows 11 64-bit sandbox. The
> result was “malicious” with a threat score of 85/100, so there seems
> to be a serious problem, whereas prevous Lxy versions had no problems.
We've had some similar reports previously, but they always turned out to
be false positives. This one is a bit more concerning. I just ran it
through using
http://ftp.lyx.org/pub/lyx/bin/2.4.2/LyX-242-Installer-1-x64.exe
and got "No specific threat" from the sandbox thing, using the Windows
11 64-bit setting.
I tried using the URL you provided, as well, and it gave me the report
from when you ran it. The two "malicious indicators" both involve
interaction with 'remote processes', in particular, calls to where.exe.
One of them is just that we call this process a lot. These are normal
for LyX. So I think this is another false positive.
Riki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20241127/6d1e115e/attachment-0001.htm>
More information about the lyx-devel
mailing list