Discussion:
[MiKTeX] miktex update flagged as containing malware - false positive or not?
Barraclough, Dominic (ext. 414)
2016-11-11 14:31:09 UTC
Permalink
Hi

Before approaching my companies IT people (not the most light hearted and easy going group) I'm seeking help on the following.

I have very recently installed Miktex on a win 7 system and now wish to perform an update on the installation, however it appears that the antivirus software running on all incoming downloads is flagging the update as containing a possible virus. I'm assuming that this is a false positive. Can any body through any light on this issue? Additional information could improve my case with the IT department to have the file download unblocked.

For what its worth, the scanner provide the following rather cryptic feed back
Virus/PUS: "PUS:Downloader.Win32.DownMan.hl" found!
URL: http://www.pirbot.com/mirrors/ctan/systems/win32/miktex/tm/packages/miktex-bin-2.9.tar.lzma

Dominic
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Q: How can I leave the mailing list?
A: See http://docs.miktex.org/faq/support.html#leavingml
George N. White III
2016-11-11 16:07:30 UTC
Permalink
On Fri, Nov 11, 2016 at 10:31 AM, Barraclough, Dominic (ext. 414) <
Post by Barraclough, Dominic (ext. 414)
Hi
Before approaching my companies IT people (not the most light hearted and
easy going group) I'm seeking help on the following.
I have very recently installed Miktex on a win 7 system and now wish to
perform an update on the installation, however it appears that the
antivirus software running on all incoming downloads is flagging the update
as containing a possible virus. I'm assuming that this is a false positive.
Can any body through any light on this issue? Additional information could
improve my case with the IT department to have the file download unblocked.
For what its worth, the scanner provide the following rather cryptic feed back
Virus/PUS: "PUS:Downloader.Win32.DownMan.hl" found!
URL: http://www.pirbot.com/mirrors/ctan/systems/win32/miktex/tm/p
ackages/miktex-bin-2.9.tar.lzma
1. Enter the URL at https://www.virustotal.com and print the results to
PDF so you can attach them to your IT ticket.

2. A malware site may detect access from virustotal and provide an
uninfested file, or something close to your PC could be redirecting http
URL's to bad sites. Try to download the same file from a CTAN mirror at a
major university using rsync if possible, otherwise, use ftp. If the AV
scanner gives the same response, chances are high that you have a false
positive.

MiKTeX is quite widely used. Most AV vendors act quickly to eliminate
false positives, so the problem may go away in a few days even if you do
nothing.
--
George N. White III <***@chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Q: How can I leave the mailing list?
A: See http://docs.miktex.org/faq/support.html#leavingml
Loading...