Project

General

Profile

Actions

Bug #15692

open

update reported as malware

Added by arik berk 11 months ago. Updated 3 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:

Description

i am upgrading trom version 22.04 to 23.04 using
  1. pkg upgrade

on a virtualbox vm,
avast which is installed on my windows host terminates the installation claiming that the update contains malware


Files

illumos_upgrade.png (57.3 KB) illumos_upgrade.png arik berk, 2023-05-24 07:36 PM
Actions #1

Updated by John Harris 11 months ago

I would request that you first verify that this is not a fasle positive.

This is a known issue with AVAST, and quite a few other Malware vendors.
Also, reporting this to Avast directly, tends to resolve such issues, as they would test it via the publically accessible package.

Please also note that using the Shell technique is a common way to bootstrap third party software.
So not all quirky PE shells are malware, just quirky.

However, in the interim, firstly, does the illumos image checksum match?

Generally, I would recommend that you use [ https://www.kaspersky.com.au/downloads/free-rescue-disk ] as a "Second Opinion" tool.
This tool is free and provides the ability to scan your entire Hard Drive, outside of Windows.

This requires that you download a CD or USB image and "Burn" it to the required medium, then as per the instructions, boot the PC/Laptop with that toolkit, then update the Malware Signature package, then scan the entire Hard Drive and confirm if you still have a match, or a false positive.
Once you have completed this step, you can then remove the CD/USB toolkit and reboot normally.

Please advise if you have questions or queries, and advise the results, as requested.

Actions #2

Updated by arik berk 11 months ago

i have contacted Avast and they claim that the detection is correct.

Actions #3

Updated by Marcel Telka 3 months ago

  • Status changed from New to Feedback

It is strange that the url is http, not https. How are your publishers configured? Also, I believe the url reported currently does not exist.

Actions #4

Updated by Marcel Telka 3 months ago

  • Assignee set to arik berk
Actions

Also available in: Atom PDF