On 11/25/24 10:12 AM, Küsters, Ulrich wrote:
Dear LyX developers,
I downloaded the current Lyx version from
https://lyx.mirror.garr.it/bin/2.4.2/LyX-242-Installer-1-x64.exe
<https://lyx.mirror.garr.it/bin/2.4.2/LyX-242-Installer-1-x64.exe>.
Virustotal.com reports the virus “W32.AIDetectMalWare” in the uploaded
Lyx-file diagnosed by the rather unknown virus scanner “Bkav Pro”).
Such problems did not occur with previous versions of Lyx.
The university computer center advised me to have the current Lyx exe
analyzed with the Free Automated Malware Analysis
https://hybrid-analysis.com under a Windows 11 64-bit sandbox. The
result was “malicious” with a threat score of 85/100, so there seems
to be a serious problem, whereas prevous Lxy versions had no problems.
We've had some similar reports previously, but they always turned out to
be false positives. This one is a bit more concerning. I just ran it
through using
http://ftp.lyx.org/pub/lyx/bin/2.4.2/LyX-242-Installer-1-x64.exe
and got "No specific threat" from the sandbox thing, using the Windows
11 64-bit setting.
I tried using the URL you provided, as well, and it gave me the report
from when you ran it. The two "malicious indicators" both involve
interaction with 'remote processes', in particular, calls to where.exe.
One of them is just that we call this process a lot. These are normal
for LyX. So I think this is another false positive.
Riki
--
lyx-devel mailing list
lyx-devel@lists.lyx.org
https://lists.lyx.org/mailman/listinfo/lyx-devel
