[R] R-2.7.2 infected?

[Dave DeBarr]

> Did you check the md5 checksum on it?

Yes; it matched: 540090dd892657804d1099c54d6f770d


> You're the first to report it, and 2.7.2 has been out for almost a month, so I think it's likely that the CRAN copy is uninfected.

Sounds promising.  Perhaps it's a false positive from eTrust.


> If it matches and you still get the virus checker reporting, please let me know the details about that infection

eTrust still reports the signature match for Win32/Adclicker.JO; but I don't know anything about Win32/Adclicker.JO.  Unfortunately, eTrust doesn't provide a link to a description of Win32/Adclicker.JO.

For what it's worth, I'm using version 7.1.710 of Computer Associates eTrust Antivirus (with version 31.6.6099 of its signature file).

I'll try to find out more.

Thanks,
Dave

-----Original Message-----
From: Duncan Murdoch [mailto:murdoch at stats.uwo.ca]
Sent: Monday, September 22, 2008 8:41 PM
To: Dave DeBarr
Cc: r-help at r-project.org
Subject: Re: [R] R-2.7.2 infected?

Dave DeBarr wrote:
> I tried downloading R-2.7.2 (http://cran.cnr.berkeley.edu/bin/windows/base/R-2.7.2-win32.exe, both from Berkeley and cran) and both times I got a warning from Computer Associates eTrust Antivirus (version 7.1.710) that the Win32/Adclicker.JO trojan was detected:
> The Win32/Adclicker.JO was detected in C:\USERS\USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\61HAYRTG\R-2.7.2-WIN32[1].EXE.
>
> Has anyone else seen this?
You're the first to report it, and 2.7.2 has been out for almost a
month, so I think it's likely that the CRAN copy is uninfected.  Did you
check the md5 checksum on it?  It matches on the original, so if it
doesn't match at your end, you've got a bad download.

If it matches and you still get the virus checker reporting, please let
me know the details about that infection, and I'll try to do a manual
inspection for it.

Duncan Murdoch