[R] virus/trojan in contributed package: 'svs'

Bijoy Joseph bijoy.joseph at thl.fi
Fri Oct 23 12:56:13 CEST 2015


See output below:

$ clamscan -ri svs/
./svs/extdata/InvT_Eng.txt: BAT.CMDFlood FOUND

In the tarball, the file is "./inst/extdata/InvT_Eng.txt", and clamscan 
gives the same output.

$ file svs/extdata/InvT_Eng.txt
./svs/extdata/InvT_Eng.txt: ASCII text, with CRLF line terminators

I managed to find a Windows machine to scan the file (using MS System 
center Endpoint), and it detected no threat! False positive, as you 
suggested.

Thanks,
Bijoy Joseph


On 2015-10-23 12:23, peter dalgaard wrote:
> Virus scanners generate a fair amount of false positives. Does it persist if you unpack the zip file or the source tarball? If so, what file has the issue?
>
> -pd
>
> On 23 Oct 2015, at 09:38 , Bijoy Joseph <bijoy.joseph at thl.fi> wrote:
>
>> Hello,
>>
>> I came across the following when I was installing the 'svs' package:
>>
>> $ clamscan svs_1.0.3.zip
>> svs_1.0.3.zip: BAT.CMDFlood FOUND
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 4035827
>> Engine version: 0.98.7
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 1
>>
>>
>> clamscan finds this trojan in the source tarball as well. Does the r-project does a virus scan of contributed packages? I had come across a virus a few years earlier, but an email to the maintainer fixed that issue. I have heard nothing (yet) from the maintainer in this case.
>>
>> Bijoy
>>
>> ______________________________________________
>> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see
>> https://stat.ethz.ch/mailman/listinfo/r-help
>> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
>> and provide commented, minimal, self-contained, reproducible code.
>



More information about the R-help mailing list