[R] virus/trojan in contributed package: 'svs'
Bijoy Joseph
bijoy.joseph at thl.fi
Fri Oct 23 12:56:13 CEST 2015
See output below:
$ clamscan -ri svs/
./svs/extdata/InvT_Eng.txt: BAT.CMDFlood FOUND
In the tarball, the file is "./inst/extdata/InvT_Eng.txt", and clamscan
gives the same output.
$ file svs/extdata/InvT_Eng.txt
./svs/extdata/InvT_Eng.txt: ASCII text, with CRLF line terminators
I managed to find a Windows machine to scan the file (using MS System
center Endpoint), and it detected no threat! False positive, as you
suggested.
Thanks,
Bijoy Joseph
On 2015-10-23 12:23, peter dalgaard wrote:
> Virus scanners generate a fair amount of false positives. Does it persist if you unpack the zip file or the source tarball? If so, what file has the issue?
>
> -pd
>
> On 23 Oct 2015, at 09:38 , Bijoy Joseph <bijoy.joseph at thl.fi> wrote:
>
>> Hello,
>>
>> I came across the following when I was installing the 'svs' package:
>>
>> $ clamscan svs_1.0.3.zip
>> svs_1.0.3.zip: BAT.CMDFlood FOUND
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 4035827
>> Engine version: 0.98.7
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 1
>>
>>
>> clamscan finds this trojan in the source tarball as well. Does the r-project does a virus scan of contributed packages? I had come across a virus a few years earlier, but an email to the maintainer fixed that issue. I have heard nothing (yet) from the maintainer in this case.
>>
>> Bijoy
>>
>> ______________________________________________
>> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see
>> https://stat.ethz.ch/mailman/listinfo/r-help
>> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
>> and provide commented, minimal, self-contained, reproducible code.
>
More information about the R-help
mailing list