Virus found in Python (KiCAD env)

BoldBadger · December 17, 2015, 9:28am

There’ no way to install it with Windows 10.
The only running version is:

Version:4.0.0-rc-2-stable , release build
wx Widgets 3.0.3 Unicode and Boost 1.57.0
Platform: Windows 8 (build 9200), 64-bit edition, 64 bit

other builds are terminated with incompatible APP Errors

Ibarra_cpu · December 17, 2015, 1:19pm

Hola, he instalado kicat pero el avast me lo elimina y me dice que tiene un virus:
El instalador es kicad-product-4.0.1-i686.exe descargado de https://kicad.org/
Archivo infectado: Kicad.exe
Ubicación del virus: C:\Program Files\KiCad\bin
Virus: FileRepMalware

Gracias por sus respuestas

nickoe · December 19, 2015, 1:25pm

Why is there no way to install it? And you are not just talking about eh window smartscreen filter thingie?

BoldBadger · December 19, 2015, 4:24pm

Nope was all disabled…

nickoe · December 19, 2015, 5:42pm

That simply can’t be right, otherwise you should be able to install it.

c4757p · December 22, 2015, 4:50pm

Don’t be dishonest, it doesn’t have “malicious gifts”, your virus scanner is just crappy. Use a good one and stop blaming anyone but the virus scanner developers for false positives.

Even a very quick search would have turned up this, which points to the exact file your scanner flagged and explains why it turns up a false positive.

A virus scanner is a tool, not magic. It doesn’t tell you when things are or aren’t viruses, it tells you when it thinks they might or might not be. It’s your job to follow up on that.

Perhaps you should be contacting the virus scanner vendor, pointing out that bug report to them, and telling them they should be whitelisting that file.

BoldBadger · December 23, 2015, 1:23pm

Hello,
it were my words: check yout python developing environment,
your source tells these phrase:

“I suggest that we remove the file from hg and create it on the fly during tests runs.”

As these file was removed in 2013 from the python environment, why it is still in kiCAD?

Pls take care, that SEVERAL different antivirus-programs in phalanx complain about this file.

have a nice Xmas

nickoe · December 29, 2015, 3:12pm

@BoldBadger, I still don’t get this. There is no tarball for windows, there is an installer exe. And I don’t see that path anywhere in the files installed. What exactly are you installing?

marekr · December 29, 2015, 5:12pm

Seriously? Are you going to be spreading lies?

KiCad 4.0 does NOT ship with the file nor has it ever. The only way you would have that file is if you downloaded kicad from some third party site.

/edit because someone was upset over a slightly mean word

c4757p · December 29, 2015, 7:46pm

Could you please explain, carefully, exactly, and step-by-step, how you are downloading KiCad, installing KiCad, and checking for the presence of the testbz2_bigmem.bz2 file? Please delete the original first, just to make sure we’re not looking at something that’s been on your system for a while.

c4757p · December 30, 2015, 3:56am

To add another data point, I just cloned a fresh 64-bit Windows 7 VM, with absolutely nothing in it other than stock Windows 7 Ultimate, some updates, Chromium and VirtualBox Guest Additions. Downloaded the latest KiCad release kicad-product-4.0.1-x86_64.exe directly from kicad.org. Installed it, started pcbnew and ran a few commands in the Python console just to make sure Python had been run before. Then scanned the entire disk for any file whose name contained “testbz2”.

Nada.

BoldBadger · February 1, 2016, 8:26pm

But You can read, I’m not alone with these Problems!
Look at this:

I’m working very carefully with my PC, with very low chance of malware in it.
Please don’t think, I ignore your efforts to fix it.

The real problem is, I have to work with an unstable version
(kicad-product-r6403.415c722-x86_64.exe) this is the only version insallable on Win10.

many thanks

BoldBadger

DaveG · March 7, 2016, 8:40pm

I downloaded the Windows installation file from kicad.org today (07 March 2016) and Windows says that the signature is invalid and provides a delete button. Is the file safe to execute, or has it been compromised in some way?

Thanks for any advice, I will stay with the 2013 version for today.

Dave

davidsrsb · March 8, 2016, 12:55am

32 or 64 bit?
I have the 64 bit from 1/3/2016 and no alarms
It’s MD5 checksum is 76479D6453C56BE3F384FBBFEC6F7A49

DaveG · March 8, 2016, 12:42pm

I downloaded the 64-bit version. I will try again today and compare to your check value.

Thanks

Dave Graham

davidsrsb · March 9, 2016, 3:20am

I suppose the developers should ideally put md5 or sha checksums up on the download page, as dns redirection could take you to a tainted installer.
However, I cannot see that a large file size installer for a niche EDA tool is an obvious target for malware delivery

nickoe · March 9, 2016, 9:59pm

If the installer can be redirected or MITM’ed then so can a checksum. The installer is signed, currently with a certificate that is identified by “Open Source Developer, Marek Roszko”.

davidsrsb · March 10, 2016, 12:57am

MITM or server compromise are possible, in this case the KiCad web pages and the download are from the same IP address, so likely the same server. Changing the checksums and forging the signature are all additional effort for a malware insertion attempt. Fortunately KiCad won’t be as attractive to the blackhats as something like VLC

BeffenC · March 12, 2016, 2:34am

You cannot assert that without qualification. If you were to assume that it was downloaded directly from Kicad, and that the file was not modified in any way (as verified by signature and checksum) then it is more than probably okay. But for the average user, using a Windows environment, the only thing “perfectly safe” is leaving the cpu in the box.

Gabriel_El_Sol · May 23, 2016, 11:34am

Could you tell me more about it? Is it the same as this .ccc file extension virus? Each of my files has this ending and I can’t open any of them!