Don’t be dishonest, it doesn’t have “malicious gifts”, your virus scanner is just crappy. Use a good one and stop blaming anyone but the virus scanner developers for false positives.
Even a very quick search would have turned up this, which points to the exact file your scanner flagged and explains why it turns up a false positive.
A virus scanner is a tool, not magic. It doesn’t tell you when things are or aren’t viruses, it tells you when it thinks they might or might not be. It’s your job to follow up on that.
Perhaps you should be contacting the virus scanner vendor, pointing out that bug report to them, and telling them they should be whitelisting that file.
@BoldBadger, I still don’t get this. There is no tarball for windows, there is an installer exe. And I don’t see that path anywhere in the files installed. What exactly are you installing?
Could you please explain, carefully, exactly, and step-by-step, how you are downloading KiCad, installing KiCad, and checking for the presence of the testbz2_bigmem.bz2 file? Please delete the original first, just to make sure we’re not looking at something that’s been on your system for a while.
To add another data point, I just cloned a fresh 64-bit Windows 7 VM, with absolutely nothing in it other than stock Windows 7 Ultimate, some updates, Chromium and VirtualBox Guest Additions. Downloaded the latest KiCad release kicad-product-4.0.1-x86_64.exe directly from kicad.org. Installed it, started pcbnew and ran a few commands in the Python console just to make sure Python had been run before. Then scanned the entire disk for any file whose name contained “testbz2”.
I downloaded the Windows installation file from kicad.org today (07 March 2016) and Windows says that the signature is invalid and provides a delete button. Is the file safe to execute, or has it been compromised in some way?
Thanks for any advice, I will stay with the 2013 version for today.
I suppose the developers should ideally put md5 or sha checksums up on the download page, as dns redirection could take you to a tainted installer.
However, I cannot see that a large file size installer for a niche EDA tool is an obvious target for malware delivery
If the installer can be redirected or MITM’ed then so can a checksum. The installer is signed, currently with a certificate that is identified by “Open Source Developer, Marek Roszko”.
MITM or server compromise are possible, in this case the KiCad web pages and the download are from the same IP address, so likely the same server. Changing the checksums and forging the signature are all additional effort for a malware insertion attempt. Fortunately KiCad won’t be as attractive to the blackhats as something like VLC
You cannot assert that without qualification. If you were to assume that it was downloaded directly from Kicad, and that the file was not modified in any way (as verified by signature and checksum) then it is more than probably okay. But for the average user, using a Windows environment, the only thing “perfectly safe” is leaving the cpu in the box.