Julia: Avast thinks Julia is a virus

Any ideas what it takes to make it change its mind?

@ViralBShah I'm not sure.. Here's the details although may not be very helpful.

Did we forget to sign the installer? Usually signed binaries are exempt from these kinds of detections. cc @ararslan

I think the buildbots sign them and I re-sign them just in case. @nshusa, can you check whether this happens with other versions of Julia, e.g. 0.7 or 0.6? They're available on https://julialang.org/downloads.

@Keno @ararslan Just tested on version 0.7 and both installers (32-bit and 64-bit) work. (No virus detected)

version: 0.7 32-bit installation test

version: 0.7 64-bit installation test

Okay, good to know. I'll recheck the 1.0 Windows binaries in a bit.

I've signed the 1.0 Windows binaries again and reuploaded them. Could you try again?

@ararslan That fixed the issue! Thanks :)

Hi,

I am having the same issue with julia 1.0.3 64-bit and Avast. It keeps deleting my installation from my PC with Windows 10.

Thank you very much in advance.

Cheers,
Saer

As far as I can see, we're following Avast's "Clean" guidelines. You could report this as a false positive to Avast here: https://www.avast.com/false-positive-file-form.php.

Are the binaries signed? That's been a problem in the past.

I reported this to Avast and waiting for the response.

Are the binaries signed? That's been a problem in the past.

I sign them as part of the release process, but there's always a chance I (or something else) can mess it up. I don't have consistent access to a Windows machine to verify that 1.0.3 is properly signed, unfortunately. Either way, we shouldn't be identified as a virus.

I think people would quickly let us know if binaries were not signed.

The Avast has whitelisted the julia executable. I just received a message from them.

Julia binary was a virus. I downloaded and installed. Then my Windows 10 file access control information started corrupted. So I had to reinstall Windows plus dozens of other packages. It was a very painful experience! I still havn't fully restored yet.

Probably Julia site was hacked. I have to say that many other people had similar problem I had.

Which binary did you download that you believe to be compromised and did you check the fog to make sure you weren't mitm'd?

I don't know which version I downloaded because I had to reset Windows. So I don't have a copy of that file. But was about a week ago. I am sure it was Julia. I didn't install any other things on that day. After installing Julia, suddenly I could not send emails from Eudora. This traced to contamination of file access control information. I tried to fix it. But problem got bigger and bigger. So I had to reset Windows 10 completely.

The funny thing is that the installer does not suggest to install on normal Windows app directory "C:\Program File. Windows 10 blocks if I tried to install on "C:\Program Files'. So I ran the installer as administrator. After that things got corrupted.

The version I downloaded was a virus.

PS:

Exact download date was 11, July, 2019.

Unfortunately without knowing where you got the file from, there is nothing actionable her however all officially binaries are provided with signatures of verify validaty and integrity. In addition, we sign these binaries using the appropriate OS mechanism, which is another layer of protection. We've had no other reports of any suspicious binary and I don't see any other evidence of compromise. There is of course also the possibility that the binary was legit, but something went wrong during the install process. We haven't had any reports of such corruption either, but it sounds like there was something unusual about your install, so if you remember additional details, do post those.

In addition to corruption to file access control information, my email account was spam-listed. But a few days later was lifted. Obviously the virus was monitoring my computer usage and corrupting what I use. I think Avast noticed this.

So is there any way to prevent this from happening? Like contacting Avast or something.

So is there any way to prevent this from happening? Like contacting Avast or something.

Yes, please do contact Avast and let them know that their product is mistakenly identifying Julia as malware.

So is there any way to prevent this from happening? Like contacting Avast or something.

Yes, please do contact Avast and let them know that their product is mistakenly identifying Julia as malware.

Done. Waiting for their response:
https://forum.avast.com/index.php?topic=229447.0

Email from AVAST:

Re: Avast: Report a URL https://julialang-s3.julialang.org/bin/winnt/x64/1.3/julia-1.3.0-rc2-win64.exe [ ref:_00Db0Z3Sf._5000N1y2znT:ref ]:

Greetings,

Thank you for contacting Avast with your concerns.

Our virus specialists have been working on this problem and the provided file has been whitelisted.

For future reference you might also find the following articles to be useful:

• Avast Threat Labs - Clean guidelines: https://support.avast.com/en-ww/article/228/
• Avast Threat Labs - Mobile application clean guidelines: https://support.avast.com/en-ww/article/151/

Best Regards,

Ondřej
The Avast Support Team