MacMiner icon indicating copy to clipboard operation
MacMiner copied to clipboard
verified publisher icon fabulouspanda

Virus warning

Open haojp opened this issue 8 years ago • 7 comments

OSX.Trojan.Gen

haojp avatar Sep 13 '17 01:09 haojp

This is a false positive that is very common with bitcoin miners, as how if you have google safe browsing turned on in safari it warns you about the official cgminer page here http://ck.kolivas.org/apps/cgminer/

google bfgminer virus

If you're still worried that the binaries are viruses, you can always delete them without executing them and compile bfgminer/cgminer yourself from their repos. That's kind of the point of open sourcing the code.

fabulouspanda avatar Sep 13 '17 08:09 fabulouspanda

The site ahead contains harmful programs

Attackers on ck.kolivas.org might attempt to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit). Learn more

Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy HIDE DETAILS Google Safe Browsing recently found harmful programs on ck.kolivas.org.

If you understand the risks to your security, you may visit this site before the harmful programs have been removed.

haojp avatar Sep 13 '17 12:09 haojp

Yes, that's a google safe browsing warning. But cgminer has been around even longer than MacMiner (cgminer is a dependency of MacMiner) and that's not a virus either. And I quote from a previously raised, still open issue on this point you seem to have missed:

"However I sent the files over to ClamXav themselves to check over on Friday and they came back Monday saying they can't be certain they have Trojan's, they just see a lot of them in mining software."

People who distribute malware sometimes include miners to make money, this results in miners being false flagged by antivirus software.

fabulouspanda avatar Sep 13 '17 12:09 fabulouspanda

Hi Fabulous Panda

I also received (5) warnings of blocked threats while on your website, downloading MacMiner.

You can view the screenshot which shows the specific files that are reported as infected:

  • MacMiner.app/Contents/Resources/x11cpuminer/bin/minerd
  • MacMiner.app/Contents/Resources//vtccpu/sgminer/bin/sgminer
  • MacMiner.app/Contents/Resources/vtccpu/bin/minerd
  • MacMiner.app/Contents/Resources/vertcgminer/bin/vertminer
  • MacMiner.app/Contents/Resources/sgminer/bin/sgminer
screen shot 2017-11-16 at 2 52 42 pm

Sincerely, Patrick

github-ptaylor avatar Nov 16 '17 21:11 github-ptaylor

Update

I scanned the entire zip file and (18) infected files were found, screen shot attached.

screen shot 2017-11-16 at 3 16 17 pm

github-ptaylor avatar Nov 16 '17 21:11 github-ptaylor

They're not viruses, if you ask avast about it they're probably going to tell you they aren't sure they're viruses either but they flag them because miners are often used in malicious software. There's not really anything I can do about this.

fabulouspanda avatar Nov 21 '17 16:11 fabulouspanda

@github-ptaylor But you see that in your screenshot the "infections" are clearly flagged as [Tool] and [PUP] (= Potentially unwanted program)?

A Tool or a PUP (https://en.wikipedia.org/wiki/Potentially_unwanted_program) may be installed together with a Trojan/Virus, but is no Trojan/Virus itself.

If you are the one installing it, it is clearly not "unwanted".

That's why Anti-Virus products have whitelists where you can add something to.

winkelsdorf avatar Nov 29 '17 12:11 winkelsdorf