[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ #1502445] GNU Octave website hacked and links replaced with

From: Nicholas Jankowski
Subject: Re: [ #1502445] GNU Octave website hacked and links replaced with trojan-containing installer??
Date: Mon, 2 Mar 2020 10:32:18 -0500

I just checked that the installer from with the .sig file from, and it checks out, so I assume this is a case of a false positive on Symantec's part. Right?

yes, there have been a few discussions here and on the maintainers email list over the past couple weeks since the latest Octave release.  v5.2.0_1 has a file libsqlite3-0.dll that has been setting off Trojan false positives.  (v5.1.0 and 5.2.0 don't have this issue).

While some of us have submitted the file for whitelisting with some providers (McAfee was the biggest name so far), that obviously has yet to have occurred.

This file was compiled from source by the maintainer, and as you verified the signature checks out.  It is unclear what change was made to the file that causes it to now match a trojan signature and trigger a virus warnings. 

If your organization has a customer side whitelisting request process with Symantec, it would be appreciated if you would submit it via those channels, as customers tend to get more attention than third parties. 

In the meantime, if your local security software prevents that file from being executed on the system (my McAfee managed windows system just deletes the file) that will prevent the GUI from running correctly. non-GUI Octave should run without issue. If you need the GUI you would need to rely on v5.2.0 until whitelisting occurs or a new release that avoids the false positive is made. 

for reference:

first email conversation:

virustotal current scan results (I do see Symantec popping up in the list now).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]