I just checked that the installer from mirror.freedif.org with the .sig file from
ftp.gnu.org, and it checks out, so I assume this is a case of a false positive on Symantec's part. Right?
yes, there have been a few discussions here and on the maintainers email list over the past couple weeks since the latest Octave release. v5.2.0_1 has a file libsqlite3-0.dll that has been setting off Trojan false positives. (v5.1.0 and 5.2.0 don't have this issue).
While some of us have submitted the file for whitelisting with some providers (McAfee was the biggest name so far), that obviously has yet to have occurred.
This file was compiled from source by the maintainer, and as you verified the signature checks out. It is unclear what change was made to the file that causes it to now match a trojan signature and trigger a virus warnings.
If your organization has a customer side whitelisting request process with Symantec, it would be appreciated if you would submit it via those channels, as customers tend to get more attention than third parties.
In the meantime, if your local security software prevents that file from being executed on the system (my McAfee managed windows system just deletes the file) that will prevent the GUI from running correctly. non-GUI Octave should run without issue. If you need the GUI you would need to rely on v5.2.0 until whitelisting occurs or a new release that avoids the false positive is made.
for reference:
first email conversation:
virustotal current scan results (I do see Symantec
popping up in the list now).