Does POPFile contain a virus/trojan/adware ?

The Windows installer for POPFile and several of the Windows utilities shipped with POPFile are built using NSIS, the Nullsoft Scriptable Install System. NSIS was SourceForge “Project of the Month” for January 2006 (POPFile was “Project of the Month” for May 2003).

Since the beginning of August 2004 several anti-virus packages have been falsely reporting that software built using NSIS contains a trojan, or other form of virus. The following statement appeared on the old NSIS web site but it was not copied to their new Wiki-based web site:

We have had several problems with false virus positives during the last weeks. Some anti-virus products incorrectly detect certain NSIS components as being a virus. All false positives seem to be related to the internet downloading plug-ins.
Both McAfee and Norton have already corrected their virus definitions. If you notice that another product incorrectly detects a virus, please contact the developers of this product. Developers of anti-virus products can also contact the NSIS Development Team for more information.
Source: A NSIS support forum message from one of the NSIS developers (posted 13 December 2005).

Usually an updated set of virus definitions stops the false reports (e.g. Symantec's definitions dated 9 August 2004 detected a trojan in the NSIS “internet downloading” plug-in but their definitions dated 10 August (or later) do not).

In addition to the Windows installer for POPFile, the following utilities shipped with the Windows version of POPFile are built using NSIS and contain the “internet downloading” plug-in mentioned above:

  • “Add POPFile User” wizard (adduser.exe)
  • “POPFile Silent Shutdown” utility (stop_pf.exe)
  • “Uninstall POPFile Data” (uninstalluser.exe)
  • “Uninstall POPFile” (uninstall.exe)

However only the last program (uninstall.exe) uses this plug-in to access the internet (to download SSL support or the MeCab parser used to analyze Japanese mail); the other three programs only use that plug-in to shut down POPFile without using your browser.

The following optional Windows utility for POPFile uses the NSIS “internet downloading” plug-in to access the internet:

  • SSL Setup” wizard (addssl.exe)

The addssl.exe program downloads some SSL components from the University of Winnipeg repository (these files are required to allow POPFile to use SSL connections to mail servers).

If you are still concerned then you can get a second opinion at http://www.virustotal.com/ which will scan a suspect file for you using over 30 different up-to-date anti-virus packages.

The NSIS wiki has a page about False Positives and this includes a list of online virus scanners

See also:

 
faq/ispopfileinfected.txt · Last modified: 2009/11/27 11:23 by xuesheng

Should you find anything in the documentation that is incomplete, unclear, outdated or just plain wrong, please let us know and leave a note in the Documentation Forum.

Recent changes RSS feed Donate Driven by DokuWiki
The content of this wiki is protected by the GNU Fee Documentation License