Author

Topic: Avast Malware Warning (electrum 3.3.2) (maybe false warning?) (Read 307 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Or use a cold storage option and still trust no one. If done properly (2 cameras with qr codes) then you can trust no one by signing the transaction, making it a QR code and scanning it into a document which can then be screened and broadcast once you're happy.

The electrum source code loses me at some points. The bitcoin.py file for example took a lot of effort to understand...

Wrong, you still need to trust the developer of the wallet used for cold storage when generate bitcoin address, few possible attack such as :
1. Intentionally configure k value on ECDSA, so attacker can compute private key once you send bitcoin
2. Bad PRNG/CSPRNG

Source/more info :
1. https://bitcointalksearch.org/topic/how-perfect-offline-wallets-can-still-leak-bitcoin-private-keys-883793
2. https://eprint.iacr.org/2014/848.pdf
legendary
Activity: 3472
Merit: 10611
~

its a matter of who you want to trust.
- your Antivirus program that can report false positives
- the Electrum developers that have released the software for a long time
- or no one.

for most people it is enough to verify the PGP signature of Electrum and be sure that it is released by the real developers and is not fake one. and then they ignore their AV.
if you want to trust no one then you will have to go through the source code which can be found here https://github.com/spesmilo/electrum and then when you trusted the "code" you need to compile it yourself and then trust the compiled .exe and ignore your AV.

Or use a cold storage option and still trust no one. If done properly (2 cameras with qr codes) then you can trust no one by signing the transaction, making it a QR code and scanning it into a document which can then be screened and broadcast once you're happy.

The electrum source code loses me at some points. The bitcoin.py file for example took a lot of effort to understand...

it is lack of documentation and is for me my lack of knowledge about python but also i think it is partly due to the fact that a file there does a ton of things that may not be related to each other.
for example the bitcoin.py is dealing with scripts (read/write) converting bases, encode/decodes,  deals with seeds, coverts addresses, and more. although this file is  one of the good ones.
maybe it is just me thinking too much in terms of strongly typed languages and full object oriented language + my newbishness in programming but i prefer a much better categorization of files (classes) that are responsible only for one thing. for example base conversion. another one for scripts (interpret, read, write,...), another one for seeds,...
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
~

its a matter of who you want to trust.
- your Antivirus program that can report false positives
- the Electrum developers that have released the software for a long time
- or no one.

for most people it is enough to verify the PGP signature of Electrum and be sure that it is released by the real developers and is not fake one. and then they ignore their AV.
if you want to trust no one then you will have to go through the source code which can be found here https://github.com/spesmilo/electrum and then when you trusted the "code" you need to compile it yourself and then trust the compiled .exe and ignore your AV.

Or use a cold storage option and still trust no one. If done properly (2 cameras with qr codes) then you can trust no one by signing the transaction, making it a QR code and scanning it into a document which can then be screened and broadcast once you're happy.

The electrum source code loses me at some points. The bitcoin.py file for example took a lot of effort to understand...
legendary
Activity: 3472
Merit: 10611
~

its a matter of who you want to trust.
- your Antivirus program that can report false positives
- the Electrum developers that have released the software for a long time
- or no one.

for most people it is enough to verify the PGP signature of Electrum and be sure that it is released by the real developers and is not fake one. and then they ignore their AV.
if you want to trust no one then you will have to go through the source code which can be found here https://github.com/spesmilo/electrum and then when you trusted the "code" you need to compile it yourself and then trust the compiled .exe and ignore your AV.
newbie
Activity: 23
Merit: 3
Same here and for the first time.
Downloaded both, Setup and Portable from this source:

https[Suspicious link removed]

I set the link of electrum and forum deleted as suspicious link.


Portable is ok and working, but Setup has been blocked by Windows Defender as Trojan.

http://abload.de/img/capturadetela1790xeqs.png

Today downloaded again and same issue:

http://abload.de/img/capturadetela180pviom.png


https://www.virustotal.com/#/file/0350701574cf817469b8ed505892c808b64250d21336806acefae21a14a8939f/detection
copper member
Activity: 236
Merit: 17
copper member
Activity: 236
Merit: 17
Learn to verify the gpg sigs.
I know what is gpg! I can not execute electrum because of this warning
/
here is gpg sign:

legendary
Activity: 3710
Merit: 1586
Learn to verify the gpg sigs. Antivirus software can't be trusted in this case. It tends to generate a lot of false positives when it comes to bitcoin software.
legendary
Activity: 3472
Merit: 10611
i have no idea what this application that you are using is but the screenshot on the right does in fact contain an extra appended data which is probably added by your anti virus. i just downloaded the electrum-3.3.2-setup.exe and the file ends at "c91be5416ce5bb6c7919c8d02494a700" which is what you are seeing on the right side too.

btw, why you do not upload setup files in github!? it is more safe than a website.
because it doesn't change anything. you should NOT trust a file that you have downloaded blindly, specially a binary like this.
what you need to do (no matter where you download it from) is to verify its PGP signature against the correct public key of the signer (ThomasV) then you can be sure that the .exe file you have on your computer is not modified.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Viruses that go by the name of wingen means it just doesn't recognize the signature. I haven't used Avast personally however I know enough people to have moved from it for it to be considered by me to be a bad choice for antivirus, I'm guessing this is one of their many flaws.. 

Windows and crypto is fine if you're competent, if you're incompetent, even Linux won't save you imo - hardware might though if you're incompetent.

copper member
Activity: 236
Merit: 17
I get this warning when download electrum-3.3.2-setup.exe from official website! (avast version is 17.9)
  
download link:
https://download.electrum.org/3.3.2/electrum-3.3.2-setup.exe
  
avast warning:

  
When download completed I have electrum-3.3.2-setup.exe in desktop.
I restored temporary download file avast moved to virus chest (file in screenshot),
opened both files in hex editor to compare. I see that avast removed some part from end of temporary file and cleaned it! (hex attached)
 

 
removed part:
https://filebin.net/droz66m4dy0sx5q5/Untitled.txt?t=45qataio
  
I am not sure this is correct warning or a false one. maybe avast try removing some part of file related to linux compilation?

btw, why you do not upload setup files in github!? it is more safe than a website.
 
UPDATE:
there are more antivirus reporting malware:
https://www.virustotal.com/#/file/0350701574cf817469b8ed505892c808b64250d21336806acefae21a14a8939f/detection
Jump to: