Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: Avast Malware Warning (electrum 3.3.2) (maybe false warning?) (Read 281 times)

ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
January 01, 2019, 01:45:04 AM
#11
Quote from: jackg on December 31, 2018, 09:10:28 AM
Or use a cold storage option and still trust no one. If done properly (2 cameras with qr codes) then you can trust no one by signing the transaction, making it a QR code and scanning it into a document which can then be screened and broadcast once you're happy.

The electrum source code loses me at some points. The bitcoin.py file for example took a lot of effort to understand...

Wrong, you still need to trust the developer of the wallet used for cold storage when generate bitcoin address, few possible attack such as :
1. Intentionally configure k value on ECDSA, so attacker can compute private key once you send bitcoin
2. Bad PRNG/CSPRNG

Source/more info :
1. https://bitcointalksearch.org/topic/how-perfect-offline-wallets-can-still-leak-bitcoin-private-keys-883793
2. https://eprint.iacr.org/2014/848.pdf
pooya87
legendary
Activity: 3444
Merit: 10558
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
January 01, 2019, 12:39:29 AM
#10
Quote from: jackg on December 31, 2018, 09:10:28 AM
Quote from: pooya87 on December 31, 2018, 12:25:08 AM
Quote from: Sauaba on December 30, 2018, 04:21:55 PM
~

its a matter of who you want to trust.
- your Antivirus program that can report false positives
- the Electrum developers that have released the software for a long time
- or no one.

for most people it is enough to verify the PGP signature of Electrum and be sure that it is released by the real developers and is not fake one. and then they ignore their AV.
if you want to trust no one then you will have to go through the source code which can be found here https://github.com/spesmilo/electrum and then when you trusted the "code" you need to compile it yourself and then trust the compiled .exe and ignore your AV.

Or use a cold storage option and still trust no one. If done properly (2 cameras with qr codes) then you can trust no one by signing the transaction, making it a QR code and scanning it into a document which can then be screened and broadcast once you're happy.

The electrum source code loses me at some points. The bitcoin.py file for example took a lot of effort to understand...

it is lack of documentation and is for me my lack of knowledge about python but also i think it is partly due to the fact that a file there does a ton of things that may not be related to each other.
for example the bitcoin.py is dealing with scripts (read/write) converting bases, encode/decodes,  deals with seeds, coverts addresses, and more. although this file is  one of the good ones.
maybe it is just me thinking too much in terms of strongly typed languages and full object oriented language + my newbishness in programming but i prefer a much better categorization of files (classes) that are responsible only for one thing. for example base conversion. another one for scripts (interpret, read, write,...), another one for seeds,...
jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 31, 2018, 09:10:28 AM
#9
Quote from: pooya87 on December 31, 2018, 12:25:08 AM
Quote from: Sauaba on December 30, 2018, 04:21:55 PM
~

its a matter of who you want to trust.
- your Antivirus program that can report false positives
- the Electrum developers that have released the software for a long time
- or no one.

for most people it is enough to verify the PGP signature of Electrum and be sure that it is released by the real developers and is not fake one. and then they ignore their AV.
if you want to trust no one then you will have to go through the source code which can be found here https://github.com/spesmilo/electrum and then when you trusted the "code" you need to compile it yourself and then trust the compiled .exe and ignore your AV.

Or use a cold storage option and still trust no one. If done properly (2 cameras with qr codes) then you can trust no one by signing the transaction, making it a QR code and scanning it into a document which can then be screened and broadcast once you're happy.

The electrum source code loses me at some points. The bitcoin.py file for example took a lot of effort to understand...
pooya87
legendary
Activity: 3444
Merit: 10558
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 31, 2018, 12:25:08 AM
#8
Quote from: Sauaba on December 30, 2018, 04:21:55 PM
~

its a matter of who you want to trust.
- your Antivirus program that can report false positives
- the Electrum developers that have released the software for a long time
- or no one.

for most people it is enough to verify the PGP signature of Electrum and be sure that it is released by the real developers and is not fake one. and then they ignore their AV.
if you want to trust no one then you will have to go through the source code which can be found here https://github.com/spesmilo/electrum and then when you trusted the "code" you need to compile it yourself and then trust the compiled .exe and ignore your AV.
Sauaba
newbie
Activity: 23
Merit: 3
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 30, 2018, 04:21:55 PM
#7
Same here and for the first time.
Downloaded both, Setup and Portable from this source:

https[Suspicious link removed]

I set the link of electrum and forum deleted as suspicious link.


Portable is ok and working, but Setup has been blocked by Windows Defender as Trojan.

http://abload.de/img/capturadetela1790xeqs.png

Today downloaded again and same issue:

http://abload.de/img/capturadetela180pviom.png


https://www.virustotal.com/#/file/0350701574cf817469b8ed505892c808b64250d21336806acefae21a14a8939f/detection
bitdaric
copper member
Activity: 236
Merit: 17
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 30, 2018, 12:24:59 PM
#6
update:
just found that more antivirus report this:

https://www.virustotal.com/#/file/0350701574cf817469b8ed505892c808b64250d21336806acefae21a14a8939f/detection

bitdaric
copper member
Activity: 236
Merit: 17
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 30, 2018, 05:17:06 AM
#5
Quote from: Abdussamad on December 30, 2018, 04:48:20 AM
Learn to verify the gpg sigs.
I know what is gpg! I can not execute electrum because of this warning
/
here is gpg sign:

Abdussamad
legendary
Activity: 3612
Merit: 1564
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 30, 2018, 04:48:20 AM
#4
Learn to verify the gpg sigs. Antivirus software can't be trusted in this case. It tends to generate a lot of false positives when it comes to bitcoin software.
pooya87
legendary
Activity: 3444
Merit: 10558
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 29, 2018, 11:57:35 PM
#3
i have no idea what this application that you are using is but the screenshot on the right does in fact contain an extra appended data which is probably added by your anti virus. i just downloaded the electrum-3.3.2-setup.exe and the file ends at "c91be5416ce5bb6c7919c8d02494a700" which is what you are seeing on the right side too.

Quote from: bitdaric on December 29, 2018, 07:33:26 AM
btw, why you do not upload setup files in github!? it is more safe than a website.
because it doesn't change anything. you should NOT trust a file that you have downloaded blindly, specially a binary like this.
what you need to do (no matter where you download it from) is to verify its PGP signature against the correct public key of the signer (ThomasV) then you can be sure that the .exe file you have on your computer is not modified.
jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 29, 2018, 08:16:57 AM
#2
Viruses that go by the name of wingen means it just doesn't recognize the signature. I haven't used Avast personally however I know enough people to have moved from it for it to be considered by me to be a bad choice for antivirus, I'm guessing this is one of their many flaws.. 

Windows and crypto is fine if you're competent, if you're incompetent, even Linux won't save you imo - hardware might though if you're incompetent.

bitdaric
copper member
Activity: 236
Merit: 17
Re: Avast Malware Warning (electrum 3.3.2) (maybe false warning?)
December 29, 2018, 07:33:26 AM
#1
I get this warning when download electrum-3.3.2-setup.exe from official website! (avast version is 17.9)
  
download link:
https://download.electrum.org/3.3.2/electrum-3.3.2-setup.exe
  
avast warning:

  
When download completed I have electrum-3.3.2-setup.exe in desktop.
I restored temporary download file avast moved to virus chest (file in screenshot),
opened both files in hex editor to compare. I see that avast removed some part from end of temporary file and cleaned it! (hex attached)
 

 
removed part:
https://filebin.net/droz66m4dy0sx5q5/Untitled.txt?t=45qataio
  
I am not sure this is correct warning or a false one. maybe avast try removing some part of file related to linux compilation?

btw, why you do not upload setup files in github!? it is more safe than a website.
 
UPDATE:
there are more antivirus reporting malware:
https://www.virustotal.com/#/file/0350701574cf817469b8ed505892c808b64250d21336806acefae21a14a8939f/detection
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: