LyX 230RC-1 trojan detected from windows defender

hmpws · Post by **hmpws** » Wed Dec 27, 2017 12:27 am

I have attached the screenshot from the detection. This is the last place I expect to find a trojan! Can the developer please check or confirm?

: Screenshot 2017-12-27 11.20.53.png (86.36 KiB) Viewed 4570 times

Learn LaTeX easily with newest books:

The LaTeX Beginner's Guide: 2nd edition and perfect for students writing a thesis

The LaTeX Cookbook: 2nd edition full of practical examples for mathematics, physics, chemistry, and more

LaTeX Graphics with TikZ: the first book about TikZ for perfect drawings in your LaTeX thesis

Post by **scottkosty** » Wed Dec 27, 2017 12:38 am

This has come up in the past. See for example here:

https://www.mail-archive.com/search?l=m ... %40lyx.org

One thing you could do is check the signature file of the downloaded file. This will confirm at least that the binary you downloaded is the same one that the Windows packager intended to upload. Note that as opposed to the thread referenced above, the Windows packager now signs binaries when sending them to the release manager.

I do not use Windows, so I don't have first-hand experience with these issues. You might want to start a new thread on lyx-users.

hmpws · Post by **hmpws** » Wed Dec 27, 2017 1:57 am

Thanks. I have posted to lyx-users. Where can I find the signature file? I downloaded from the ftp linked from the main lyx page.

Post by **scottkosty** » Wed Dec 27, 2017 3:33 am

Thanks, for reference the mail thread you started is here:

https://www.mail-archive.com/search?l=m ... .gmail.com

As for where to find the .sig files, you can find them on the same ftp where you downloaded the installer. Using gpg to verify them is easy if you have access to Linux. On Windows I think it is more complicated, but definitely doable.

LaTeX.org

LyX ⇒ LyX 230RC-1 trojan detected from windows defender