LyX 230RC-1 trojan detected from windows defender

hmpws · Post by **hmpws** » Wed Dec 27, 2017 12:27 am

I have attached the screenshot from the detection. This is the last place I expect to find a trojan! Can the developer please check or confirm?

: Screenshot 2017-12-27 11.20.53.png (86.36 KiB) Viewed 4437 times

NEW: TikZ book now 40% off at Amazon.com for a short time.

And: Currently, Packt sells ebooks for $4.99 each if you buy 5 of their over 1000 ebooks. If you choose only a single one, $9.99. How about combining 3 LaTeX books with Python, gnuplot, mathplotlib, Matlab, ChatGPT or other AI books? Epub and PDF. Bundle (3 books, add more for higher discount): https://packt.link/MDH5p

Post by **scottkosty** » Wed Dec 27, 2017 12:38 am

This has come up in the past. See for example here:

https://www.mail-archive.com/search?l=m ... %40lyx.org

One thing you could do is check the signature file of the downloaded file. This will confirm at least that the binary you downloaded is the same one that the Windows packager intended to upload. Note that as opposed to the thread referenced above, the Windows packager now signs binaries when sending them to the release manager.

I do not use Windows, so I don't have first-hand experience with these issues. You might want to start a new thread on lyx-users.

hmpws · Post by **hmpws** » Wed Dec 27, 2017 1:57 am

Thanks. I have posted to lyx-users. Where can I find the signature file? I downloaded from the ftp linked from the main lyx page.

Post by **scottkosty** » Wed Dec 27, 2017 3:33 am

Thanks, for reference the mail thread you started is here:

https://www.mail-archive.com/search?l=m ... .gmail.com

As for where to find the .sig files, you can find them on the same ftp where you downloaded the installer. Using gpg to verify them is easy if you have access to Linux. On Windows I think it is more complicated, but definitely doable.

LaTeX.org

LyX ⇒ LyX 230RC-1 trojan detected from windows defender