virus in download

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
entangledloops
500 Command not understood
Posts: 2
Joined: 2016-05-10 23:17
First name: Stephen
Last name: Dunn
Contact:

Re: virus in download

#16 Post by entangledloops » 2019-02-10 20:56

botg wrote:
2018-04-11 20:11
False-positive, there are no viruses on any files linked through https://filezilla-project.org/
The installer for version 3.40.0 (downloaded 2/10/19) prompted me to install a suspicious browser extension "Search Offer", which I declined. It also tried to install Opera.
It's sad that we have to carefully read the installer for this great piece of software.

Ggodart
500 Command not understood
Posts: 1
Joined: 2019-02-13 23:01

Re: virus in download

#17 Post by Ggodart » 2019-02-13 23:04

AVG on Mac now blocks both the latest executable and the latest installer from running.

User avatar
botg
Site Admin
Posts: 32278
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: virus in download

#18 Post by botg » 2019-02-14 08:14

Why are people using such low quality products making empty promises?

Oldholt
500 Command not understood
Posts: 2
Joined: 2019-02-14 08:33

Re: virus in download

#19 Post by Oldholt » 2019-02-14 09:01

NOD32 still found (known) PUP (variant of) FusionCore.al in Filezilla Client FTP file FileZilla_3.40.0_win64-setup_bundled.exe . After ignoring it, downloading shows:
Filezilla_FneHEFBL_source.JPG
Filezilla_FneHEFBL_source.JPG (37.62 KiB) Viewed 1392 times
C:\users\...\AppData\Local\Temp\FneHeFBL.exe.part could not be saved, because source file could not be read (my translation of message in Dutch). Clicking OK stops the download/saving. I could not find any reference to this file in this forum or anywhere else on the internet. So it seems I cannot download FileZilla FTP Client. Any suggestions?

User avatar
botg
Site Admin
Posts: 32278
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: virus in download

#20 Post by botg » 2019-02-14 09:24

Don't use faulty AV products.

pcowley
500 Command not understood
Posts: 3
Joined: 2019-02-15 00:37

Re: virus in download

#21 Post by pcowley » 2019-02-15 01:33

Wow, @botg, is it really FileZilla staff's official stance that AV false positives are definitely a scare-tactics conspiracy?

That would certainly make it easy to shift any responsibility away from FileZilla. Unfortunately, that stance is not believable.

Modern AV products typically use heuristic analysis to arrive at an imperfect, probability-based assessment of viral threat.

A false-positive is likely just bad luck, a result of inherently imperfect algorithms.

But even if we assume FileZilla bears no responsibility, this is still an issue that is affecting your users, and it would be in your best interest to find a way to assist them anyway.

Oldholt
500 Command not understood
Posts: 2
Joined: 2019-02-14 08:33

Re: virus in download

#22 Post by Oldholt » 2019-02-15 08:03

@botg, the thing is: what is the faulty AV product in my case? NOD32 has a good reputation, I'm very happy with it for over 10 years, and it only warns for a PUP, but accepts continuation after I ignored the warning. Then during download FZ client this window pops up. I'm no techie, so I don't know where it comes from and how to avoid it. Most likely it's from Win10, though not perfect, still in use by a vast majority of users. If it can't read a file, where's the problem?
If you don't want FZ to work for certain users, please write a disclaimer like: FZ will not work with AV like NOD32, Win10 and the like. Would have saved me a lot of time.

shooeugenesea
500 Command not understood
Posts: 1
Joined: 2019-04-22 11:16

Re: virus in download

#23 Post by shooeugenesea » 2019-04-22 11:19

Hi,

Company install SentinelOne in my NB.
It remove FileZilla Client immediately after download as well.
I need change to Total Commander.

For your information.

fmaxwell
500 Command not understood
Posts: 2
Joined: 2014-04-12 18:53
First name: Fred
Last name: Maxwell

Re: virus in download

#24 Post by fmaxwell » 2019-07-12 15:43

boco wrote:
2018-11-23 22:24
"Let the peasants who don't mind reading at all or prefer to be ignorant click-monkeys click on that big green button. For the rest who cares, there is another option accessible after just one more click."
That's like a scammer who rationalizes what he does by blaming the victims who fell for his scam.
boco wrote:
2019-01-31 04:32
People like you are the reason Malware is as successful as it is. There are reasons why authors maintain their software. Usually new versions fix security problems, and Malware creators rely upon users like yourself who do not update and put themselves (and others) at risk. Most Botnets spread through Exploits that are long fixed.
That's why I use MacUpdate to update (most of) my apps as soon as updates become available. And, that's why I found myself here; during the MacUpdate process for FileZilla, my antivirus protected me from the malware bundled in the FileZilla installer, identifying the malware in question. VirusTotal showed that Avast, AVG, BitDefender, ClamAV, Comodo, DrWeb, Emsisoft, Endgame, ESET-NOD32, F-Secure, FireEye, Fortinet, GData, MAX, McAfee, NANO-Antivirus, Sophos AV, and InstallCore also flagged the FileZilla installer as a threat.

Given your status as a project member who has left more than 24K comments here since 2006, I don't expect that you can be objective about this. So I won't be surprised if you reply with a smug comment about how it's the fault of MacUpdate for downloading the wrong installer, my fault for using MacUpdate, etc. I don't expect that you will eever admit that it's morally reprehensible to release a FileZilla installer that includes malware. But you can skip your "difference between Malware and PUP/PUS" argument. No sane person wants Yahoo to replace their browser's homepage and "Search Offer PoweredBy Yahoo!" replacing their browser's default search engine. So calling something that makes such changes a "potentially unwanted program" is like calling a dead roach in a restaurant meal a "potentially unwanted protein."

Update: I reported this to MacUpdate and received a response in which they wrote: "We never suspected FileZilla dev's of such behaviour...We are now going to replace the download link with a 'non-sponsored' one."

User avatar
botg
Site Admin
Posts: 32278
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: virus in download

#25 Post by botg » 2019-07-12 21:57

No sane person wants Yahoo to replace their browser's homepage and "Search Offer PoweredBy Yahoo!" replacing their browser's default search engine.
Different users have different tastes. If you don't like a certain product, that's fine. But don't make claims that everyone doesn't like it. Since tastes differ, users are asked whether they want a certain offer and only if they agree they get it. Simple as that.
There's also the economic perspective. Wouldn't you agree that it makes sense to primarily show the offers people like and thus accept?

There is also a _HUGE_ gap between things you might not want, and things that are actually a threat to you. Let's assume you are male for the sake of the argument. Have you ever watched TV and seen an advertisement for a female hygiene product? You certainly don't want to buy those products, yet would you say you feel threatened by such offers? Yet if your AV product would watch the same channel as you do, it would yell threat like a banshee on steroids.

Locked