Deep Guard issue (Rcpp-package)
We are dealing with a virus alert on several laptops of researchers within our team. However, I wonder if we might be facing a false positive.
The alert from WithSecure indicates a possible infection via files related to the R program, specifically embedded in a PDF file.
What we know so far:
- Computers were potentially infected through the community repository (safe to view) CRAN package: cran.r-project[.]org/web/packages/Rcpp/index[.]html
- Windows binaries: r-devel: Rcpp_1.0.13.zip, r-release: Rcpp_1.0.13.zip, r-oldrel: Rcpp_1.0.13.zip (seem to be not safe to download).
- The possible infection originates from the files
Rcpp/doc/Rcpp-introduction.pdfandRcpp/doc/Rcpp-FAQ.pdf. - WithSecure continues to indicate that these two documents might be infected with phishing.rpasg/talu.
- Response from CRAN: "We already received reports and contacted the maintainer. The scans seem to be false positives complaining about the vignette, which has been stable for a long time and not modified even across versions. Source code is available for careful inspection."
- VirusTotal scan report,
- VirusTotal - File - 761416314e424383653bfea68875afc34fb3702e1a2a0936433297232be11f5e
I am curious to know if others within the WithSecure community have had similar experiences, especially related to the use of the R program.
Best Answer
-
1
Answers
-
A scan on any.run also shows it as clean:
0 -
Hi @JamesC
Thank you for your response.
About an hour ago, I uploaded some samples, both as a zip file and by adding a URL to the file. On my EliteBook, which is equipped with MS Defender, I don’t receive such alerts, and all scans appear to be clean. However, our researchers use WithSecure and are receiving these alerts.Currently, WithSecure reports that all versions (from version 1.07 to 1.13) are infected. I find it hard to believe that this could have gone unnoticed by WithSecure a year ago and is only being detected now?!
0
Categories
- All Categories
- 4.6K WithSecure Community
- 3.6K Products
- Get Support