The company hosting
us.metamath.org flagged metamath.exe as malware
and has suspended the site. I have temporarily redirected
us.metamath.org to a mirror server. As a precaution, I have also removed copies of
metamath.exe from all servers until this is resolved. (It may take a day
or two for the removal to propagate completely.)
The hosting company ran an apparently older version of ClamAV, which detected metamath.exe as malware:
Engine version: devel-clamav-0.99-beta1-632-g8a582c7
/home2/nmegill/public_html/metamath/metamath.exe: Atomicorp.honeypot.hex.Trojan.IRCBot-568.UNOFFICIAL FOUND
I ran the latest version of ClamAV, which did not detect metamath.exe as malware:
Engine version: 0.103.1
C:\Users\Norm\Downloads\clamav-0.103.1-win-x64-portable\metamath.exe: OK
As an additional indication that their malware report is false, devel-clamav-0.99-beta1-632-g8a582c7 also reported that 2 web server ASCII log files were malware, which seems absurd. Version 0.103.1 did not report these.
Here
are the statistics for the metamath.exe that was flagged. It matches
exactly the metamath.exe copies on my local computers.
$ ls -l metamath.exe
-rwxrwx---+ 1 Norm None 661008 Jan 2 00:55 metamath.exe
$ sha256sum metamath.exe
98d292206a3e23ef2d2476aa600ad1ddf7118343c01595ca42be78d2d8de0c2d *metamath.exe
In
theory, I suppose the compiler itself could compile a trojan into
target programs. metamath.exe was compiled with the LCC-Win32 version
of 5-Feb-2013 (apparently
LCC-Win32
doesn't have version numbers that I could
find).
If anyone wants to analyze the file with a different AV program (I would appreciate that), it can temporarily be obtained from:
http://us2.metamath.org/metamath/metamath.exe.badObviously, download this at your own risk.
My guess is that their ClamAV version is buggy and that this is a false alarm. Sorry for the inconvenience.
Norm