The company hosting us.metamath.org flagged metamath.exe as malware and has suspended the site. I have temporarily redirected us.metamath.org to a mirror server. As a precaution, I have also removed copies of metamath.exe from all servers until this is resolved. (It may take a day or two for the removal to propagate completely.)
The hosting company ran an apparently older version of ClamAV, which detected metamath.exe as malware: Engine version: devel-clamav-0.99-beta1-632-g8a582c7 /home2/nmegill/public_html/metamath/metamath.exe: Atomicorp.honeypot.hex.Trojan.IRCBot-568.UNOFFICIAL FOUND I ran the latest version of ClamAV, which did not detect metamath.exe as malware: Engine version: 0.103.1 C:\Users\Norm\Downloads\clamav-0.103.1-win-x64-portable\metamath.exe: OK As an additional indication that their malware report is false, devel-clamav-0.99-beta1-632-g8a582c7 also reported that 2 web server ASCII log files were malware, which seems absurd. Version 0.103.1 did not report these. Here are the statistics for the metamath.exe that was flagged. It matches exactly the metamath.exe copies on my local computers. $ ls -l metamath.exe -rwxrwx---+ 1 Norm None 661008 Jan 2 00:55 metamath.exe $ sha256sum metamath.exe 98d292206a3e23ef2d2476aa600ad1ddf7118343c01595ca42be78d2d8de0c2d *metamath.exe In theory, I suppose the compiler itself could compile a trojan into target programs. metamath.exe was compiled with the LCC-Win32 version of 5-Feb-2013 (apparently LCC-Win32 doesn't have version numbers that I could find). If anyone wants to analyze the file with a different AV program (I would appreciate that), it can temporarily be obtained from: http://us2.metamath.org/metamath/metamath.exe.bad Obviously, download this at your own risk. My guess is that their ClamAV version is buggy and that this is a false alarm. Sorry for the inconvenience. Norm -- You received this message because you are subscribed to the Google Groups "Metamath" group. To unsubscribe from this group and stop receiving emails from it, send an email to metamath+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/metamath/8a94742c-02b8-4b76-b19c-099725e24d5fn%40googlegroups.com.
