grarpamp: > On Mon, Jan 5, 2015 at 3:33 AM, Kura <[email protected]> wrote: >> I would say that maybe it's a possibility that traffic gets >> flagged as such too? >> ... >> antivirus [...] one that does >> traffic inspection > > Oh, well that could be too. Tor traffic is crypted/obfuscated > and thus could generate a random hit that AV points at the > Tor binary as responsible for. > > But the OP is getting URL's from AV so it may be > watching his localhost SOCKS for http streams.
This may perhaps help: Running the bridge I regularly get: [Warning] Rejecting SOCKS request for anonymous connection to private address [scrubbed]. [1 similar message(s) suppressed in last 300 seconds] I can't unscrub these msgs (SafeLogging doesn't seem to work for tor 4.0.2 and standalone vidalia.) I haven't been able to track down the processes involved. Since they're private, I assume they're broadcasts & so ignore them. There some conversations about this on one of the lists some time ago, and the advice was to ignore. > What's weird is OP's "Object" is https://, which is > not terminated to plaintext anywhere but in the browser > or tor. > > Perhaps not enough info. > >> machine, AVG reported that tor.exe was a possible virus and removed it, this >> also happened when we tested the Tor Vidalia bundle. This was simply a >> filesystem check though, rather than packet/traffic inspection. It was also >> very recent, within the last week. > > Gratuitous listing by AVG perhaps? > >> On Mon, Jan 5, 2015 at 2:30 AM, eliaz wrote: >>> The antivirus program on a machine running a bridge occasionally >>> reports like so: >>> >>> Object: https:// >>> Infection: URL:Mal [sic] >>> Process: ... \tor.exe _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
