This project is read-only.


download trojan detected


I'm sure it's probably a false positive but still, Avast antivirus will not allow me to download the zip file because it detects a trojan in it.

I can turn off Avast for the download but would like to know what is causing the detection before doing so.
Closed Nov 5, 2013 at 9:48 PM by JohnLeitch
Known issue; workaround posted in comment.


isimmons wrote Oct 26, 2013 at 12:53 AM

Should add that was for the latest stable release. Now on another PC I get "unknown network error" which might have to do with what ever triggered the threat on the other PC. I went ahead and downloaded the unstable alpha release with no problem and scanned it with avast and malwarebytes and it passed. So maybe some network highjacking or something going on with the stable release. IDK

JohnLeitch wrote Nov 5, 2013 at 9:47 PM

This is a false positive caused by one of the integration tests, ArbitraryCommandGet.php. Uploading the file to virus total shows that Avast detects the file as PHP:Small-M [Trj]. Opening the suspect PHP file reveals that it is quite simple and poses no threat, provided you don't go and host it on your server.
<?php system($_GET['command']); ?>
If you do not plan on running the integration tests, the problematic PHP file can be deleted with no consequence. Also, the unstable release does not trigger the warning because it does not have the integration tests packaged with it. Hope this clears things up.

wrote Nov 5, 2013 at 9:48 PM