[Qgis-user] QGIS 3.18.0 ​Installer Detected as NirCmd Adware PUA by Antivirus

Andrea Giudiceandrea andreaerdna at libero.it
Thu Mar 11 23:51:34 PST 2021 

Alyza Eileen Clare B. Villanueva wrote
> we were skeptical on the downloaded installer from
> https://www.qgis.org/en/site/forusers/download.html since it was detected
> as NirCmd Adware PUA by our Antivirus (Sophos Endpoint Security) during
> the installation process. 

Hi Alyza,
I wonder how you managed to download a 3.18.0 installer from from
https://www.qgis.org/en/site/forusers/download.html and exactly what
installer you have downloaded.

In fact, currently the download of the QGIS 3.18.0 standalone installers for
Windows (and macOS) is disabled from the normal download page
https://www.qgis.org/en/site/forusers/download.html and they are only
available for testing purpose through the https://qgis.org/downloads/ page
with the advise that is better to wait for a QGIS 3.18.1 release (that will
be released the next week).

It is not even possible to install QGIS 3.18.0 using the regular OSGeo4W
Network Installer at the moment.

Anyway, the Windows installers are digitally signed with the "The Open
Source Geospatial Foundation" certificate issued by DigiCert SHA2 Assured ID
Code Signing CA and they also came with a sha256 hash so you can check for
tampering or download errors.

If you check the installers available on https://qgis.org/downloads/ using
the VirusTotal web services www.virustotal.com, you'll find that no
antivirus software on that platform is detecting
QGIS-OSGeo4W-3.18.0-1-Setup-x86_64.exe as a virus or containing any PUAs.

If you double check that you downloaded the installer from
https://www.qgis.org/ and that it is digitally signed with corresponding
hash but your antivirus detects it as NirCmd Adware PUA, then you can try to
use, only for testing purpose (with the advise that is better to wait for a
QGIS 3.18.1 release), a new testing MSI installer for QGIS 3.18.0
QGIS-OSGeo4W-3.18.0-1.msi wihch is also available on
https://qgis.org/downloads/?C=M;O=D and is digitally signed and which
doesn't use the NirCmd tool in the installer.

Best regards.

Andrea Giudiceandrea



--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-User-f4125267.html

More information about the Qgis-user mailing list