[Qgis-user] QGIS 3.18.0 ​Installer Detected as NirCmd Adware PUA by Antivirus

[Alyza Eileen Clare B. Villanueva]

Hello Ms. Andrea,

Good Day.

Thank you for the inputs.

We have downloaded the on this website https://www.qgis.org/en/site/ using by clicking the "Download Now" for Version 3.18.0 which we were able to download the "QGIS-OSGeo4W-3.18.0-1-Setup-x86_64" installer with a file size of 390 MB, this installer was downloaded last February 25, 2021.


We are looking forward for the stable release of QGIS Version 3.18.1 next week.


Regards,
Alyza Villanueva

-----Original Message-----
From: Qgis-user <qgis-user-bounces at lists.osgeo.org> On Behalf Of Andrea Giudiceandrea
Sent: Friday, 12 March 2021 3:52 PM
To: qgis-user at lists.osgeo.org
Subject: Re: [Qgis-user] QGIS 3.18.0 ​Installer Detected as NirCmd Adware PUA by Antivirus

Alyza Eileen Clare B. Villanueva wrote
> we were skeptical on the downloaded installer from
> https://www.qgis.org/en/site/forusers/download.html since it was
> detected as NirCmd Adware PUA by our Antivirus (Sophos Endpoint
> Security) during the installation process.

Hi Alyza,
I wonder how you managed to download a 3.18.0 installer from from https://www.qgis.org/en/site/forusers/download.html and exactly what installer you have downloaded.

In fact, currently the download of the QGIS 3.18.0 standalone installers for Windows (and macOS) is disabled from the normal download page https://www.qgis.org/en/site/forusers/download.html and they are only available for testing purpose through the https://qgis.org/downloads/ page with the advise that is better to wait for a QGIS 3.18.1 release (that will be released the next week).

It is not even possible to install QGIS 3.18.0 using the regular OSGeo4W Network Installer at the moment.

Anyway, the Windows installers are digitally signed with the "The Open Source Geospatial Foundation" certificate issued by DigiCert SHA2 Assured ID Code Signing CA and they also came with a sha256 hash so you can check for tampering or download errors.

If you check the installers available on https://qgis.org/downloads/ using the VirusTotal web services www.virustotal.com, you'll find that no antivirus software on that platform is detecting QGIS-OSGeo4W-3.18.0-1-Setup-x86_64.exe as a virus or containing any PUAs.

If you double check that you downloaded the installer from https://www.qgis.org/ and that it is digitally signed with corresponding hash but your antivirus detects it as NirCmd Adware PUA, then you can try to use, only for testing purpose (with the advise that is better to wait for a QGIS 3.18.1 release), a new testing MSI installer for QGIS 3.18.0 QGIS-OSGeo4W-3.18.0-1.msi wihch is also available on https://qgis.org/downloads/?C=M;O=D and is digitally signed and which doesn't use the NirCmd tool in the installer.

Best regards.

Andrea Giudiceandrea



--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-User-f4125267.html
_______________________________________________
Qgis-user mailing list
Qgis-user at lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
The contents of this e-mail and any files transmitted with it may contain private, privileged, and/or confidential information and are intended solely for the named addressee/s. If you have received this e-mail in error, please immediately alert the sender by reply e-mail then delete from your system this email as well as your reply email, including all attachments, if any. If you are not the intended recipient, please know that the unauthorized access, reproduction, disclosure, and distribution of this e-mail and/or any of its attachments or any information contained therein is strictly prohibited and is specifically punishable under Republic Act No. 8792 or the Electronic Commerce Act and Republic Act No. 10173 or the Data Privacy Act of 2012.