Closed Bug 1611489 Opened 6 years ago Closed 6 years ago

Downloading Thunderbird AddOns am also getting virus

Categories

(Thunderbird :: Add-Ons: General, defect)

Product:
Thunderbird
Component:
Add-Ons: General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: jim.razor.us, Unassigned)

Details

Attachments

(1 file)

screen-cap-012520-a.jpg
250.18 KB, image/jpeg
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0

Steps to reproduce:

Hello to all,
Am getting a notice from McAfee everytime I download a new AddOn from the Extensions Manager with in Thunderbird 68.4 (64 bit).
Thought you all might want to know this is going on.

Actual results:

As I am downloading and installing the Extension(s):
Allow HTML Temp
ReFwdFormatter
Provider for Google Calendar

*McAfee reports that a virus tagged along and was blocked, each one seems to be a different virus (although I could be the same as I was not watching all that closely).

Expected results:

These AddOns should have installed without any notification from McAfee.

The full exact text or a screen shot is required. Although I doubt there's anything we can do for this.

Group: mail-core-security
Flags: needinfo?(jim.razor.us)
Attached image screen-cap-012520-a.jpg

Requested Screen Capture from 01/25/20
This was received after downloading
ImportExportTools NG

*it was triggered while trying to install this into Thunderbird

Flags: needinfo?(jim.razor.us)

at 1st glance it would appear that the extensions server has been compromised, but?

There is a reason we have been suggesting to users in support to create an exclusion in McAfee for the entire Thunderbird profile. That reason is McAfee is a little like lightning, it can not be trusted not to mess things up where ever it is.

It was 2012 when I first heard of McAfee causing issues with Thunderbird. They had introduced a new heuristics engine in November. That I remember the date is perhaps significant in the support issue it has since become.

At first glance, I would just shrug my shoulders and say McAfee strikes again.

What an addon has to do with their suspicious email detection I have not an idea at all. Based on this article that comes up when I search for attachment!script.A at google, it would appear that the product is just confused by a zip file with an XPI extension in the context of a mail application. It is exactly the sort of false-positive I have come to expect from McAfee.

https://www.mcafee.com/enterprise/en-us/threat-center/detection-dispute-form.html
Based on the first few comments on their dispute page, I really think I have other things to do with 4 or 6 weeks of my life that await their slow attentions, as you feel there might be some veracity to this, perhaps you might contact McAfee as your antivirus product supplier and ask them about what it is and how to fix it.

I'm inclined to agree with Matt. I would report this to McAfee as a false positive https://www.mcafee.com/enterprise/en-us/threat-center/detection-dispute-form.html so they can get their act together.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Component: Untriaged → Add-Ons: General
Resolution: --- → INVALID

I looked into this briefly for peace of mind. There is no evidence of any kind of viruses in the named add-on("ImportExportTools NG").

  • The database hash and the file hash still match(if they didn't, TB wouldn't install the add-on).
  • The contents of the actual file, "importexporttools_ng-4.0.4-tb.xpi" perfectly match the source on GitHub.

This is definitely just yet another nonsensical problem caused by bad 3rd party anti-virus.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: