<blockquote class="history_container" type="cite" style="border-left-style:solid;border-width:1px; margin-top:20px; margin-left:0px;padding-left:10px;"><p style="color: #AAAAAA; margin-top: 10px;">On 05/01/2015 08:59:41, grarpamp <grarpamp@gmail.com> wrote:</p>On Mon, Jan 5, 2015 at 3:33 AM, Kura <kura@kura.io> wrote:
<br>> I would say that maybe it's a possibility that traffic gets
<br>> flagged as such too?
<br>> ...
<br>> antivirus [...] one that does
<br>> traffic inspection
<br>
<br>Oh, well that could be too. Tor traffic is crypted/obfuscated
<br>and thus could generate a random hit that AV points at the
<br>Tor binary as responsible for.
<br>
<br>But the OP is getting URL's from AV so it may be
<br>watching his localhost SOCKS for http streams.
<br>
<br>What's weird is OP's "Object" is https://, which is
<br>not terminated to plaintext anywhere but in the browser
<br>or tor.
<br>
<br>Perhaps not enough info.
</kura@kura.io></blockquote><div style="margin-top: 16px; margin-bottom: 20px"><font size="2" face="Tahoma" color="#000000 "><span style="margin-top: 16px; margin-bottom: 20px; color: #3B5998; font-weight: bold">Kura: </span><span style="color: #3B5998"> </span></font>Indeed. I'm not exactly sure how or why that would be the case but, I thought my recent experiences with Tor on Windows might at least shed another piece of light on how AVs sometimes treat Tor. May be related, may be totally unrelated.</div><div class="history_container"><br></div><div class="history_container">From the error, you would expect the AV to be picking out content it deems as dangerous from the final response, i.e. the destination after the exit but, that seems a little odd to me, unless the AV consistently lists the same page as having a virus.</div><blockquote class="history_container" type="cite" style="border-left-style:solid;border-width:1px; margin-top:20px; margin-left:0px;padding-left:10px;"><kura@kura.io><br>
<br>> machine, AVG reported that tor.exe was a possible virus and removed it, this
<br>> also happened when we tested the Tor Vidalia bundle. This was simply a
<br>> filesystem check though, rather than packet/traffic inspection. It was also
<br>> very recent, within the last week.
<br>
<br>Gratuitous listing by AVG perhaps?
</kura@kura.io></blockquote><div style="margin-top: 16px; margin-bottom: 20px"><font size="2" face="Tahoma" color="#000000 "><span style="margin-top: 16px; margin-bottom: 20px; color: #3B5998; font-weight: bold">Kura: </span><span style="color: #3B5998"> </span></font>Quite possibly. AV companies are odd with how they treat certain things. Keygen programs on Windows are another big thing that they used to flag even if they were not dangerous at all.</div><div class="history_container"><kura@kura.io><br></kura@kura.io></div><div class="history_container"><kura@kura.io>On a semi-related note, I run a fair number of exit and middle/guard relays that I can guarantee do not try to do anything naughty to content, feel free to test your Tor against them to see if you still get the same virus warnings, OP.<br></kura@kura.io></div><blockquote class="history_container" type="cite" style="border-left-style:solid;border-width:1px; margin-top:20px; margin-left:0px;padding-left:10px;"><kura@kura.io><br>
<br>> On Mon, Jan 5, 2015 at 2:30 AM, eliaz wrote:
<br>>> The antivirus program on a machine running a bridge occasionally
<br>>> reports like so:
<br>>>
<br>>> Object: https://
<br>>> Infection: URL:Mal [sic]
<br>>> Process: ... \tor.exe
<br>_______________________________________________
<br>tor-relays mailing list
<br>tor-relays@lists.torproject.org
<br>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
<br></kura@kura.io>
</blockquote>