grarpamp:
On Mon, Jan 5, 2015 at 3:33 AM, Kura kura@kura.io wrote:
I would say that maybe it's a possibility that traffic gets flagged as such too? ... antivirus [...] one that does traffic inspection
Oh, well that could be too. Tor traffic is crypted/obfuscated and thus could generate a random hit that AV points at the Tor binary as responsible for.
But the OP is getting URL's from AV so it may be watching his localhost SOCKS for http streams.
This may perhaps help: Running the bridge I regularly get:
[Warning] Rejecting SOCKS request for anonymous connection to private address [scrubbed]. [1 similar message(s) suppressed in last 300 seconds]
I can't unscrub these msgs (SafeLogging doesn't seem to work for tor 4.0.2 and standalone vidalia.) I haven't been able to track down the processes involved. Since they're private, I assume they're broadcasts & so ignore them. There some conversations about this on one of the lists some time ago, and the advice was to ignore.
What's weird is OP's "Object" is https://, which is not terminated to plaintext anywhere but in the browser or tor.
Perhaps not enough info.
machine, AVG reported that tor.exe was a possible virus and removed it, this also happened when we tested the Tor Vidalia bundle. This was simply a filesystem check though, rather than packet/traffic inspection. It was also very recent, within the last week.
Gratuitous listing by AVG perhaps?
On Mon, Jan 5, 2015 at 2:30 AM, eliaz wrote:
The antivirus program on a machine running a bridge occasionally reports like so:
Object: https:// Infection: URL:Mal [sic] Process: ... \tor.exe