[tor-relays] IP addresses as false positives?

grarpamp grarpamp at gmail.com
Mon Jan 5 08:59:18 UTC 2015

On Mon, Jan 5, 2015 at 3:33 AM, Kura <kura at kura.io> wrote:
> I would say that maybe it's a possibility that traffic gets
> flagged as such too?
> ...
> antivirus [...] one that does
> traffic inspection

Oh, well that could be too. Tor traffic is crypted/obfuscated
and thus could generate a random hit that AV points at the
Tor binary as responsible for.

But the OP is getting URL's from AV so it may be
watching his localhost SOCKS for http streams.

What's weird is OP's "Object" is https://, which is
not terminated to plaintext anywhere but in the browser
or tor.

Perhaps not enough info.

> machine, AVG reported that tor.exe was a possible virus and removed it, this
> also happened when we tested the Tor Vidalia bundle. This was simply a
> filesystem check though, rather than packet/traffic inspection. It was also
> very recent, within the last week.

Gratuitous listing by AVG perhaps?

> On Mon, Jan 5, 2015 at 2:30 AM, eliaz wrote:
>> The antivirus program on a machine running a bridge occasionally
>> reports like so:
>> Object: https://
>> Infection: URL:Mal [sic]
>> Process: ... \tor.exe

More information about the tor-relays mailing list