installing the esp32 library for my new Arduino Nano ESP32 board my Intego Virus Barrier 10.9.90 discovered and blocked the installation of the library. Now I am blocked.
I can use the cloud editor but this is only half of the world, IDE 2.3.2 is easier to use (offline ;0)
If nobody else receives a warning from a different AV software then remove that useless blocker.
3 posts were split to a new topic: Virus scanners: useful tool or snake oil?
I think this is not wise, since it will then load this infected software.
I can put the pieces of infected software to quarantine but then the Library can not be used.
... already tried, same result. :0(
Hi @smolschneider.
It is important to understand that there are two distinct types of primary project dependencies in the Arduino world:
Arduino users sometimes refer to boards platforms as "libraries", but this is not the correct term. In order to effectively communicate in technical discussions, and to avoid confusion and wasted time, it is essential to use the correct terminology. So you should make sure to use the term "platform" when referring to Arduino boards platforms, and only use the term "library" when referring to true Arduino libraries.
Now that the terminology is clear, please provide a detailed description of what you mean by "esp32 library".
Does the software provide any information about this action? If so, please share it here.
Does it show the exact path, filename, or URL of the file it blocked?
Does it say the specific reason why it blocked it?
This is the log file of the Virus scanner: (it is to be read from bottom to top, historically)
01.06.24, 09:22:50 | Reparieren fehlgeschlagen (OSX/PythonDownloader.ext): Benutzerordner ▸ Library ▸ Arduino15 ▸ tmp ▸ package-1153014524 ▸ esptool ▸ esptool
01.06.24, 09:22:44 | Reparieren fehlgeschlagen (OSX/PythonDownloader.ext): Benutzerordner ▸ Library ▸ Arduino15 ▸ tmp ▸ package-1153014524 ▸ esptool ▸ esptool
01.06.24, 09:20:49 | Scanvorgang – Malware gefunden (1 gescannt, 1 infiziert, 0 repariert): Benutzerordner ▸ Library ▸ Arduino15 ▸ tmp ▸ package-1153014524 ▸ esptool ▸ esptool
01.06.24, 09:00:17 | Aus der Quarantänezone entfernte Datei: Benutzerordner ▸ Library ▸ Arduino15 ▸ packages ▸ esp32 ▸ tools ▸ esptool_py ▸ 4.5.1 ▸ esptool
01.06.24, 08:59:16 | Scanvorgang – Malware gefunden (1 gescannt, 1 infiziert, 0 repariert): Benutzerordner ▸ Library ▸ Arduino15 ▸ packages ▸ esp32 ▸ tools ▸ esptool_py ▸ 4.5.1 ▸ esptool
01.06.24, 08:59:16 | Infiziert (Trojan: OSX/PythonDownloader.ext): Benutzerordner ▸ Library ▸ Arduino15 ▸ packages ▸ esp32 ▸ tools ▸ esptool_py ▸ 4.5.1 ▸ esptool
01.06.24, 08:59:16 | Der Quarantänezone hinzugefügte Datei (trojan:OSX/PythonDownloader.ext!s1;MV-16414): Benutzerordner ▸ Library ▸ Arduino15 ▸ packages ▸ esp32 ▸ tools ▸ esptool_py ▸ 4.5.1 ▸ esptool
01.06.24, 08:59:06 | Scanvorgang – Malware gefunden (1 gescannt, 1 infiziert, 0 repariert): Benutzerordner ▸ Library ▸ Arduino15 ▸ tmp ▸ package-634100797 ▸ esptool ▸ esptool
01.06.24, 08:59:06 | Infiziert (Trojan: OSX/PythonDownloader.ext): Benutzerordner ▸ Library ▸ Arduino15 ▸ tmp ▸ package-634100797 ▸ esptool ▸ esptool
01.06.24, 08:37:57 | Echtzeit-Scanner-Start
OK, I can see the file it doesn't like was at this path:
/Users/<username>/Library/Arduino15/packages/esp32/tools/esptool_py/4.5.1/esptool
(Where <username> is your macOS username)
Can you extract that file from the quarantine? If so, please upload it to the VirusTotal virus scanner website:
Once you have done that, provide a link to the VirusTotal scan results page in a reply here on the forum thread.
I'm not sure what caused that. It works fine for me. Maybe you have a browser extension (e.g., an adblocker) installed that is breaking the functionality of the VirusTotal website? Or maybe it is our old friend "Intego Virus Barrier" interfering again?
Let's try going at it in another way. I'm going to ask you to attach the file to a reply here on the forum topic and then I'll upload the file to VirusTotal for you.
I'll provide instructions you can follow to do that:
Chance for a false positive > 99%
... many thanks, I think you are right Intego prevents me to anything with this file, even zip it, move this file or open with any thing else.
I uploaded the file from the installation of the esptool script made by Arduino IDE on my macOS machine:
You can see it gets a clean bill of health from the suite of malware scanner tools used by the VirusTotal service. However, "Intego VirusBarrier" is not one of those tools, which means that, although the VirusTotal results tell us what many other security tools think about the file I uploaded, they don't tell us what "Intego VirusBarrier" would think about it.
I installed the free version of the "Intego VirusBarrier" app on my macOS computer and used it to run a manual scan of the esptool script file. It didn't detect any problems with it.
There are two possible conclusions to consider:
Even though I wasn't able to reproduce the detection on my machine using "Intego VirusBarrier", it might be that explanation for the different result you got is a difference in the configurations of our apps, or maybe a different version you are using.
As other forum helpers have already stated, virus scanner tools are very prone to false positives. We regularly receive reports of various virus scanners detecting various of the applications Arduino distributes as malware. When the security team has investigated those previous reports, they were found to be false positives.
It might be that an attacker has somehow co-opted the installation of the boards platform on your system as a vector to import a modified version of the script that contains a malicious payload which would be executed when you attempted to use the board with Arduino IDE.
Even if that malicious payload was not detected by the scanners used by VirusTotal, we would still be able to tell that your script has been modified because that modification would result in your copy of the script having a different checksum than the checksum of the real esptool script (b7fe8f1addc00a712148598b199253a4ce8f3e76a1d401791b4182929eed8535).
Unfortunately it seems there is no way for us to get any more information about the script you have so we are not able to prove or disprove this possibility.
... many, many, thanks for your active and so professional support. 
. This helped a lot. After your tests and trials I had the courage to approve the files in the quarantine. I first uninstalled all the board (library) and the application libraries for ESP32, then reinstalled everything and approved the esp tool files. It now seams to work and in the system activity monitor I can not observe any suspicious jobs (I know this is not a guaranty to be trojan free, because these viruses sleep sometimes). Now my IDE environment is working perfectly with this my new Arduino Nano ESP32 on usb and on WiFi, great! ... and many thanks again for your time and support. I learned a lot again. ... Arduino and the people behind are great 
You are welcome. I'm glad if I was able to be of assistance.
Regards,
Per
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.
