The last two times I downloaded the latest Gramps update I got the following alarm:
Infekce zablokována
URL hxxp://hivelocity.dl.sourceforge.net/project/gramps/Stable/4.1.0/GrampsAIO-4.1.1-86bfff_win32_py27.exe|$INSTDIR\bin\msggrep.exe
Infection Win32:Evo-gen [Susp]

Gramps is a very trusted genealogy program and I download it from Sourceforge. To download the complete program I must disable Avast until that is done.

Also, I have had problems with Avast blocking a respected photography site, http://www.blog.fsmphoto.com/ I was told by Avast to contact the website’s Administrator to change something (don’t remember what) that was causing the problem. I did make him aware of what Avast said. He probably thought, who are you to tell me what to change on my site. Apparently other virus programs are OK with his site, as I am sure he would have gotten lots of complaints.

I am slowly moving to Linux OS, where I don’t need a virus program.

I am slowly moving to Linux OS, where I don't need a virus program.

This is a common misconception. There are many more virusses for Windows, but assuming you are safe on Linux and therefore not protecting yourself is a mistake. Even if you're not affected by a virus, your files might still carry them (not unlike reallife diseases). On top of that, mail worms and other malicious intent that doesn't somehow need root access will work perfectly fine. And the number of Linux virusses will only get bigger as Linux becomes more popular as a consumer/desktop environment.

Just a friendly warning. But do go with Linux. It’s pretty awesome in some ways.

I am slowly moving to Linux OS, where I don't need a virus program.

Linux malware. http://en.m.wikipedia.org/wiki/Linux_malware http://lwn.net/Articles/367874/

Thank you for the warning. Maybe not as safe as I thought?

nothing is 100% … exept death and taxes

OK, so what about the false positives? I may try my providers virus program on another computer to see how it reacts to those two things.

Trend Micro blocks it as well, so most likely not a FP.

So you are saying sourceforge may have bad stuff on their website? The photography website is hosted by a reputable photographer. I am confused.

Its most likely not Sourceforge.

As you can see on the URL, a file INSIDE the executable is marked as malicious.

hxxp://hivelocity.dl.sourceforge.net/project/gramps/Stable/4.1.0/GrampsAIO-4.1.1-86bfff_win32_py27.exe|$INSTDIR\bin\msggrep.exe

Its just detected by McAfee on Virustotal.

I am contacting the Gramps project to see what I can learn.

Gramps looked into their program and assured me there is not problem. The issue is a false positive. Here is part of an email I received concerning the issue.

c> When I tried to download the latest version of Gramps, Avast would not allow c> some of the download to proceed. I got the alarm posted below.

c> Infekce zablokována
c> URL
c>
hxxp://hivelocity.dl.sourceforge.net/project/gramps/Stable/4.1.0/GrampsAIO-4.1.1-86bfff_wi
n32_py27.exe|$INSTDIR\bin\msggrep.exe
c> Infection Win32:Evo-gen [Susp]

c> I was just on the Avast forum and they confirm there is a “file INSIDE the
c> executable is marked as malicious”.

Yes, but the file it’s reporting is msggrep.exe, which is the gnu
message utility. (I googled and found your discussion with the Avast
folks, IMO they barely looked at the problem.)

c> This also happened a week or so ago when I downloaded 4.0. I disabled my
c> virus scan to download the whole file. So do I now have a virus lurking on
c> my computer?

Doubt it; I find Herd Protect reporting the same Win32:Evo-gen false
positive on a clean msggrep.exe – see:
http://www.herdprotect.com/msggrep.exe-50bd69eb117681341afeacb25d672fa5413d96e8.aspx

However, I do get a different SHA256 signature on the msggrep.exe that I
just pulled out of GrampsAIO-4.1.1-86bfff_win32_py27.exe using wine
(on Ubuntu).

My extremely strong suspicion is that this is just a different build of
msggrep.exe that Herd Protect hasn’t seen yet; but I’d like to see
someone who knows more about the provenance of this executable than I do
weigh in before giving it clean bill of health. My output:

pjh@pjh-laptop:~/.wine/drive_c/Program Files/GrampsAIO-4.1.1/bin$ sha256sum msggrep.exe
d7e5a3b99bb0f4429d1a87e1187f9c9e5167efbf264549eb22b444f9831eefd9 msggrep.exe

So, since there has been no response, I am stuck with the problem? Avast says it is not their problem and Gramps said it is not their problem. Is there any chance or hope the two would get together and resolve this issue?

Well, I got rid of Avast and installed my provider’s security and now I can access that photographer’s site and I can download the Gramps file without issue.

http://i.imgur.com/CBU54LG.png

http://i.imgur.com/wOMmZhY.png

Detection is correct
if you clear the code or disable function auto slideshow
unblocking the site will be done

Malicious Code Detected
http://sitecheck.sucuri.net/results/www.blog.fsmphoto.com/

Hello,

I can confirm. It is a classic spam injection. More so malware on the server-side than client-side, so I assume you aren’t infected.

Regards,
~!Donovan

Norman lab Confirmed

Blog.fsmphoto.com.htm: Hideme.G

Sucuri’s Antonio Perez published on this spam injection: http://blog.sucuri.net/2012/11/website-malware-spam-injections-hideme-kickeme.html

polonus

OK, you are right on that one and did pass the Securi website on to the gentleman with the photography website. That still leaves the issue with the Gramps software. Review the quote I included above from the Gramps people.

No alerts
was fixed in update streaming
not know inform the date of correction,
you used the contact form certainly was corrected.

https://www.virustotal.com/en/file/16e75cd276a861394018d741d2018c87ee833da7062a3b16e74ddd6fb7c5d41a/analysis/1406149518/

All is well. I got a reply from the photographer’s website:

Thanks, it is a Wordpress site that I run. I'll look into it. It might be one of the plugins that I'm running. I also need to update the software.

Thanks again. I’ll check it out.