macOS
3.5.13
Device: darwin, Intel(R) Core(TM) i7-1068NG7 CPU @ 2.30GHz
Client ID: [redacted]
Sync Version: 3
Profile Version: 49
Keychain Supported: Yes
Alternative instance ID: -
Revision: 0c1511f
Backup: 1.5.1
Freehand Drawing: 4.2.0
Joplin Cloud
Issue with AVAST quarantining a file
I have the same problem on windows 11 and Avast detecting a .md file from Joplin as a threat !
I think the issue is that there are a lot of security vulnerabilities being discovered recently due to the advancement of AI, and many companies are releasing more patches and improving their security. I'm guessing antivirus software have recently added new behavioural rules which flags Joplin's existing sync behaviour as a security risk, because several people have suddently been getting these alerts from their antivirus in the last couple of days
Though the recent ones I have seen on this forum are all Avast.
The alert ID says "HttpRequest". If your note does not actually contain some kind of code snippet could it be that it just contains a URL that is HTTP?
The alert says "was infected with malware" but the ID is marked [Susp]. Also I did not find any other vendor using this "HttpRequest" ID.
I did use Avast a while back when I had a Windows machine. I uninstalled it when I got the feeling that some of the alerts I was getting were spurious to say the least. Also you can call me cynical but for a Malware alert why is the main feature of the dialog a big, green, clickable "UPGRADE YOUR PROTECTION" button.
Though the recent ones I have seen on this forum are all Avast.
There was a report on Norton as well
Thanks for pointing that out. I did another search using a different search engine and it seems that Avast, AVG (which is also Avast), and Norton have started flagging something in non-executable documentation markdown files as suspicious.
This GitHub post for another application suggests that for them it is possibly being triggered by finding an HTTP URL in the text of their GitHub README.md file.
Thanks, all -- so is the suggestion to check my notes for "http://" string?
The solution (on the linked post about Norton) is to set a directory exclusion on your antivirus for the relevant Joplin directory it raising as having a malware
which directory would I exclude? (I'm on a Mac)
Thank you!
Not sure exactly, because it is truncated on the screenshot of the Avast alert. Have a look in the quarantine and post the full path of the quarantined file here, as you won't want to set the exclusion too wide or narrow
it was in the /username/.config/joplin-desktop/tmp folder -- I found a way to add the exception to AVAST - thank you!
This is definitely happening with Norton as well, starting late April (2026). Tried adding C:\Users\XXXX.config\joplin-desktop\tmp to Norton Scanning exempt folder list but still the file created by the backup routine ending in .MD was again quarantined - note the exact file name changes each time Backup runs. Then added *.md to scan exempt list and same problem. Have now added both folder and file to Norton real time protection exempt list. SUCCESS!!!
