I've just started getting alerts from Avast File Shield on Mac OS informing me that it the application is infected with malware (MacOS:Ledger-B [Trj]).
I'm not sure if this is a "real infection" or a false-positive based on updated Avast data-files.
I did just re-download the official DMG file again from the Joplin website and had the same issue when I tried to copy it from the DMG to my Applications folder (an Avast threat alert pops up and it quarantines the file).
A full scan of my system with Avast shows no other issues. It looks like it's been doing this all day today if I look at the Avast quarantine logs - only for Joplin...
This is Joplin version 2.10.18 on macOS Monterey version 12.6.5.
That shows as no virus when I upload the same DMG, so I guess Avast data files must be showing it as a false positive...
A little annoying as I don't want to risk telling Avast to restore the file, on the slight off-chance there is an issue. I have submitted the file to Avast Security for analysis as a false-positive so will wait and see what they come back with.
I see Avast updated their virus definitions today (version = 23051702) so I'm hoping this is just a "glitch" and that with our submissions it may get resolved ASAP...
I (somewhat nervously) added Joplin as an exception in the Avast preferences and it is working normally. Would love to have confirmation from Avast that it's indeed a false positive.
Just FYI, I was updated to 23051710 15 minutes ago. Tested with installing Joplin update 2.10.19 (latest) and Avast is still picking it up as though it has a trojan
same thing happening to me as well, I reported all the files as false positives, hopefully this gets resolved soon! thanks everyone for your work on this
Same on macOS Ventura 13.2.1, Apple M1, Joplin 2.10.19, Avast 15.6.0 virus definitions latest as of this timestamp.
The older Joplin 2.10.18 had already been partly overwritten so I can't even run it. So just tried re-installing 2.10.18 and also 2.10.16 and same MacOS:Ledger-B [Trj] detection. VirusTotal now gives Avast and AVG as also finding the same trojan in these DMG files. I also asked VirusTotal to re-analyze (as last analysis was 23 hours ago) - still flags just those 2 virus scanners. So likely a false-positive.
Specifically the Joplin Helper (GPU) file seems at issue.
Unfortunately I've tried adding an exception to the file, to the whole package, to the entire directory and Avast still flags it. And I can't figure out how to turn Avast off. And I need to use Joplin!
I (somewhat nervously) added Joplin as an exception in the Avast preferences and it is working normally.
How were you able to do add the exception in Avast? I added Joplin .dmg as an exception, and the directory in which it sits, and the individual file Joplin Helper (GPU) via show package contents to the exception list, but still Avast won't let me install Joplin.
I have just been running Joplin from the disc image or whatever. This allows it to run still, even though I can't copy it anywhere without the copy being deleted by Avast.
