Avast flags Joplin as having malware

I've just started getting alerts from Avast File Shield on Mac OS informing me that it the application is infected with malware (MacOS:Ledger-B [Trj]).

I'm not sure if this is a "real infection" or a false-positive based on updated Avast data-files.

I did just re-download the official DMG file again from the Joplin website and had the same issue when I tried to copy it from the DMG to my Applications folder (an Avast threat alert pops up and it quarantines the file).

A full scan of my system with Avast shows no other issues. It looks like it's been doing this all day today if I look at the Avast quarantine logs - only for Joplin...

This is Joplin version 2.10.18 on macOS Monterey version 12.6.5.

1 Like

What does virus total say?

Just worked out what "virustotal" is :slight_smile:

That shows as no virus when I upload the same DMG, so I guess Avast data files must be showing it as a false positive...

A little annoying as I don't want to risk telling Avast to restore the file, on the slight off-chance there is an issue. I have submitted the file to Avast Security for analysis as a false-positive so will wait and see what they come back with.

Thank you for checking and indeed it's best to notify Avast so that they can check and hopefully clear the false positive if this is what it is


I'm getting the same warning about Ledger-B, but the Avast check in Virus Total reports "undetected". I sent the report to Avast.


Out of curiosity, I tried installing Joplin 2.10.16 and got the same quarantining message reported by @deevodavis. So this isn't anything new.

I see Avast updated their virus definitions today (version = 23051702) so I'm hoping this is just a "glitch" and that with our submissions it may get resolved ASAP... :crossed_fingers:

I (somewhat nervously) added Joplin as an exception in the Avast preferences and it is working normally. Would love to have confirmation from Avast that it's indeed a false positive.

1 Like

Just FYI, I was updated to 23051710 15 minutes ago. Tested with installing Joplin update 2.10.19 (latest) and Avast is still picking it up as though it has a trojan

For those using Avast, please report it to them as a false positive. If there are enough reports hopefully they'll investigate and update their files


same thing happening to me as well, I reported all the files as false positives, hopefully this gets resolved soon! thanks everyone for your work on this

It happened to me too. Mac Ventura 13.3.1 (a), if that helps.

As of 10.45 European time the Avast app has been updated but not yet cleared Joplin.
All "infected" files have been sent for review as false positive

1 Like

Same on macOS Ventura 13.2.1, Apple M1, Joplin 2.10.19, Avast 15.6.0 virus definitions latest as of this timestamp.

The older Joplin 2.10.18 had already been partly overwritten so I can't even run it. So just tried re-installing 2.10.18 and also 2.10.16 and same MacOS:Ledger-B [Trj] detection. VirusTotal now gives Avast and AVG as also finding the same trojan in these DMG files. I also asked VirusTotal to re-analyze (as last analysis was 23 hours ago) - still flags just those 2 virus scanners. So likely a false-positive.

Specifically the Joplin Helper (GPU) file seems at issue.

Unfortunately I've tried adding an exception to the file, to the whole package, to the entire directory and Avast still flags it. And I can't figure out how to turn Avast off. And I need to use Joplin!

Interesting how it's now rippling through the vendors; I wonder if they buy-in their datasets in from a 3rd party..?

Mac and Windows have already built-in antivirus and sercurity features best than using Avast.



I (somewhat nervously) added Joplin as an exception in the Avast preferences and it is working normally.

How were you able to do add the exception in Avast? I added Joplin .dmg as an exception, and the directory in which it sits, and the individual file Joplin Helper (GPU) via show package contents to the exception list, but still Avast won't let me install Joplin.

I have just been running Joplin from the disc image or whatever. This allows it to run still, even though I can't copy it anywhere without the copy being deleted by Avast.

Avast does check against malware on websites that Mac does not flag.