Here's what I did:
- Temporarily turn off File Shield in Avast (in Avast One, click "Explore", "File Shield", "Open File Shield").
- Drag Joplin into the Applications folder.
- Add Applications/Joplin.app to the Exceptions list.
- Turn File Shield back on.
Thank you, @dave_swofford, was able to fix it on my side with your help, for some reason I was clicking in the wrong place in Avast.
Note - I also had to turn on File Shield again, and, turn off automatic quarantine, and then add each of several helper files as well to the exceptions list as the application launched (Avast would halt and the app launch would crash but give me the chance to add another exception), see screenshot.
I wonder if there is an open source shared library file or similar code segment that is triggering the false alarm - or even has actually become infected and Avast and AVG are more sensitive to detecting it
within Joplin helper modules?
@o5t6iaqo7 Ah, right. I went through that too. I found that once I had Joplin running, I could delete all of those exceptions and just have a single exception for the "Avast.app" application bundle. All of the helpers are contained in the application bundle (a folder) and Avast doesn't scan inside it once it's been installed correctly. Then when I replied to your question, I forgot I had done that. My exceptions list now contains just the one entry shown below, and Joplin is working fine for me.
I think there might be something to @deevodavis suggestion that the databases used by multiple vendors are not independent, but I don't have any real knowledge of that. The original Ledger trojan targeted a cryptocurrency app (see Fake data breach alerts used to steal Ledger cryptocurrency wallets). As a cryptophobe I'm not too worried about Joplin, even if it's a real trojan, which I doubt.
Thank you dave_swofford
Just followed your guidance and back up and running again..
A long term solution wold be best to overcome this issue arising on future update.
As mentioned before by o5t6iaqo7 it is the Joplin helper (GPU) which ins being flagged by Avast.
Woohooo... it seems like with the latest MacOS Avast definitions file update (version 23052204) the previous malware false-positive has been resolved (for the original 2.10.18 and latest 2.10.19 versions) 
It might be a good idea for those who have added specific exclusions to get it working remove them, just in case something bad happens in the future, else they could be vulnerable.
2 Likes
Thanks for the info, that's good to know!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.