08-01-2022, 10:53 PM
|
#1 |
|
Junior Member
 Posts: 2
Karma: 10
Join Date: Aug 2022
Device: Onyx Boox Nova 3
|
Backdoor malware through Calibre?
Windows Defender reported to me that a Severe threat, Backdoor:PHP/Yorcirekrikseng!rfn, was automatically removed from my Windows 11 laptop. The security report points to a couple of temporary folders that happen to have a calibre prefix on them (see attached screenshot).
Could this be related to Calibre in any way? Could it be a false positive? The latest Calibre versions I have used in the last month are 6.1.0 and 6.2.1, both downloaded from the official website. This is the information that Microsoft has on this specific malware: https://www.microsoft.com/en-us/wdsi...tID=2147783015 I searched the web for any occurrences of this for Calibre, but I found no matches. Any pointers about this would be appreciated. |
|
|
|
08-01-2022, 11:01 PM
|
#2 |
|
creator of calibre
 
Posts: 45,353
Karma: 27182818
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
https://manual.calibre-ebook.com/faq...a-virus-trojan
And in your case since its a PHP malware, and calibre does not use PHP, either windows defender was on a bender or it found something it didnt like in some ebook file or html file that was viewed/read/downloaded since these are often saved in temporary folders on the disk. |
|
|
|
| Advert | |
|
|
|
08-02-2022, 12:19 AM
|
#3 |
|
Junior Member
Posts: 2
Karma: 10
Join Date: Aug 2022
Device: Onyx Boox Nova 3
|
I just got a new Severe threat alert, again on a temporary calibre folder. I opened the folder and I saw a lot of filesystem activity in it: files were being added and removed at a fast rate.
The operation that Calibre was doing at that time is full-text indexing, on "fast" mode. After indexing finished, there are no files left, except some *-render-html folders, all of which are actually empty. Accordingly, Calibre now reports "all book files indexed". So can it be that a couple of EPUB and PDF files (possibly the same ones in the screenshot on previous post) are somehow taken to be "infected" files by Windows Defender as Calibre reads and indexes them? |
|
|
|
|
08-02-2022, 01:20 AM
|
#4 |
|
creator of calibre
Posts: 45,353
Karma: 27182818
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
yes, as I said it could be a file being viewed/read etc. Indexing basically converts the book to html and then indexes that.
|
|
|
|
|
08-02-2022, 08:45 AM
|
#5 |
|
Resident Curmudgeon
Posts: 79,756
Karma: 145864619
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
|
I've never once had Windows Defender say there is a problem with anything to do with Calibre.
|
|
|
|
| Advert | |
|
|
|
08-02-2022, 09:37 AM
|
#6 |
|
Custom User Title
Posts: 10,974
Karma: 75337983
Join Date: Oct 2018
Location: Canada
Device: Kobo Libra H2O, formerly Aura HD
|
Dodgy eBooks, I'd suspect. Both PDF and ePub can harbour malware.
|
|
|
|
|
08-02-2022, 01:11 PM
|
#7 | |
|
Well trained by Cats
Posts: 31,057
Karma: 60358908
Join Date: Aug 2009
Location: The Central Coast of California
Device: Kobo Libra2,Kobo Aura2v1, K4NT(Fixed: New Bat.), Galaxy Tab A
|
Quote:
I would scan ALL downloads BEFORE doing anything with them (that causes them to be opened), like add to Library. The really good  BAD ones (malware) are very sneaky
|
|
|
|
|
 |
«
Previous Thread
|
Next Thread
»
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Malware found in calibre-portable.exe v5.5.0 | peter0conor | Calibre | 16 | 11-19-2020 04:29 PM |
| Are There Any Malware Vulnerabilities in Calibre? | Book Hunter | Library Management | 8 | 03-03-2020 04:36 AM |
| Calibre 2.40 +mac = malware? | jkeidan | Calibre | 7 | 11-27-2015 01:39 AM |
| .chm malware? | saijanai | Calibre | 3 | 03-23-2015 04:16 PM |
| Does Calibre have a NSA backdoor? | ereaderundecided | Calibre | 30 | 10-02-2013 10:49 PM |
All times are GMT -4. The time now is 07:43 AM.