Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Software > Calibre

Notices

Reply
 
Thread Tools Search this Thread
Old 06-22-2019, 05:20 AM   #1
zaster
Junior Member
zaster began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Jun 2019
Device: laptop
Trojan spyware in calibre mac OS build

Hi

I just ran the latest calibre Mac OS build through Virustotal, and saw the following result
https://www.virustotal.com/gui/file/...36e0/detection

Does anyone know what's going on?
zaster is offline   Reply With Quote
Old 06-22-2019, 09:47 AM   #2
theducks
Well trained by Cats
theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.
 
theducks's Avatar
 
Posts: 30,076
Karma: 57259778
Join Date: Aug 2009
Location: The Central Coast of California
Device: Kobo Libra2,Kobo Aura2v1, K4NT(Fixed: New Bat.), Galaxy Tab A
If you got Calibre from the official CALIBRE site, it is a false positive. (There is a FAQ on this topic). If you went elsewhere for your download you have no idea of what was added (nor do we)

Some folk call anything 'spyware'.
Calibre does 'call home' to find out if there are updates.
That call also logs what OS, which is used on the Stats page as well as takes you to the matching download page.
All this behavior IS acknowledged on the official site.
theducks is online now   Reply With Quote
Advert
Old 06-22-2019, 09:51 AM   #3
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 44,106
Karma: 22669824
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
That's not a calibre build, that's some calibre.app.zip file. I release no such file.
kovidgoyal is online now   Reply With Quote
Old 06-22-2019, 09:54 AM   #4
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 44,106
Karma: 22669824
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
And here are the virustotal results for the actual released calibre macOS DMG: https://www.virustotal.com/gui/url/1...b802/detection

Showing all clean.
kovidgoyal is online now   Reply With Quote
Old 06-23-2019, 03:06 PM   #5
Bookstooge
Guru
Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.
 
Bookstooge's Avatar
 
Posts: 765
Karma: 2090886
Join Date: May 2019
Device: Kindle Oasis 1st Gen
Quote:
Originally Posted by zaster View Post
Hi

I just ran the latest calibre Mac OS build through Virustotal, and saw the following result
https://www.virustotal.com/gui/file/...36e0/detection

Does anyone know what's going on?
So where did you get this?

Edited:
The only place I could find online for calibreapp was a website called Calibreappdotcom. It appears to be a web performance thingummery. Not my area of expertise at all.

Last edited by Bookstooge; 06-23-2019 at 03:11 PM.
Bookstooge is offline   Reply With Quote
Advert
Old 06-23-2019, 06:00 PM   #6
jhowell
Grand Sorcerer
jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.jhowell ought to be getting tired of karma fortunes by now.
 
jhowell's Avatar
 
Posts: 6,602
Karma: 84812983
Join Date: Nov 2011
Location: Tampa Bay, Florida
Device: Kindles
Quote:
Originally Posted by Bookstooge View Post
So where did you get this?

Edited:
The only place I could find online for calibreapp was a website called Calibreappdotcom. It appears to be a web performance thingummery. Not my area of expertise at all.
The website is calibre-ebook.com.
jhowell is offline   Reply With Quote
Old 06-24-2019, 12:46 PM   #7
DNSB
Bibliophagist
DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.
 
DNSB's Avatar
 
Posts: 37,565
Karma: 149859356
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
calibre.app
Quote:
Originally Posted by Bookstooge View Post
So where did you get this?

Edited:
The only place I could find online for calibreapp was a website called Calibreappdotcom. It appears to be a web performance thingummery. Not my area of expertise at all.
Quote:
Originally Posted by jhowell View Post
The website is calibre-ebook.com.
The site referenced by Bookstooge is indeed calibreapp.com which advertises "World-class web performance monitoring for teams." The site also links to calibre.app. The program has nothing to do with Kovid Goyal's calibre ebook management program.

However, I also note that only one of the programs at Virustotal came up with a positive which suggests that it is a false positive.

Last edited by DNSB; 06-24-2019 at 12:51 PM.
DNSB is offline   Reply With Quote
Old 06-24-2019, 06:44 PM   #8
Bookstooge
Guru
Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.Bookstooge ought to be getting tired of karma fortunes by now.
 
Bookstooge's Avatar
 
Posts: 765
Karma: 2090886
Join Date: May 2019
Device: Kindle Oasis 1st Gen
Quote:
Originally Posted by DNSB View Post
calibre.app



The site referenced by Bookstooge is indeed calibreapp.com which advertises "World-class web performance monitoring for teams." The site also links to calibre.app. The program has nothing to do with Kovid Goyal's calibre ebook management program.

However, I also note that only one of the programs at Virustotal came up with a positive which suggests that it is a false positive.
Exactly. That is why I wanted to know where Zaster got the file from. You can't get that zip file for free from CalibreApp. I did find an older version on one of those upload/download sites, but I'm SURE Zaster didn't do anything so silly as to download some random file with "calibre" in the name and then sign up to Mobilereads to talk about it
Bookstooge is offline   Reply With Quote
Old 06-25-2019, 12:31 AM   #9
DNSB
Bibliophagist
DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.
 
DNSB's Avatar
 
Posts: 37,565
Karma: 149859356
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
When I looked at the calibreapp.com website, there was an option to test the program for free. It did require entering a company name, your work email, your name and password but from the advertising, there did not seem to be a download associated with the application.

The other alternative is that someone downloaded the calibre-x.yy.zz.dmg file, extracted the calibre.app directory from that and then zipped it up. After all, installing from a .zip file is going to be much easier than installing from a .dmg file.

Last edited by DNSB; 06-25-2019 at 12:38 AM.
DNSB is offline   Reply With Quote
Old 06-28-2019, 03:38 AM   #10
zaster
Junior Member
zaster began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Jun 2019
Device: laptop
Quote:
Originally Posted by kovidgoyal View Post
That's not a calibre build, that's some calibre.app.zip file. I release no such file.
I downloaded the DMG from the following link
https://calibre-ebook.com/download_osx

Then moved the application package from mounted image to applications. This application package is the one I uploaded to virus total for testing.

So this is an official package.

Yeah, I agree this should be a false positive. I have been using calibre for a long time, and have only nice things to say about it
zaster is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can i build calibre on OS X High Sierra 10.13 on a Mac ? exAppl088 Development 1 05-28-2019 11:02 PM
Mac OSX Trojan Steals Processing Power kjk Apple Devices 8 11-01-2011 06:34 PM
Kindle 3 scans 2 worms and 1 spyware after using Calibre? dancingbacon Devices 4 06-13-2011 08:05 AM
Mac Build pdurrant Sigil 1 08-10-2009 11:31 AM
trojan in calibre 0.5.11? BookLoverToo Calibre 5 05-10-2009 01:49 AM


All times are GMT -4. The time now is 01:16 AM.


MobileRead.com is a privately owned, operated and funded community.