Forum > macOS / Mac OS X

McAfee detects Malware on installation

(1/1)

DST1348:
Hi forum!
I am in the process of installing Lazarus 2.2.2 on my MacBook Pro (intel chip; macOS 12.5.1). I successfully installed and tested FPC. But during the  installation of the Lazarus IDE my McAfee antivirus pops up with a malware detection notification (see attached screen shot) and the installation fails!

I computed the MD5 checksum and it agrees with the one on the homepage (https://www.lazarus-ide.org/index.php?page=checksums#2_2_2):
MD5 (Lazarus-2.2.2-0-x86_64-macosx.pkg) = 1dd40f59cc5974ddf3cb7279075a3f6f

So, either this the malware notification is a false positive or the installation file is compromised. How do I proceed and install Lazarus?
Thank you very much for your help!

marcov:
For McAfee product support, please contact your McAfee representative to find out the meaning of the notification. It might be as simple that McAfee considers any symlink making as suspect. Also if your antivirus supports safe and heuristic detection, consider only enabling safe detections

To be sure if it is a contamination you would normally submit it to sites like virustotal that test the binary with multiple scanners, but I don't know if those exist for Mac binaries.

Martin_fr:
I don't know much about the Mac installation....

But afaik Lazarus does use a symlink inside the app-bundle.
I.e. The "lazarus" executable file is NOT inside lazarus.app/Contents/MacOS (or wherever it would be). Instead it is outside the bundle, and the bundle contains a symlink.

It would be plausible, that an AV considers this an attempt to "sneak" something into the bundle.... But  I don't know if that is what causes the issue here.

I don't have the means to try and reproduce it. But McAffe (as any other AV vendor) should have a support site, that allows you to upload a suspected false positive. In my experience with other AV companies, if you do so they should respond within about a week.

I suspect it to be a false positive, since you have the correct checksum, and if it was indeed infected, there would very likely have been other reports by now. (Not a proof, but...)

DST1348:
Thanks for the replies. In my case the good old "always make sure that your system is up-to-date" advice solved the issue :-[ After upgrading to the latest macOS 12.6, McAfee still complained but the installation finished successfully %) I started Lazarus and all seems to work normally.

Navigation

[0] Message Index

Go to full version