Avast anti-virus flags rclone.com as being infected with Win64:CVE-2019-1215-A [Expll

LeoW · August 7, 2023, 9:42am

What is the problem you are having with rclone?

My Avast antivirus software keeps flagging rclone.com as being infected with:
Win64:CVE-2019-1215-A [Expll.

I have restored the file and set an exception in Avast.

Is it possible this is just a false alarm?

Run the command 'rclone version' and share the full output of the command.

rclone v1.63.1

os/version: Microsoft Windows 11 Home 22H2 (64 bit)
os/kernel: 10.0.22621.2070 (x86_64)
os/type: windows
os/arch: amd64
go/version: go1.20.6
go/linking: static
go/tags: cmount

Are you on the latest version of rclone? You can validate by checking the version listed here: Rclone downloads
--> YES

Which cloud storage system are you using? (eg Google Drive)

Question doesn't pertain to any specific cloud provider.

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

Paste command here

The rclone config contents with secrets removed.

Paste config here

A log from the command with the `-vv` flag

Paste  log here

kapitainsky · August 7, 2023, 9:44am

Yes it is possible but at the same time it can be really infected with virus.

You should raise this issue with your AV company.

From my experience antivirus software is more trouble than help.

read this:

IMO on Windows there is no need for some 3rd party programs when you have built in Microsoft Defender

LeoW · August 7, 2023, 9:52am

Thanks.

I'm running Avast Free, so I may not get any help from the company, but I will check. I'll also check to see if they also have a community forum.

I've never trusted MS Defender. My experience is it doesn't catch things that Avast does, and Malwarebytes.

Rclone is working fine as far as I can tell.

kapitainsky · August 7, 2023, 9:54am

What is the point using AV software you do not trust? and on virus alert just set exceptions. The same end result you will have without it.

LeoW · August 7, 2023, 10:02am

I trust the software 99% of the time. I have no other exceptions except for one and that is with a different program called Syncthing.exe. That I know is a false positive. It's because of their relay servers.
My other Windows computer is protected with Malwarebytes Premium and it does not flag the very same rclone.com file. This is the specific reason why I chose to add an exception.

I'm still going to follow up with the virus company.

UPDATED INFO: I think I'm good now.

Windows Elevation of Privilege Vulnerability

CVE-2019-1215 Security Vulnerability

FROM Microsoft: Security Update Guide - Microsoft Security Response Center

This was a vulnerability in windows until it was patched apparently in 2019.

asdffdsa · August 7, 2023, 12:23pm

hi,
rclone.exe gets flagged as a virus now and again.
check out my how to guide
https://forum.rclone.org/t/rclone-exe-is-a-virus-workarounds/26223

LeoW · August 7, 2023, 12:51pm

Thank you very much.

Avast has rclone listed in its exceptions, so I should be good from now on.

I'll bookmark your workaround just in case.

system · September 6, 2023, 12:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.