Hello,
My antivirus got a hit on “Sublime Text.App” for what it calls “Win.Trojan.Toa-5370297-0”
Assuming this is not a false positive, how can I get a new binary (I am a licensed user) ?
Sublime Text 3, build 3126
Antivirus: ClamXav v2.11/0.99.2 (2835)
OS: macOS Siera v10.12.2
Thanks
Same here. First time I’ve ever run a virus scan on my Mac and this turns up:
/Applications/Sublime Text.app/Contents/MacOS/Packages/JavaScript.sublime-package: Win.Trojan.Toa-5370297-0 FOUND
Try using the unzip command to extract the sublime package into the /tmp dir (create a new subdirectory). You should be able to noodle around in the contents. More importantly, you should be able to checksum the files and compare to their open source versions on SublimeHQ/Packages (on github). Builds are tagged in that repo, so it should be easy to correlate.
If the checksums match, then you have a pretty high assurance that it’s a false positive. But if it still makes you nervous, you can look over the files.
Nothing in that package is executable, even as a plugin, so the odds of this being legit seem extremely small to me.
I just simply downloaded your last stable build (3126), the same that was installed on my system, but the problem is persisting.
I will investigate the problem with the antivirus software technical support to see what they are thinking about it.
Thanks for your help.
I got the confirmation from the antivirus tech support that this is a false positive. An ClamXav update is now available to fix this issue. Thanks.