You are here: Home / Is the Jan.ai executable infected?

Is the Jan.ai executable infected?

January 9th, 2024, 10:00 am Pacific Time, BitDefender Total Security Alert: @janhq\inference-nitro-extension\dist\bin\win-cpu\nitro.exe is infected with Gen:Variant.Tedy.258323 !
Is the Jan.ai executable infected?

I've been working with bots since the 1980s and 90s BBS and IRC days, and the newer generations of "AI" bots and tools in recent decades. Generally they are easy to setup, modify, and train for techies, but _not_ user friendly.

And most of the user friend generative AI tools are SaaS and have no privacy considerations really (despite what some insist).

Much to my pleasure I stumbled across Jan.ai recently, and was playing around with it a few days on my Linux system (my preferred 99% daily runner), and liked how super simple it might make it for non-techie users. So today I suggested some folks try it out.

Well, they downloaded from the main website to their Windows computers, installed the executable, and before they could do anything else (like install models), their antivirus software went into panic mode (and sent the users into panic mode), exclaiming it was infected, and beginning automatic (can't override) disinfecting!

I should have spent more time getting to know who these folks were, and tested it out more before relaying. I normally don't do so, but was excited for these folks to get a small taste of what I've been working with for decades.

Now I am quite embarrassed, and have hurt my reputation (slightly).

I rapidly went to ping the Jan AI folks in their discord channel, and here is what they had to say...

 

 

 

 

Anyone else getting malware antivirus errors if installing today's Jan production release on windows computers?
This was right after installing the executable, no models installed yet.

Nicole

This was fixed . Can you try
🛠︱nightly-builds

Hawke

Was it actually infected?

Nicole

Conversely, the team is releasing 0.4.4 soon

Hawke

  • @Nicole was it actually infected? That was from the main download link of the front page of the site less than an hour ago.

Nicole

No lemme find the issue/PR

Hawke

ty. I have a few panicked people, and I now have a big black eye for recommending folks try it, trying to calm down the freak out going on everywhere

Nicole

On phone gimme a sec

Nicole

Can I check, was this v0.4.4?

Hawke

Yes

Daniel

Can I check, this was not observed on 0.4.3?

Hawke

They hadn't tried previous.
  • They were all new installers

Nicole

We fixed it in 0.4.3: https://github.com/janhq/jan/pull/1282 It has to do with libraries we imported

Hawke

half a dozen different people/systems
  • all in the past hour
They are not happy with me

Nicole

So I think 0.4.4 nitro extension imported a library that might have flagged bitdefender

Hawke

Their antivirus automatically removed and "disinfected" their installs

Hawke

  • Is it just the AV being over zealous? or is there an actual infection? You have the link to the cause I can share to calm them down if it is not actual infection?
  • Now one of their bosses is livid and wants an explanation.

Daniel

We’re going to rollback 0.4.4 release and take a look at it tomorrow out of caution. It does sound like AV may be overzealous but I want to be extremely careful.

 

 .......

Daniel

@Hawke I've created an open issue and bug report for this: https://github.com/janhq/jan/issues/1483
  • We'll take a closer look tomorrow, our team is based in Singapore/Asia/Australia so it's late for us here
  • Fingers crossed that this is not a supply chain attack or something malicious
  • Thanks for flagging this up to us
  • We will publish an open post-mortem of the incident, with chronology (see Github issue)

 

 

 

Navigation