Malicious thing in rustup-init.exe

Hi friends,

Am completely new to this Rust forum.
I want to prepare my environment for coding in Rust.
When I follow official links, and from I download rustup-init.exe before running the exe I check it via virustotal, result is:
Cynet Malicious (score: 100)

I have no idea why Cynet flags the executable, but 1 out of 68 (the current total score on virustotal) sounds like a false positive.

1 Like

I'm inclined to believe this is a false positive, based on the fact that virus scanners are next to useless in 2021.

This is because of the way virus scanners work: they scan for byte patterns in a binary or a process, and then match that to patterns that the people working for a virus scan company have found in real world viruses.

The problem with that is that such pattern matches are inherently probabilistic in nature, and thus yield false positives as well as false negatives (strongly diminishing their value in the process, because you can't really trust the output of such a tool either way).

In the case of the rustup tool (and other utilities that are core to using/developing with Rust) it's orders of magnitude more likely that there just happens to be some kind of pattern that your AV isn't smart enough to detect as legitimate (and thus marks as malware), than it is that there is actually malicious code in there.

Another way to confirm this is to use different AV software on it and see what happens.


Thanks guys, wanted to be sure.

If you are worried, here are a few things that could help you be sure.

  1. Verify that the owner of the tls certificate is non sketchy.
  2. Download on a non public internet connection.
  3. Once you've downloaded the file, check the sha hash of the downloaded file matches what other people are getting, and what's advertised here: Other installation methods - The rustup book

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.