PyInstaller 4.2 run.exe contains a virus?

[schlomo]

Uploading run.exe from pyinstaller-4.2.tar.gz found at https://github.com/pyinstaller/pyinstaller/releases to VirusTotal results in a Virus warning:

$ shasum -b pyinstaller-4.2.tar.gz
bac8d46737876468d7be607a44b90debd60422b5 *pyinstaller-4.2.tar.gz

Software built with PyInstaller 4.2 also reports as a virus.

Can it be that PyInstaller has been infected?

#5474 and #5479 also report this.

[grajsor]

Yes, you need to gather people and flag the 4.2 bootloader as not a virus among the vendors. This is not a PyInstaller issue, this is a virus-vendor issue. Only YOU can solve it by contacting them.

…

On Tue, Jan 19, 2021 at 11:13 PM Schlomo Schapiro ***@***.***> wrote: Uploading run.exe from pyinstaller-4.2.tar.gz found at https://github.com/pyinstaller/pyinstaller/releases to VirusTotal <https://www.virustotal.com/gui/file/0367cd6d43be86912de0f30dd118087ac9e79a9b5f7440e496703b1de4c44fd7/detection> results in a Virus warning <https://www.virustotal.com/gui/file/0367cd6d43be86912de0f30dd118087ac9e79a9b5f7440e496703b1de4c44fd7/detection> : [image: image] <https://user-images.githubusercontent.com/101384/105098867-041f4e00-5aab-11eb-98a7-24679a3a8d72.png> $ shasum -b pyinstaller-4.2.tar.gz bac8d46737876468d7be607a44b90debd60422b5 *pyinstaller-4.2.tar.gz Software built with PyInstaller 4.2 also reports as a virus. *Can it be that PyInstaller has been infected?* #5474 <#5474> and #5479 <#5479> also report this. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#5490>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AENID2MMHE5ODHBD4P5CAJTS2X7XDANCNFSM4WJSXNFA> .

[bwoodsend]

See #5474 and #5479. This happens every time we do a release. The dumber antiviral software which just memorize checksums take a while to catch up.

[schlomo]

How can we know if your build process hasn't been infected?

If this happens repeatedly, is there a way to build the stubs in a way that won't trigger virus warnings?

If you know this story, maybe you can first inform the virus-vendors of a new version and then release it when they know about it? That way you would probably also save yourselfs a lot of bug reports about this?

Sorry for being a bother about it, PyInstaller is a very important tool for me.

[rokm]

How can we know if your build process hasn't been infected?

You can't. But there's nothing preventing you from rebuilding the bootloaders yourself, in an environment that you trust.

[bwoodsend]

I just tried rebuilding the bootloader using my own environment and uploading that version. That also is being classified as malicious. So unless both mine and Harmut's compilers are infected...

If this happens repeatedly, is there a way to build the stubs in a way that won't trigger virus warnings?

If there was a way to make software look less malware like then all the malware authors would use it. You could try code-signing it but it's costs a lot of money.

If you know this story, maybe you can first inform the virus-vendors of a new version and then release it when they know about it? That way you would probably also save yourselfs a lot of bug reports about this?

I suppose we probably could do this (although there are an awful lot of vendors to notify). It's not just a case of informing the vendors - users will still need to install security patches before their antivirus will stop jumping on our bootloader.

[The-Compiler]

If there was a way to make software look less malware like then all the malware authors would use it.

Looks like that's not the case - see #5579.