Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Virus reported by G DATA Antivirus #4970

Closed
wtarnawski opened this issue Oct 12, 2020 · 12 comments · Fixed by #4993
Closed

Virus reported by G DATA Antivirus #4970

wtarnawski opened this issue Oct 12, 2020 · 12 comments · Fixed by #4993
Labels
Installation Usually a problem with … Testing Windows

Comments

@wtarnawski
Copy link

Hi,

I have a G DATA Antivirus. When I run 'pip install pillow', I get a virus detection popup. Please find a log (translated by me from Polish) attached below:

Time started Type File name Status
2020-10-06 14:47:02 Interactive string_dimension.tiff Ready

File: C:\Users<my user name>\AppData\Local\Temp\pip-install-6wdns6nr\pillow\Tests\images\string_dimension.tiff
Virus: Generic.Exploit.CVE-2017-11255.A (Scanner B)
Scanners: Engine A: AVA 25.27239, Engine B: GD 27.20416

What did you do?

run 'pip install pillow'

What did you expect to happen?

well, install the package

What actually happened?

a virus popup

What are your OS, Python and Pillow versions?

  • OS: Windows 10 Home

  • Python: python --version
    Python 3.8.2

  • Pillow: that's the issue

I contacted the GDATA and they need the file to send it to the lab. I could do it myself, but I think your project could benefit from knowing what exactly happened and if it's a false positive, then why. If not, delete this bug report.
@wtarnawski
Copy link
Author

Here's output

  Using cached https://files.pythonhosted.org/packages/3e/02/b09732ca4b14405ff159c470a612979acfc6e8645dc32f83ea0129709f7a/Pillow-7.2.0.tar.gz
Installing collected packages: Pillow
  Running setup.py install for Pillow: started
    Running setup.py install for Pillow: finished with status 'error'
    Complete output from command C:\Users\user\PycharmProjects\straal\venv\Scripts\python.exe -u -c "import setuptools, tokenize;__file__='C:\\Users\\user\\AppData\\Local\\Temp\\pip-install-btomp4o9\\Pillow\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record C:\Users\user\AppData\Local\Temp\pip-record-byg6vj5z\install-record.txt --single-version-externally-managed --compile --install-headers C:\Users\user\PycharmProjects\straal\venv\include\site\python3.8\Pillow:
    running install
    running build
    running build_py
    creating build
    creating build\lib.win32-3.8
    creating build\lib.win32-3.8\PIL
    copying src\PIL\BdfFontFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\BlpImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\BmpImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\BufrStubImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ContainerIO.py -> build\lib.win32-3.8\PIL
    copying src\PIL\CurImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\DcxImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\DdsImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\EpsImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ExifTags.py -> build\lib.win32-3.8\PIL
    copying src\PIL\features.py -> build\lib.win32-3.8\PIL
    copying src\PIL\FitsStubImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\FliImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\FontFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\FpxImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\FtexImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\GbrImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\GdImageFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\GifImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\GimpGradientFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\GimpPaletteFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\GribStubImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\Hdf5StubImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\IcnsImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\IcoImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\Image.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageChops.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageCms.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageColor.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageDraw.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageDraw2.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageEnhance.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageFilter.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageFont.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageGrab.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageMath.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageMode.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageMorph.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageOps.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImagePalette.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImagePath.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageQt.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageSequence.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageShow.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageStat.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageTk.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageTransform.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImageWin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\ImtImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\IptcImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\Jpeg2KImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\JpegImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\JpegPresets.py -> build\lib.win32-3.8\PIL
    copying src\PIL\McIdasImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\MicImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\MpegImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\MpoImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\MspImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PaletteFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PalmImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PcdImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PcfFontFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PcxImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PdfImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PdfParser.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PixarImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PngImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PpmImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PsdImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PSDraw.py -> build\lib.win32-3.8\PIL
    copying src\PIL\PyAccess.py -> build\lib.win32-3.8\PIL
    copying src\PIL\SgiImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\SpiderImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\SunImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\TarIO.py -> build\lib.win32-3.8\PIL
    copying src\PIL\TgaImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\TiffImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\TiffTags.py -> build\lib.win32-3.8\PIL
    copying src\PIL\WalImageFile.py -> build\lib.win32-3.8\PIL
    copying src\PIL\WebPImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\WmfImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\XbmImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\XpmImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\XVThumbImagePlugin.py -> build\lib.win32-3.8\PIL
    copying src\PIL\_binary.py -> build\lib.win32-3.8\PIL
    copying src\PIL\_tkinter_finder.py -> build\lib.win32-3.8\PIL
    copying src\PIL\_util.py -> build\lib.win32-3.8\PIL
    copying src\PIL\_version.py -> build\lib.win32-3.8\PIL
    copying src\PIL\__init__.py -> build\lib.win32-3.8\PIL
    copying src\PIL\__main__.py -> build\lib.win32-3.8\PIL
    running egg_info
    writing src\Pillow.egg-info\PKG-INFO
    writing dependency_links to src\Pillow.egg-info\dependency_links.txt
    writing top-level names to src\Pillow.egg-info\top_level.txt
    reading manifest file 'src\Pillow.egg-info\SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    warning: no files found matching '*.c'
    warning: no files found matching '*.h'
    warning: no files found matching '*.sh'
    warning: no previously-included files found matching '.appveyor.yml'
    warning: no previously-included files found matching '.coveragerc'
    warning: no previously-included files found matching '.editorconfig'
    warning: no previously-included files found matching '.readthedocs.yml'
    warning: no previously-included files found matching 'codecov.yml'
    warning: no previously-included files matching '.git*' found anywhere in distribution
    warning: no previously-included files matching '*.pyc' found anywhere in distribution
    warning: no previously-included files matching '*.so' found anywhere in distribution
    no previously-included directories found matching '.ci'
    writing manifest file 'src\Pillow.egg-info\SOURCES.txt'
    running build_ext
    
    
    The headers or library files could not be found for zlib,
    a required dependency when compiling Pillow from source.
    
    Please see the install instructions at:
       https://pillow.readthedocs.io/en/latest/installation.html
    
    Traceback (most recent call last):
      File "C:\Users\user\AppData\Local\Temp\pip-install-btomp4o9\Pillow\setup.py", line 864, in <module>
        setup(
      File "C:\Users\user\PycharmProjects\straal\venv\lib\site-packages\setuptools-40.8.0-py3.8.egg\setuptools\__init__.py", line 145, in setup
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\core.py", line 148, in setup
        dist.run_commands()
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\dist.py", line 966, in run_commands
        self.run_command(cmd)
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\dist.py", line 985, in run_command
        cmd_obj.run()
      File "C:\Users\user\PycharmProjects\straal\venv\lib\site-packages\setuptools-40.8.0-py3.8.egg\setuptools\command\install.py", line 61, in run
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\command\install.py", line 545, in run
        self.run_command('build')
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\cmd.py", line 313, in run_command
        self.distribution.run_command(command)
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\dist.py", line 985, in run_command
        cmd_obj.run()
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\command\build.py", line 135, in run
        self.run_command(cmd_name)
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\cmd.py", line 313, in run_command
        self.distribution.run_command(command)
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\dist.py", line 985, in run_command
        cmd_obj.run()
      File "C:\Users\user\AppData\Local\Programs\Python\Python38-32\lib\distutils\command\build_ext.py", line 340, in run
        self.build_extensions()
      File "C:\Users\user\AppData\Local\Temp\pip-install-btomp4o9\Pillow\setup.py", line 694, in build_extensions
        raise RequiredDependencyException(f)
    __main__.RequiredDependencyException: zlib
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "C:\Users\user\AppData\Local\Temp\pip-install-btomp4o9\Pillow\setup.py", line 918, in <module>
        raise RequiredDependencyException(msg)
    __main__.RequiredDependencyException:
    
    The headers or library files could not be found for zlib,
    a required dependency when compiling Pillow from source.
    
    Please see the install instructions at:
       https://pillow.readthedocs.io/en/latest/installation.html
    
    
    
    ----------------------------------------

Command "C:\Users\user\PycharmProjects\straal\venv\Scripts\python.exe -u -c "import setuptools, tokenize;__file__='C:\\Users\\user\\AppData\\Local\\Temp\\pip-install-btomp4o9\\Pillow\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __fi
le__, 'exec'))" install --record C:\Users\user\AppData\Local\Temp\pip-record-byg6vj5z\install-record.txt --single-version-externally-managed --compile --install-headers C:\Users\user\PycharmProjects\straal\venv\include\site\python3.8\Pillow" failed with error code 1 in C:\Users\user\AppData\Local\Temp\pip-
install-btomp4o9\Pillow\

@nulano
Copy link
Contributor

nulano commented Oct 12, 2020

Likely related to #4730 / #4929 / #4103

@hugovk
Copy link
Member

hugovk commented Oct 12, 2020

Thanks for the report.

You can find the image here: https://github.com/python-pillow/Pillow/blob/master/Tests/images/string_dimension.tiff

This image was added as part of a fix for a security vulnerability (CVE-2019-16865), and is part of the test suite to make sure it remains fixed. It's not used by production code.

Please feel free to send the image to GDATA and link them to here or the following links:

This is similar to #4730, so we could fix it on our side like #4929.

There's something else going on here. You're trying to install for Python 3.8 on Windows but it's attempting to build from source and failing.

It's usually tricky to build from source on Windows, and that's why we create prebuilt binary wheels, but for some reason it's not picking those up.

If you'd like to debug this, you could post the output of pip install pillow --verbose --no-cache-dir

@hugovk hugovk added the Testing label Oct 12, 2020
@wtarnawski
Copy link
Author

Thank you for a quick response! Yes please, I'd like to debug.

pip install pillow --verbose --no-cache-dir > output.txt
output.txt

@hugovk
Copy link
Member

hugovk commented Oct 12, 2020
edited

Thanks!

Looking at the Windows wheels (Pillow-7.2.0-cp38-cp38-win*.whl), for some reason it says "it is not compatible with this Python":

    Skipping link https://files.pythonhosted.org/packages/9c/f0/00f71c1a52859f8f1b82ed6bc2bf5890321511b642c01242d38df02bb5d0/Pillow-7.2.0-cp38-cp38-win32.whl#sha256=725aa6cfc66ce2857d585f06e9519a1cc0ef6d13f186ff3447ab6dff0a09bc7f (from https://pypi.org/simple/pillow/) (requires-python:>=3.5); it is not compatible with this Python
    Skipping link https://files.pythonhosted.org/packages/91/d2/30ecd905746d1fee4004daae3f0051bf4b305bee1fe578bd7d1ea712d571/Pillow-7.2.0-cp38-cp38-win_amd64.whl#sha256=a060cf8aa332052df2158e5a119303965be92c3da6f2d93b6878f0ebca80b2f6 (from https://pypi.org/simple/pillow/) (requires-python:>=3.5); it is not compatible with this Python

Please could you also copy and paste the output of:

pip --version
python --version
python -m pip --version

@hugovk hugovk added Installation Usually a problem with … Windows labels Oct 12, 2020
@nulano
Copy link
Contributor

nulano commented Oct 12, 2020

Looks like it might be 19.0.3:

Traceback (most recent call last):
File "C:\Users<my user name>PycharmProjects<project name>\venv\lib\site-packages\pip-19.0.3-py3.8.egg\pip_internal\cli\base_command.py", line 179, in main

I think updating pip might be all that is needed here.

@hugovk
Copy link
Member

hugovk commented Oct 12, 2020

That'll be it, for Python 3.8 on Windows, you need pip 19.3 or newer to install the prebuilt binary wheels.

We recommend upgrading pip before installing Pillow:

@wtarnawski
Copy link
Author

wtarnawski commented Oct 12, 2020
edited

Damn, I missed that I was inside the virtualenv the whole time... Thanks guys :)

Could I ask you one thing more? When I run pip install --upgrade pip --verbose I get this Exception:
output.txt

EDIT: or maybe should I just destroy the old venv and make new one, with upgraded pip?

@hugovk
Copy link
Member

hugovk commented Oct 12, 2020

Searching, looks similar to pypa/pip#7069, you could try the suggestions in there. It might be cleaner to make a fresh venv.

@wtarnawski
Copy link
Author

OK, I will do it. Can I somehow send you a cookie for help? :)

@hugovk
Copy link
Member

hugovk commented Oct 13, 2020

A 👍 is enough :)

@hugovk hugovk mentioned this issue Oct 14, 2020
Merged
@radarhere radarhere mentioned this issue Oct 19, 2020
Merged
@radarhere
Copy link
Member

I've created #4993 to resolve this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Installation Usually a problem with … Testing Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Moved string_dimension CVE image to pillow-depends radarhere/Pillow
4 participants
@hugovk @radarhere @nulano @wtarnawski