-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Binaries created using 3.5 flagged as trojan #4343
Comments
Please contact you anti-virus vendor. There is nothing we can do about this false positive. If your anti-virus vendor considers one of the files included in the PyInstaller distribution or a file generated by PyInstaller to be malicious, there is nothing we can do about this. Even if we'd change our code, they'd change their pattern and the race starts again. See this mailing-list thread and other tickets for his topic. |
Could you please give me information on this edit: to be more specific
|
I've also seen this in 2 binaries we built with PyInstaller 3.4. I'm actually quite sure those are not malicious, our whole build is reproducible from source and we rebuild the PyInstaller bootloader. This seems to be an issue with the VirusTotal sandbox. I've done local tests on real machines and virtual machines, tracing filesystem operations and I saw no indication that these files actually get created / executed. |
From the full log on VT (top right) it looks like the uploaded exe file itself is what gets saved as |
This does not just affect PyInstaller users. Scanning the binary in OPSWAT MetaDefender Dynamic Analysis also shows no such file access. I'm confident that the generated binaries are clean. |
Locking the issue as this is not a PyInstaller issue. |
Hello, I realize this is very likely a false positive, but I felt the need to share this in the slight chance it's not. I've read similar git issues, but I've not seen someone report this in particular.
Here are 3 virustotal results for the same python file compiled using
pyinstaller --onefile
on Windows 10dev (pip install https://github.com/pyinstaller/pyinstaller/archive/develop.zip)
3.5 (pip install pyinstaller)
3.4 (pip install PyInstaller==3.4)
I believe it's unrelated to the AV scan(as it also happens on 3.4), but I'm also looking for information on why these binaries are creating then running a binary at
C:\Users\<USER>\Downloads\<NAME>.exe
. It seems to be a different file name each time. So far I've seeninvoice.exe
,sample.exe
,factura.exe
andimportant_document.exe
. Couldn't find any information on this in the docs or the code.The text was updated successfully, but these errors were encountered: