Windows Defender has detected Trojan:Win32/Bearfoos.A!ml in 4.2.0 and 4.2.1

[DokuKaefer]

SABnzbd version

4.2.0 and 4.2.1

Operating system

Windows 11 Version 23H2 (Build 22631.2861)

Using Docker image

None

Description

Windows Defender has detected Trojan:Win32/Bearfoos.A!ml in 4.2.0 and 4.2.1

Sorry for german screenshot

Version 4.1.0 has no problems.

[thezoggy]

dupe of #1606

tell it that sab is okay / whitelist it / report it to the manufc. - https://sabnzbd.org/wiki/faq#virusscanners

[Safihre]

@jcfp @thezoggy @sanderjo I have replaced the current 4.2.1 binaries with ones build using PyInstaller 5.13.2 instead of the latest version. It has only 3 hits instead of the 6: https://www.virustotal.com/gui/file/f80cf1c1b5743f598c326b66fb7818a3df5422cf9cdc066d541158aaed329ab6?nocache=1
It seems virusscanners really don't like the new 6.1 bootloader that they use, as there's nothing else in the SABnzbd.exe, it's only 300KB in size..

[sanderjo]

Smart!

Does that deserve a version number 4.2.2 to avoid confusion among our users?

And indeed: what is SABnzbd.exe small. So the real SAB stuff is not in there (if anything at all). And thus it must indeed be pyinstaller in there that is triggering the virusscanners

sander@zwart2204:~/Downloads/SABnzbd-4.2.1$ ll *exe
-rw-rw-r-- 1 sander sander 285704 jan  6 08:28 SABnzbd-console.exe
-rw-rw-r-- 1 sander sander 286728 jan  6 08:28 SABnzbd.exe

Nothing to see:

sander@zwart2204:~/Downloads/sabbie-sabnzbd.org/SABnzbd-4.2.1$ strings SABnzbd.exe  | grep -i -e python -e sabnzbd
Py_SetPythonHome
Failed to get address for Py_SetPythonHome
Error loading Python DLL '%s'.
PYTHONUTF8
Invalid value for PYTHONUTF8=%s; disabling utf-8 mode!
Error detected starting Python VM.
  <assemblyIdentity type="win32" name="SABnzbd" processorArchitecture="amd64" version="1.0.0.0"/>

[Safihre]

No new version needed I think.