New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows defender flags ninja.exe as containing a trojan #33
Comments
Thanks for bringing this up 🙏 Let's try to have a look:
Is defender raising an alarm after downloading https://github.com/kitware/ninja/archive/v1.10.0.gfb670.kitware.jobserver-1.zip ? Could you also check if definer complain after downloading the binary provided by the upstream project ? See https://github.com/ninja-build/ninja/releases/download/v1.10.0/ninja-win.zip Thanks for your help, |
I download both https://github.com/kitware/ninja/archive/v1.10.0.gfb670.kitware.jobserver-1.zip and https://github.com/ninja-build/ninja/releases/download/v1.10.0/ninja-win.zip on my windows 10 vm, extracted both and also manually scanned both of the extracted zips. Nothing was flagged by windows defender. Although for https://github.com/kitware/ninja/archive/v1.10.0.gfb670.kitware.jobserver-1.zip I didn't see a binary in the extracted contents. But, I did also download: https://github.com/Kitware/ninja/releases/download/v1.10.0.gfb670.kitware.jobserver-1/ninja-1.10.0.gfb670.kitware.jobserver-1_i686-pc-windows-msvc.zip from the release page on the Kitware/ninja repo and that was flagged. So it looks like the source of the infected binary is that |
We probably should report this to the Kitware/ninja maintainers and pull the infected wheels from pypi in the meantime |
Good point, I referenced the wrong link. I edited my comment with the correct link that you also looked at.
Good news is that I work at Kitware, I will engage with the relevant team and report back.
Thanks for checking. |
Waiting this is sorted out, I just deleted the windows wheel from the release. |
* Looks like the Windows wheels were removed from pypi: scikit-build/ninja-python-distributions#33
* Looks like the Windows wheels were removed from pypi: scikit-build/ninja-python-distributions#33
Analyzing the executable with VirusTotal didn't report any problem Running it through Microsoft Safety Scanner as well as ESET did not detect anything. We would recommend submitting it to Microsoft as a false positive (Requires a Microsoft account) Here you can get an overview of the process |
We also updated https://github.com/Kitware/ninja/releases/download/v1.10.0.gfb670.kitware.jobserver-1/ninja-1.10.0.gfb670.kitware.jobserver-1_i686-pc-windows-msvc.zip to include a signed executable. I will now generate |
Pip installing ninja (via a setup dependency for a project relying on scikit-build to build) is failing because windows defender is blocking ninja.exe. It is flagging ninja.exe in the wheel as containing a trojan:
The text was updated successfully, but these errors were encountered: