Windows EXE triggering antivirus false positives #1477

Open
opened 2019-06-30 23:04:43 +02:00 by PeterSurda · 3 comments
PeterSurda commented 2019-06-30 23:04:43 +02:00 (Migrated from github.com)

It seems to happen with the 32bit version only. You can verify it by uploading the binary to https://www.virustotal.com/. Tests I did a couple of years ago indicated that this may be triggered by the PyInstaller bootloader, which is use by some malware. Recompiling the bootloader seems to have fixed it but I haven't done recent tests, and the new cross-compiled binaries seem to trigger it again.

It only happens with very few of the AV engines. I had tried submitting false positive removal requests, but in particular the Chinese ones don't have a working method for that.

It seems to happen with the 32bit version only. You can verify it by uploading the binary to https://www.virustotal.com/. Tests I did a couple of years ago indicated that this may be triggered by the PyInstaller bootloader, which is use by some malware. Recompiling the bootloader seems to have fixed it but I haven't done recent tests, and the new cross-compiled binaries seem to trigger it again. It only happens with very few of the AV engines. I had tried submitting false positive removal requests, but in particular the Chinese ones don't have a working method for that.
ektacis commented 2019-07-02 14:47:47 +02:00 (Migrated from github.com)

Will check it

Will check it
bochen2027 commented 2019-07-08 05:29:53 +02:00 (Migrated from github.com)

so this version is safe to use or no?

so this version is safe to use or no?
PeterSurda commented 2019-07-08 07:20:59 +02:00 (Migrated from github.com)

@hydrogenpi yes, especially the development snapshots.

@hydrogenpi yes, especially the development snapshots.
This repo is archived. You cannot comment on issues.
No Milestone
No project
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-12-06#1477
No description provided.