➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2013-12-06 21:13 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| easyinstall.png | christian.heimes, 2013-12-06 21:13 | |||
| Messages (8) | |||
|---|---|---|---|
| msg205402 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2013-12-06 21:13 | |
Since today test_venv fails because Avira Antivir claims that easy_install.exe contains the trojan horse TR/Crypt.XPACK.Gen-4. I haven't seen the issue before. I'm running CPython default on Windows 7 64bit with Avira 13. |
|||
| msg205407 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2013-12-06 21:43 | |
7 of 47 AV programs detect malicious software in PIPs easy_install.exe: Agnitum Packed/MPress 20131206 AhnLab-V3 Trojan/Win32.TesA 20131206 AntiVir TR/Crypt.XPACK.Gen4 20131206 Bkav HW32.CDB.9028 20131206 McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20131206 TrendMicro PAK_Generic.001 20131206 TrendMicro-HouseCall PAK_Generic.001 20131206 https://www.virustotal.com/de/file/4a22ec7ceae5bb480c3dbda55f13838af0cef9ed6e1d033e896723c29eadbb19/analysis/1386366065/ |
|||
| msg205461 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2013-12-07 15:26 | |
I found the offenders. distlib's wrapper scripts are detected as malicious programs by some anti virus programs. pip/_vendor/distlib/t32.exe https://www.virustotal.com/de/file/d06ad386d9dab9d08bdc01a3a14c713bd90b218ec4893c22da819826bd452e31/analysis/1386429889/ pip/_vendor/distlib/t64.exe https://www.virustotal.com/de/file/b043b38b8c24c31cffed5e29e995d879a14228901bee5b15e4158b8428e2699e/analysis/1386429784/ |
|||
| msg205463 - (view) | Author: Vinay Sajip (vinay.sajip) * |
Date: 2013-12-07 16:05 | |
Hmmm. I use mpress (http://www.matcode.com/mpress.htm) to compress the executables. These AV results seem to be false positives, given that the files are green-lit by Symantec, Sophos, McAfee, Kaspersky, F-Prot, AVG, Avast and a bunch of other reputable AV products (based on Christian's links). I suppose the executables could be shipped uncompressed (apparently the UPX compressor also sometimes causes false positives with AV software - and UPX can't compress 64-bit executables). There have been complaints in the past that Avira's heuristics are not careful enough: https://forum.avira.com/wbb/index.php?page=Thread&threadID=127271 That link points to a 2011 thread. |
|||
| msg205464 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2013-12-07 16:09 | |
How are you creating these files anyway? I can't find any documentation or source files in distlib. |
|||
| msg205466 - (view) | Author: Vinay Sajip (vinay.sajip) * |
Date: 2013-12-07 16:18 | |
It's in the docs at e.g. http://distlib.readthedocs.org/en/latest/reference.html?highlight=launcher#distlib.scripts.ScriptMaker.__init__ and in the code at e.g. https://bitbucket.org/vinay.sajip/distlib/src/a50562ee0b535b2966948f1a657c1cac4c1536eb/distlib/scripts.py?at=default#cl-272 The project to generate the launchers is at https://bitbucket.org/vinay.sajip/simple_launcher/ |
|||
| msg205589 - (view) | Author: Vinay Sajip (vinay.sajip) * |
Date: 2013-12-08 18:06 | |
This commit in distlib uses uncompressed launcher executables which pass the virustotal.com checks: https://bitbucket.org/pypa/distlib/commits/e23c9e4fd3125fa88063de4dec80367b1ac82aff |
|||
| msg206226 - (view) | Author: Vinay Sajip (vinay.sajip) * |
Date: 2013-12-15 11:24 | |
I've released distlib 0.1.5 on PyPI. This release uses uncompressed launchers which (at the time of writing) pass the checks on virustotal.com. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:55 | admin | set | github: 64112 |
| 2013-12-15 11:24:37 | vinay.sajip | set | status: open -> closed resolution: fixed messages: + msg206226 |
| 2013-12-08 18:06:47 | vinay.sajip | set | messages: + msg205589 |
| 2013-12-07 16:18:40 | vinay.sajip | set | messages: + msg205466 |
| 2013-12-07 16:09:40 | christian.heimes | set | messages: + msg205464 |
| 2013-12-07 16:05:23 | vinay.sajip | set | messages: + msg205463 |
| 2013-12-07 15:26:39 | christian.heimes | set | nosy:
+ vinay.sajip messages: + msg205461 |
| 2013-12-06 21:43:13 | christian.heimes | set | messages: + msg205407 |
| 2013-12-06 21:13:58 | christian.heimes | create | |