classification
Title: Antivirus hits on python-2.7.14.amd64.msi file
Type: behavior Stage: resolved
Components: Versions: Python 2.7
process
Status: closed Resolution: third party
Dependencies: Superseder:
Assigned To: Nosy List: brett.rasmussen@inl.gov, paul.moore, steve.dower, tim.golden, xtreak, zach.ware
Priority: normal Keywords:

Created on 2018-04-03 22:24 by brett.rasmussen@inl.gov, last changed 2019-08-02 22:59 by steve.dower. This issue is now closed.

Messages (2)
msg314904 - (view) Author: Brett Rasmussen (brett.rasmussen@inl.gov) Date: 2018-04-03 22:24
The antivirus program 'AVG Business Edition' reported that the file 
python-2.7.14.amd64.msi contained "Trojan horse SCGeneric_c6.HJQ".

The virustotal.com web site reported a match on MD5
  370014d73c3059f610c27365def62058  for file python-2.7.14.amd64.msi

  (i.e. Baidu  Win32.Trojan.WisdomEyes.16070401...)

Hopefully these are just 'false positives' ?

Thanks,
BR
msg319817 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python committer) Date: 2018-06-17 14:37
Thanks for the report. I think it's a false positive and the md5 you have attached matches with the official release of 2.7.14 installer that you can verify from https://www.python.org/downloads/release/python-2714/. There were similar cases reported and for the most part they are mostly false positives that have to be reported to the antivirus vendor so that they update the signature.

BitDefender reporting msi installer as a virus : https://bugs.python.org/issue30944
Similar case with virustotal.com for 2.17.2 msi installer : https://github.com/python/pythondotorg/issues/1092


Thanks
History
Date User Action Args
2019-08-02 22:59:04steve.dowersetstatus: open -> closed
resolution: third party
stage: resolved
2018-06-17 14:37:10xtreaksetnosy: + xtreak
messages: + msg319817
2018-04-04 05:15:07ned.deilysetnosy: + paul.moore, tim.golden, zach.ware, steve.dower
2018-04-03 22:24:02brett.rasmussen@inl.govcreate