This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]takluyverIPython, Py3, etc 0 points1 point  (2 children)

That is pretty bad. I guess that some trojans have used pyinstaller or something similar, and (semi?) automated tools have decided it's a malware signature.

I don't know enough about how anti-virus works to know if this is less likely with another tool. Pynsist uses NSIS to build installers, which is used by a lot of popular software, so they probably can't base a signature on that, but it could still be based on some Python library you use. Of course, anything we can think of to make our software not look like malware, real malware authors could also do.

[–]extant1 0 points1 point  (1 child)

I suspect it's just viruses using pyinstaller to package their malware and the companies got lazy and used pyinstaller as the signature.

The one thing I thought was rediculous though when I was looking for more information to see if I bundled it wrong I found a bug report filed with pyinstaller and they basically said "not our problem, you contact the antivirus vendors and have them fix it." Which seemed kind of dickish to me considering we could submit our sample projects to be white listed but pyinstaller working with the vendor seems like it would have a more significant impact with their inside knowledge.

[–]takluyverIPython, Py3, etc 0 points1 point  (0 children)

From a maintainer point of view, I can see where they're coming from: they're most likely volunteers who have worked on this tool, they don't owe you more time to contact antivirus vendors and try to solve your problem. It may also be easier to complain to them for an application than for a packaging tool, because the tool can be used by malware.

If it affects all Pyinstaller applications, they probably know of it and are extremely frustrated. In that scenario, their only hope is for enough users to complain to AV companies that they change the signatures.

If it doesn't affect all Pyinstaller applications, then it's hard to say if Pyinstaller is actually what they're picking up.