Re: [PyInstaller] AVG antivurus complains
122 views
Skip to first unread message
claudio canepa
Oct 11, 2012, 4:01:33 PM10/11/12
to pyins...@googlegroups.com
On Thu, Oct 11, 2012 at 4:35 PM, claudio canepa <ccan...@gmail.com> wrote:
Today antivirus AVG 2013 free complained that cdpedia.exe (built with pyinstaller 2.0) was infected with 'trojan horse BackDoor.Generic15.CLOV'I followed the procedures depicted in AVG's How To Handle Suspicious False Positive Detection? [0] , no responses to the moment.
got response:
"""
Dear Sir / Madam,
Thank you for your email.
Unfortunately, the previous virus database might have detected the mentioned virus in some legitimate applications. We can confirm that this was a false alarm. We will release a new virus update removing the false positive detection of the mentioned file.
When the update is completed, AVG will automatically restore the falsely detected file from the AVG Virus Vault to its original location.
We apologize for any inconvenience.
Best regards,
Mark Joseph Capicio
AVG Customer Services
http://www.avg.com
Thank you for your email.
Unfortunately, the previous virus database might have detected the mentioned virus in some legitimate applications. We can confirm that this was a false alarm. We will release a new virus update removing the false positive detection of the mentioned file.
When the update is completed, AVG will automatically restore the falsely detected file from the AVG Virus Vault to its original location.
We apologize for any inconvenience.
Best regards,
Mark Joseph Capicio
AVG Customer Services
http://www.avg.com
"""
That was faster than expected.
[snip]
My I suggest that pyinstaller developers fills a similar false positive report for run.exe ?
Probably a solution for run.exe would be more robust that the one they developed for cdpedia.exe
Martin Zibricky
Oct 11, 2012, 4:42:57 PM10/11/12
to pyins...@googlegroups.com
claudio canepa píše v Čt 11. 10. 2012 v 17:01 -0300:
as I mentioned in http://www.pyinstaller.org/ticket/603, making run.exe
to comply with Windows Data Execution Prevention could be more robust
fix.
I need to find some guidelines how to do that.
> Probably a solution for run.exe would be more robust that the one they
> developed for cdpedia.exe
Hi claudio,
> developed for cdpedia.exe
as I mentioned in http://www.pyinstaller.org/ticket/603, making run.exe
to comply with Windows Data Execution Prevention could be more robust
fix.
I need to find some guidelines how to do that.
claudio canepa
Oct 11, 2012, 5:35:38 PM10/11/12
to pyins...@googlegroups.com
Hi Martin,
On Thu, Oct 11, 2012 at 5:42 PM, Martin Zibricky <mzibr....@gmail.com> wrote:
claudio canepa píše v Čt 11. 10. 2012 v 17:01 -0300:
> Probably a solution for run.exe would be more robust that the one theyHi claudio,
> developed for cdpedia.exe
as I mentioned in http://www.pyinstaller.org/ticket/603,
Thanks for the link, I searched the issue tracker by 'antivirus' and found nothing.
making run.exe
to comply with Windows Data Execution Prevention could be more robust
fix.
I need to find some guidelines how to do that.
It would be bummer to research 'Windows Data Execution Prevention' to find its not relevant.
I was not trying to run my executable nor pyinstaller run.exe, the alerts come from a scan.
I cannot point to exact wording, but the mention of specific threat name usually comes from signature analysis. Heuristic code analysis usually flags 'suspicious something in file zzz'
For a Windows Data Execution Prevention problem I would expect a OS MsgBox telling something, not an AV alert.
Probably you can get better info to attack the false positive problem directly from AVG, and given the fast response time I got, something worth to try.
Not telling you are wrong, but its feel to me like in premature optimization: going to suspected problems before problem confirmation.
cheers
Reply all
Reply to author
Forward
0 new messages