Compiled EXE-File is a trojan according AVL?

[RapidTech 1898]

Hello,

i compiled a python-program with pyinstaller and my client told me that their AVL-virus protection classifies the exe as a trojan...

(i am using windows defender and had never an alert in the past)

So i checked it with virustotal.com and indeed 3 security vendors flagged the file as malicious...

Due that my client is suspicious about the file - is there anything i can do about that?

Find attached the output from virustotal.com.

Thanks and kind regards, 

Markus

[Steve Barnes]

Just a suggestion - it might be worth unpacking the exe and checking the components to identify which are causing the alerts.

 

Steve (Gadget) Barnes

 

From: pyins...@googlegroups.com <pyins...@googlegroups.com> On Behalf Of RapidTech 1898
Sent: 18 October 2021 11:38
To: PyInstaller <pyins...@googlegroups.com>
Subject: [PyInstaller] Compiled EXE-File is a trojan according AVL?

 

Hello,

 

i compiled a python-program with pyinstaller and my client told me that their AVL-virus protection classifies the exe as a trojan...

(i am using windows defender and had never an alert in the past)

So i checked it with virustotal.com and indeed 3 security vendors flagged the file as malicious...

Due that my client is suspicious about the file - is there anything i can do about that?

Find attached the output from virustotal.com.

Thanks and kind regards, 

Markus

 

--
You received this message because you are subscribed to the Google Groups "PyInstaller" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pyinstaller...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pyinstaller/3d6c1075-ef36-4476-acc4-5650dd4374e8n%40googlegroups.com.

[Muhammad Rivan]

Well, it's of course a false detection. Most of AVs identify a single executable contains some py scripts as a virus. I'd rather suggest you to generate one-dir instead, and then pack it with NSIS or InnoSetup

[RapidTech 1898]

Hello - i also tried it to create it without --onefile parameter - but in that case i get also an virus alarm for the created exe-file.

[RapidTech 1898]

@Gadge: How can i unpack the exe-file - tried it with 7zip but was not possible.

@ rivanfe: Also tried to run pyinstaller without --onefile - but in that case also the created exe-file in the folder is flagged as malicious - same as with --onefile

On Tuesday, 19 October 2021 at 10:35:37 UTC+2 rivanfe...@gmail.com wrote:

[Jasper Harrison]

PyInstaller executables are, unfortunately, regularly flagged as malware by antivirus providers. We (the developers) believe it's the bootloaders that are causing the issue - when people build malware using PyInstaller (which we're sure some people do, like with any compiler/build tool) the AVs flag the file as malicious, and the bootloader is the only common component between them all. All you can do is report the file as a false positive.

Signing the exe file can also help prevent this from happening.

Jasper Harrison, aka Legorooj

Core Developer on PyInstaller

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

[Ulli Horlacher]

On Thu 2021-10-21 (08:38), 'Jasper Harrison' via PyInstaller wrote:

> Signing the exe file can also help prevent this from happening.

How do I sign a (Windows) executable?


--
Ullrich Horlacher Server und Virtualisierung
Rechenzentrum TIK
Universitaet Stuttgart E-Mail: horl...@tik.uni-stuttgart.de
Allmandring 30a Tel: ++49-711-68565868
70569 Stuttgart (Germany) WWW: http://www.tik.uni-stuttgart.de/
REF:<HBj9Qvcw62wYCEjxhQk7b-yQkCG505r5SL0j--FTlJgSzkFO01QzjyCLaG9NaNV6dTc-KOPRYGLVT3aw7ljGyQYTMeeuCA2fAFUFsctoTjk=@protonmail.com>