[issue19913] TR/Crypt.XPACK.Gen-4 in easy_install.exe
Vinay Sajip added the comment: I've released distlib 0.1.5 on PyPI. This release uses uncompressed launchers which (at the time of writing) pass the checks on virustotal.com. -- resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19913 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19913] TR/Crypt.XPACK.Gen-4 in easy_install.exe
Vinay Sajip added the comment: This commit in distlib uses uncompressed launcher executables which pass the virustotal.com checks: https://bitbucket.org/pypa/distlib/commits/e23c9e4fd3125fa88063de4dec80367b1ac82aff -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19913 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19913] TR/Crypt.XPACK.Gen-4 in easy_install.exe
Christian Heimes added the comment: I found the offenders. distlib's wrapper scripts are detected as malicious programs by some anti virus programs. pip/_vendor/distlib/t32.exe https://www.virustotal.com/de/file/d06ad386d9dab9d08bdc01a3a14c713bd90b218ec4893c22da819826bd452e31/analysis/1386429889/ pip/_vendor/distlib/t64.exe https://www.virustotal.com/de/file/b043b38b8c24c31cffed5e29e995d879a14228901bee5b15e4158b8428e2699e/analysis/1386429784/ -- nosy: +vinay.sajip ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19913 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19913] TR/Crypt.XPACK.Gen-4 in easy_install.exe
Vinay Sajip added the comment: Hmmm. I use mpress (http://www.matcode.com/mpress.htm) to compress the executables. These AV results seem to be false positives, given that the files are green-lit by Symantec, Sophos, McAfee, Kaspersky, F-Prot, AVG, Avast and a bunch of other reputable AV products (based on Christian's links). I suppose the executables could be shipped uncompressed (apparently the UPX compressor also sometimes causes false positives with AV software - and UPX can't compress 64-bit executables). There have been complaints in the past that Avira's heuristics are not careful enough: https://forum.avira.com/wbb/index.php?page=ThreadthreadID=127271 That link points to a 2011 thread. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19913 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19913] TR/Crypt.XPACK.Gen-4 in easy_install.exe
Christian Heimes added the comment: How are you creating these files anyway? I can't find any documentation or source files in distlib. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19913 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19913] TR/Crypt.XPACK.Gen-4 in easy_install.exe
Vinay Sajip added the comment: It's in the docs at e.g. http://distlib.readthedocs.org/en/latest/reference.html?highlight=launcher#distlib.scripts.ScriptMaker.__init__ and in the code at e.g. https://bitbucket.org/vinay.sajip/distlib/src/a50562ee0b535b2966948f1a657c1cac4c1536eb/distlib/scripts.py?at=default#cl-272 The project to generate the launchers is at https://bitbucket.org/vinay.sajip/simple_launcher/ -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19913 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19913] TR/Crypt.XPACK.Gen-4 in easy_install.exe
New submission from Christian Heimes: Since today test_venv fails because Avira Antivir claims that easy_install.exe contains the trojan horse TR/Crypt.XPACK.Gen-4. I haven't seen the issue before. I'm running CPython default on Windows 7 64bit with Avira 13. -- files: easyinstall.png messages: 205402 nosy: christian.heimes, dstufft, larry, ncoghlan priority: release blocker severity: normal status: open title: TR/Crypt.XPACK.Gen-4 in easy_install.exe type: security versions: Python 3.4 Added file: http://bugs.python.org/file33012/easyinstall.png ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19913 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19913] TR/Crypt.XPACK.Gen-4 in easy_install.exe
Christian Heimes added the comment: 7 of 47 AV programs detect malicious software in PIPs easy_install.exe: Agnitum Packed/MPress 20131206 AhnLab-V3 Trojan/Win32.TesA 20131206 AntiVir TR/Crypt.XPACK.Gen4 20131206 BkavHW32.CDB.9028 20131206 McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20131206 TrendMicro PAK_Generic.001 20131206 TrendMicro-HouseCallPAK_Generic.001 20131206 https://www.virustotal.com/de/file/4a22ec7ceae5bb480c3dbda55f13838af0cef9ed6e1d033e896723c29eadbb19/analysis/1386366065/ -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19913 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com