Be more specific with the PyInstaller rule?
LuCeHe opened this issue · comments
Hi,
I was wondering if you can change the rule that detects anything created with pyinstaller as malware to something that is more specific and more likely to really be malware. I think your rules became popular, and as a consequence now nobody can use pyinstaller to build an exe anymore. If you want to see people having troubles creating exes with pyinstaller check here, here or here.
Have a good day,
Luca
Hi Luca,
Thanks for the feedback. Do read: https://github.com/bartblaze/Yara-rules?tab=readme-ov-file#help-a-generic-rule-is-hitting-my-software
That said, I do hear you, so I've updated the "category" and it will now specifically state INFO. In addition, the description has been updated, adding "This rule by itself does NOT necessarily mean the detected file is malicious."
As an FYI, I do not control what any of the antivirus and other engines are reporting on VirusTotal. If there is a (generic) hit of them on your software, you'll need to reach out to them individually.