Windows Defender has detected Trojan:Win32/Bearfoos.A!ml in 4.2.0 and 4.2.1
DokuKaefer opened this issue · comments
dupe of #1606
tell it that sab is okay / whitelist it / report it to the manufc. - https://sabnzbd.org/wiki/faq#virusscanners
@jcfp @thezoggy @sanderjo I have replaced the current 4.2.1 binaries with ones build using PyInstaller 5.13.2 instead of the latest version. It has only 3 hits instead of the 6: https://www.virustotal.com/gui/file/f80cf1c1b5743f598c326b66fb7818a3df5422cf9cdc066d541158aaed329ab6?nocache=1
It seems virusscanners really don't like the new 6.1 bootloader that they use, as there's nothing else in the SABnzbd.exe
, it's only 300KB in size..
Smart!
Does that deserve a version number 4.2.2 to avoid confusion among our users?
And indeed: what is SABnzbd.exe small. So the real SAB stuff is not in there (if anything at all). And thus it must indeed be pyinstaller in there that is triggering the virusscanners
sander@zwart2204:~/Downloads/SABnzbd-4.2.1$ ll *exe
-rw-rw-r-- 1 sander sander 285704 jan 6 08:28 SABnzbd-console.exe
-rw-rw-r-- 1 sander sander 286728 jan 6 08:28 SABnzbd.exe
Nothing to see:
sander@zwart2204:~/Downloads/sabbie-sabnzbd.org/SABnzbd-4.2.1$ strings SABnzbd.exe | grep -i -e python -e sabnzbd
Py_SetPythonHome
Failed to get address for Py_SetPythonHome
Error loading Python DLL '%s'.
PYTHONUTF8
Invalid value for PYTHONUTF8=%s; disabling utf-8 mode!
Error detected starting Python VM.
<assemblyIdentity type="win32" name="SABnzbd" processorArchitecture="amd64" version="1.0.0.0"/>
No new version needed I think.