Windows Defender has detected Trojan:Win32/Bearfoos.A!ml in 4.2.0 and 4.2.1
DokuKaefer opened this issue · comments
SABnzbd version
4.2.0 and 4.2.1
Operating system
Windows 11 Version 23H2 (Build 22631.2861)
Using Docker image
None
Description
Windows Defender has detected Trojan:Win32/Bearfoos.A!ml in 4.2.0 and 4.2.1
Sorry for german screenshot
Version 4.1.0 has no problems.
dupe of #1606
tell it that sab is okay / whitelist it / report it to the manufc. - https://sabnzbd.org/wiki/faq#virusscanners
@jcfp @thezoggy @sanderjo I have replaced the current 4.2.1 binaries with ones build using PyInstaller 5.13.2 instead of the latest version. It has only 3 hits instead of the 6: https://www.virustotal.com/gui/file/f80cf1c1b5743f598c326b66fb7818a3df5422cf9cdc066d541158aaed329ab6?nocache=1
It seems virusscanners really don't like the new 6.1 bootloader that they use, as there's nothing else in the SABnzbd.exe, it's only 300KB in size..
Smart!
Does that deserve a version number 4.2.2 to avoid confusion among our users?
And indeed: what is SABnzbd.exe small. So the real SAB stuff is not in there (if anything at all). And thus it must indeed be pyinstaller in there that is triggering the virusscanners
sander@zwart2204:~/Downloads/SABnzbd-4.2.1$ ll *exe
-rw-rw-r-- 1 sander sander 285704 jan 6 08:28 SABnzbd-console.exe
-rw-rw-r-- 1 sander sander 286728 jan 6 08:28 SABnzbd.exe
Nothing to see:
sander@zwart2204:~/Downloads/sabbie-sabnzbd.org/SABnzbd-4.2.1$ strings SABnzbd.exe | grep -i -e python -e sabnzbd
Py_SetPythonHome
Failed to get address for Py_SetPythonHome
Error loading Python DLL '%s'.
PYTHONUTF8
Invalid value for PYTHONUTF8=%s; disabling utf-8 mode!
Error detected starting Python VM.
<assemblyIdentity type="win32" name="SABnzbd" processorArchitecture="amd64" version="1.0.0.0"/>
No new version needed I think.