search

AUTOMATIC1111 / stable-diffusion-webui-promptgen

stable-diffusion-webui-promptgen
MIT License
484 stars 93 forks source link

Microsoft Defender Antivirus has detected malware in lexart model included with this extension #12

Open halr9000 opened 1 year ago

halr9000 commented 1 year ago

Until this is resolved, I highly recommend switching to a different, safe model (see first comment below), and if you don't know how to do that, cease using this extension. Could be a false alarm, but safer to trust Microsoft rather than disable pickle checks.

Repro steps:

  1. Install extension
  2. Switch to promptgen tab, generate a result
  3. In auto1111, this error is reported: AttributeError: 'NoneType' object has no attribute 'keys'
  4. Windows Defender alerted me to a threat

Note that promptgen cannot be used once the file has been quarantined. So this is a critical issue even if Defender is throwing a false alarm.

I'll note that I've been using promptgen happily for months, this is the first time Defender popped up. Possible this is a false alarm, but also possible it's a newly updated model on huggingface, or a newly updated definition by MS which finds malware which had always been present. Looking at Defender, this issue started popping up 3/15.

image

See details below:

auto1111 console:

Error completing request
Arguments: ('task(haiekb5zjbi57or)', 'AUTOMATIC/promptgen-lexart', 1, 10, 'android', 20, 150, 1, 1, 1, 1, 'Top K', 12, 0.15) {}
Traceback (most recent call last):
  File "D:\hal\stable-diffusion\auto\modules\call_queue.py", line 56, in f
    res = list(func(*args, **kwargs))
  File "D:\hal\stable-diffusion\auto\modules\call_queue.py", line 37, in f
    res = func(*args, **kwargs)
  File "D:\hal\stable-diffusion\auto\extensions\stable-diffusion-webui-promptgen\scripts\promptgen.py", line 99, in generate
    current.model = transformers.AutoModelForCausalLM.from_pretrained(path)
  File "D:\hal\stable-diffusion\auto\venv\lib\site-packages\transformers\models\auto\auto_factory.py", line 463, in from_pretrained
    return model_class.from_pretrained(
  File "D:\hal\stable-diffusion\auto\venv\lib\site-packages\transformers\modeling_utils.py", line 2258, in from_pretrained
    loaded_state_dict_keys = [k for k in state_dict.keys()]
AttributeError: 'NoneType' object has no attribute 'keys'

Error verifying pickled file from C:\Users\hal/.cache\huggingface\hub\models--AUTOMATIC--promptgen-lexart\snapshots\fe1dd16ac290199872bb27a0f72dc20839e81ed5\pytorch_model.bin:
Traceback (most recent call last):
  File "D:\hal\stable-diffusion\auto\modules\safe.py", line 135, in load_with_extra
    check_pt(filename, extra_handler)
  File "D:\hal\stable-diffusion\auto\modules\safe.py", line 81, in check_pt
    with zipfile.ZipFile(filename) as z:
  File "C:\Users\hal\AppData\Local\Programs\Python\Python310\lib\zipfile.py", line 1249, in __init__
    self.fp = io.open(file, filemode)
OSError: [Errno 22] Invalid argument: 'C:\\Users\\hal/.cache\\huggingface\\hub\\models--AUTOMATIC--promptgen-lexart\\snapshots\\fe1dd16ac290199872bb27a0f72dc20839e81ed5\\pytorch_model.bin'

The file may be malicious, so the program is not going to read it.
You can skip this check with --disable-safe-unpickle commandline argument.

Windows event log:

Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          3/19/2023 10:39:36 AM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      <name>
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
 For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0
    Name: Trojan:Script/Wacatac.H!ml
    ID: 2147814524
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\hal\.cache\huggingface\hub\models--AUTOMATIC--promptgen-lexart\blobs\8bb89c281830a1a860eab274def8a89f401ef1a38f727ace494edd0f90081404
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: Real-Time Protection
    User: MANDO\hal
    Process Name: C:\Users\hal\AppData\Local\Programs\Python\Python310\python.exe
    Security intelligence Version: AV: 1.385.456.0, AS: 1.385.456.0, NIS: 1.385.456.0
    Engine Version: AM: 1.1.20100.6, NIS: 1.1.20100.6
halr9000 commented 1 year ago

Interesting, 3 days ago, someone submitted PR for a safetensors version on hf here https://huggingface.co/AUTOMATIC/promptgen-lexart/discussions/1

That'd be nice right about now @AUTOMATIC1111

halr9000 commented 1 year ago

Reported on hf https://huggingface.co/AUTOMATIC/promptgen-lexart/discussions/2

0lm commented 1 year ago

Could you tell me where the models even are saved? I installed the models by adding the Huggingface Name into Promptgen Tab in the Settings. But I never could find out where exactly they were downloaded. That said, I let Windows Defender scan the whole Stable Diffusion Directory and also the huggingface cache in the Userfolder. There was no alert for me.