Erriez
commented
1 month ago @OriginalMossMan Thanks for your time reporting this issue. The goal of this project is publishing a useful open source MIDI tool without intention to include malware. Converting the Python code to a binary Windows executable is the tricky part which may result in in false positives with some virusscanner/malware detection applications such as Bitdefender. This is a known issue as described in the README.md.
I can provide you some guidelines what I did to minimize risk:
- As you already discovered, the Python code of this project is clean.
- The used packages listed in
requirements.txtare regularly updated and scanned via Github dependabot.yml. - The generated executables are built via Github Actions and includes a sha1 checksum in the build logs and release page. This way you can verify that the executables are generated via Github Actions.
- The build process uses Nuitka tooling which confirmed to be an issue generating false positives.
A quick scan on Windows 11 with latest updates did not report issues:
If you find any malware (not false positive), please let me know and I'll take action.
If you still don't trust the executables, I recommend to build the application from source. When you convert to an executable, you may encounter false positives as well.
I hope this explains that the project contains good intentions.
OriginalMossMan
Version
master
Description
v1.0.1 - BitDefender constantly blocks and deletes every single (temporary) file while trying to install or run the standalone program. Reported as Gen:Variant.Lazy.608271
I hope this is a false positive and not actual malware! It seems to be in the Windows packaging as there are no notifications if I download and browse the source.
Testcase
In Windows, install Bitdefender then try to install or run the SysEx app. You will encounter pop-ups announcing quarantine at every action.
Sketch
Logs
Checks
Export restrictions.