GAM-team / got-your-back

Got Your Back (GYB) is a command line tool for backing up your Gmail messages to your computer using Gmail's API over HTTPS.
https://github.com/GAM-team/got-your-back/wiki
Apache License 2.0
2.64k stars 209 forks source link

Trojan detected on msi x64 installer 1.50 #318

Closed logicafuzzy closed 3 years ago

logicafuzzy commented 3 years ago

Trojan:Win32/Zpevdo.B detected by Windows Virus&Threat protection

image

Full steps to reproduce the issue:

  1. Download version 1.50 .msi or .zip x64 release
  2. Wait for antivirus or Windows V&T protection to trigger

Expected outcome (what are you trying to do?): no trojans :)

Actual outcome (what errors or bad behavior do you see instead?): Trojan:Win32/Zpevdo.B detected

Note: no trojan detected in x86 versions and for versions <=1.42

logicafuzzy commented 3 years ago

Could likely be a false positive, if no one else is having the same issue

seedeewhy commented 3 years ago

Experienced this too when trying to download gyb-1.50-windows-x86_64.zip. image

seedeewhy commented 3 years ago

32bit version works fine though. Is it really a false positive?

HubHugGit commented 3 years ago

Avira anti virus detected the characteristics of a trojan in gyb.exe from gyb-1.50-windows-x86.zip and gyb-1.50-windows-x86_64.zip It's not a specific detection. Is it detecting Python ?

b0park commented 3 years ago

Microsoft ATP also doesn't like it, Virustotal isn't a fan either. https://www.virustotal.com/gui/file/28768d79a038c6975100b6951a623bfe0dcf9c6db2f44d1e30789f70f1414274/detection

jay0lee commented 3 years ago

I have zero ability to prevent these false positives across vendors. Please report this as a false positive to your AV vendor.

Jay Lee

On Thu, Jun 10, 2021 at 9:17 AM b0park @.***> wrote:

Microsoft ATP also doesn't like it, Virustotal isn't a fan either. https://www.virustotal.com/gui/file/28768d79a038c6975100b6951a623bfe0dcf9c6db2f44d1e30789f70f1414274/detection

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jay0lee/got-your-back/issues/318#issuecomment-858614985, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABDIZMHFTEBKPDFZ7JYK6LLTSC3P7ANCNFSM45EA6OCA .

wazimshizm commented 3 years ago

image

image

image

image

Same issue, suddenly gyb commands don't work, tried to redownload & chrome won't let it.

Windows defender + no 3rd party antivirus.

Flippertie commented 3 years ago

I'm getting this on a clean windows install, with just windows defender, no 3rd part antivirus. 64 bit versions (MSI and zip) blocked as virus. Installed cleanly using the gyb-1.50-windows-x86.msi

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

jay0lee commented 3 years ago

This is antivirus vendors being overly aggressive and detecting all compiled Python executables as a virus. I added some changes in 1.52 that should hopefully mitigate the issue but the problem is how AV vendors decide a file is malicious, not GYB.