search

Legrandin / pycryptodome

A self-contained cryptographic library for Python
https://www.pycryptodome.org
Other
2.81k stars 500 forks source link

Cryptodome: considered as a Trojan from Kaspersky AV #836

Closed lbartoletti closed 1 week ago

lbartoletti commented 1 week ago

First posted on https://github.com/mod-audio/mod-desktop/issues/66

FYI, Installing a software using Cryptodrome I get an alert (false positive, i hope 😉 ):

French log from Kaspersky

Nom de l'application: mod-desktop-0.0.12-win64-installer.tmp
Chemin d'accès à l'application: C:\Users\xxxx\AppData\Local\Temp\is-TDCBL.tmp
Module: Antivirus fichiers
Résultat de description: Détecté
Type: Cheval de Troie
Nom: VHO:Trojan.Win32.Agent.gen
Exactitude: Analyse heuristique
Niveau de menace: Élevé
Type d'objet: Fichier
Nom de l'objet: _cpuid_c.pyd
Chemin de l'objet: C:\Program Files\MOD Desktop\lib\Cryptodome\Util

English translation:

Kaspersky considers _cpuid_c.pyd from C:\Program Files\MOD Desktop\lib\Cryptodome\Util as a Trojan (Trojan.Win32.Agent.gen)

Legrandin commented 1 week ago

I see that in the other thread you were told this is a false positive.

For sure, the source code of _cpuid_c doesn not contain any trojan, but what goes into the compiled version depends on whoever compiled and distribute it. If you got it from pypi, then that's somewhat trustworthy as the wheels are compiled by us.

In any case, you can also consider uploading the file into VirusTotal.