search

Sanster / IOPaint

Image inpainting tool powered by SOTA AI Model. Remove any unwanted object, defect, people from your pictures or erase and replace(powered by stable diffusion) any thing on your pictures.
https://www.iopaint.com/
Apache License 2.0
18.27k stars 1.86k forks source link

malware found inside - cond_stage_model_decode.pt - Real or FP? #536

Open creeduk opened 1 month ago

creeduk commented 1 month ago

June 1st using another custom node with a Lama Remover I selected the model LDM, it starts to download dependency and has a use if IOPaint and the LDM Decode model:

LDM_DECODE_MODEL_URL = os.environ.get( "LDM_DECODE_MODEL_URL", "https://github.com/Sanster/models/releases/download/add_ldm/cond_stage_model_decode.pt",

Yesterday evening my AV reported Trojan:win32/Sirefef!cfg and quarantined the model. Some googling on the model has limited results, but the trojan I see some reports of false positives associated with other SD things. Can you check and confirm if it is safe or is it some how pickled or just an FP?

I will let the LayerStyles Custom node author now as well

Saaalih2g commented 1 month ago

تاكد من مدى ضرره على الجهاز

في ثلاثاء، 4 يونيو، 2024 في 7:52 م، كتب creeduk @.***>:

June 1st using another custom node with a Lama Remover I selected the model LDM, it starts to download dependency and has a use if IOPaint and the LDM Decode model:

LDM_DECODE_MODEL_URL = os.environ.get( "LDM_DECODE_MODEL_URL", " https://github.com/Sanster/models/releases/download/add_ldm/cond_stage_model_decode.pt ",

Yesterday evening my AV reported Trojan:win32/Sirefef!cfg and quarantined the model. Some googling on the model has limited results, but the trojan I see some reports of false positives associated with other SD things. Can you check and confirm if it is safe or is it some how pickled or just an FP?

I will let the LayerStyles Custom node author now as well

— Reply to this email directly, view it on GitHub https://github.com/Sanster/IOPaint/issues/536, or unsubscribe https://github.com/notifications/unsubscribe-auth/A5IDPXDLULEW4IDRBZ6GIUTZFXWDHAVCNFSM6AAAAABIY4YRGOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMZTGOJXGEYDONQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

creeduk commented 1 month ago

I don't see any and hopefully there is none. Doing a full system check.

Checking this page - https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Sirefef!cfg I looked at the other files it shows could be on the system and found none. It did not report malware in memory, I did run that cleaner option a few times to evaluate which Lama Models did the best jobs for various situations.

Not sure if there is an alt model, did you train the model, is it capable of doing anything malicious while running in that model in comfy? I would appreciate if anybody can validate a false positive? I have stopped using that module of the layerstyles node that called this and using alternative lama for now.