Virus detected in release 0.3.2

[audrius-a]

As soon as I downloaded the Laser_Level_Webcam_v0.3.2.exe the Windows antivirus flagged it up. The report says Trojan:Win32/Wacatac.H!ml - This program is dangerous and executes commands from an attacker.

The release v0.3.1 has passed antivirus checks but I'm still not comfortable running it.

[bhowiebkr]

Yeah it’s getting picked up as a false positive. I also ran it on www.virustotal.com and it thinks it has all kinds of different viruses. Only one of them (ESET-NOD32) correctly identified that it is a Python packaged with Nuitka.

I could submit a false positive bug report to Microsoft by honestly it’s not worth the time because I’ll be making updated to the tool and it’ll just think it’s now or different kind of virus.

So instead if you don’t want to run the binary (which is understandable when virus software freaks out), You have 2 options.

1. You can run the tool from python. See “Running from Python source” in the README.md. This means downloading Python version 3.10 specifically and running the pip command to get the dependencies the tool needs.
2. If you’ve done option 1 and you want to compile the python code yourself as an exe using Nuitka, Run the compile.bat file which will compile the python tool into an exe. Because your own machine has built the exe itself, your computer's signature would likely get past your virus software. A warning for people wanting to build the EXE, you need Python 3.10 not 3.11 (at this moment Nuitka does not like Python 3.11). You will also want to install the dependencies into a venv. See https://docs.python.org/3/library/venv.html Otherwise Nuitka will very likely pick up other dependencies and bloat the size and compile time of the exe.

You can read up more on the annoyances with trying to make python code easier for others here: https://medium.com/@markhank/how-to-stop-your-python-programs-being-seen-as-malware-bfd7eb407a7

And also a common topic on stack overflow: https://stackoverflow.com/questions/43777106/program-made-with-pyinstaller-now-seen-as-a-trojan-horse-by-avg

I’ll leave this ticket open in case others run into the same issues and want to know how to run from python or build the exe by themselves.

[larskarla]

Same for me, reported as a virus and not even able to download the exe. (0.3.2) To lazy to compile myself. Found some suggestions to fix the same problem by encrypting: https://stackoverflow.com/questions/64788656/exe-file-made-with-pyinstaller-being-reported-as-a-virus-threat-by-windows-defen Maybe that could work?

[bhowiebkr]

Jumping through hoops to make these anti virus tools happy is hopeless. You can override your antivirus to tell it that a specific exe is safe. If you don’t want to do that, I would suggest just running the tool from Python.

[bhowiebkr]

@larskarla I added a zip file for 0.3.2 It should allow you to at least download the binary before your antivirus automatically deleting it.

[thomant]

It's reported as serious by MS Defender: " Trojan:Script/Wacatac.B!ml - This program is dangerous and runs commands from an attacker." How come it's only in the latest version?

[bhowiebkr]

It's a false positive and nothing more. I think I'll remove the pre compiled binaries from the next release and have it up to the user to build the binaries themselves if they want to run it as a single exe file.

[thomant]

Yes, I like what you have done, but still, I'm running the previous version now, and I haven't suffered from the memory leak yet... How come that version is OK? Isn't it compiled the same way? Same compiler version?

[bhowiebkr]

The memory thing is kind of a runaway effect if your computer isn't able to keep up one of the worker threads the QT media components will start offering and it causes a cascading effect where it feel up all your RAM. This version also because of those issues regardless if it's feeling your rim up or not it uses about four times the cpu power.

I'm going to look at a bug fix someone noted on the tool and merge it in if it's all good. I'll make a new release and that one may or may not show up as a virus.

If this tool gets more popular or if anyone wants to donate funds towards it, I'll go through the headaches and costs of getting signatures from Microsoft so it'll show up as not a virus.

The whole thing with these antivirus software trying to guess if a binary has a virus or not is really kind of dumb and it's not doing any smart things like detecting an actual virus.

[bhowiebkr]

This is no longer an issue because I have put the tool onto pip. Installing it from there is now much easier and It'll add it as a command line tool that you can run by typing laser-level-webcam