ewerybody
commented
2 years ago Ahh crap! yeah I was into this but lost track somewhere. I'm sorry :/ back on it!
Closed Cyberklabauter closed 2 years ago
ewerybody
commented
2 years ago Ahh crap! yeah I was into this but lost track somewhere. I'm sorry :/ back on it!
Cyberklabauter
commented
2 years ago Hey ewerybody,
thank you! Your new package is detected as a virus (see Virus Total). Windows Defender deletes the file immediatly and does not let me recover it from quarantine. To download it, I have to disable windows defender completly. Maybe not the best for the most users 😉. I guess it is the module downloader. But this was not a issue with the prior version.
ewerybody
commented
2 years ago boahlek... This heuristics crap is grinding my gears. Yeah that's simply because there have been malware packages that have also been packed with PyInstaller... So they see some patterns in our executable and boom: MUST be a virus 🙈 Still I don't have a digital signature to apply to our executables :/
Cyberklabauter
commented
2 years ago So did you activate the UPX compression again? I know that antivirus companies flag UPX compression as a virus (that is why Lexiko removed it completly from the AHK_L version) and they getting more and more strictly.
I still can download a2 0.3.0 alpha without issues.
ewerybody
commented
2 years ago nope. --noupx when building the Python package:
https://github.com/ewerybody/a2/blob/b8781937ba5c234c27728d3e14f07c951194e927/lib/batches/build/1A_build_py_package.bat#L54
and also /compress 0 when building AHK executables:
https://github.com/ewerybody/a2/blob/b8781937ba5c234c27728d3e14f07c951194e927/lib/batches/build/build_installer.py#L336
ewerybody
commented
2 years ago Oh. See this commend on stackoverflow.
Cyberklabauter
commented
2 years ago Is cx_Freeze a solution which works?
ewerybody
commented
2 years ago 🤷♀️ Never used it. It'd be a tremendous amount of work to put it in place just to see that it doesn't.
ewerybody
commented
2 years ago Before that I'd try to make builds work from within Github Actions.
ewerybody
commented
2 years ago So did you activate the UPX compression again? I know that antivirus companies flag UPX compression as a virus (that is why Lexiko removed it completly from the AHK_L version) and they getting more and more strictly.
I still can download a2 0.3.0 alpha without issues.
Do you mean 0.2.0 alpha? Because 0.3.0 and 0.3.2 yield very similar results on virustotal.
ewerybody
commented
2 years ago OK. I have submitted the file for malware analysis to ms here: https://www.microsoft.com/en-us/wdsi/filesubmission crossing fingers. ...
ewerybody
commented
2 years ago Hey @Cyberklabauter I just had to deal with embed Python environments for work and tried to use one of those as the base for an app package. It took some fiddeling but after all this is easy!
I'll make a portable package first and you can try. We might actually be able to ship WITHOUT freezing anything! 🤩
That means: There is no self-cooked executables anymore. Only the original python.exe and of course some AHK-ones.
That'll also speed up build times!
ewerybody
commented
2 years ago Do you mean 0.2.0 alpha? ...
btw: I got what you mean! Because of all this crap I excluded my a2 dev dir from scans. But when I put the zip out-side I also get this "Trojan:Win32/Wacatac.B!ml" detected on it but NOT the 0.3.0-one! Which is ultra weird since these are almost identical.
Well. If you wanna know what to think of these heuristics based approaches from all these vendors listed on virustotal:
Make an .ahk file with msgbox Hello!, compile and upload it for a check. I got 4 hits for "malware" 🤦♀️
Cyberklabauter
commented
2 years ago Hey ewerybody,
I'll make a portable package first and you can try. We might actually be able to ship WITHOUT freezing anything! 🤩 That means: There is no self-cooked executables anymore. Only the original python.exe and of course some AHK-ones. That'll also speed up build times!
Good news!
Well. If you wanna know what to think of these heuristics based approaches from all these vendors listed on virustotal: Make an .ahk file with msgbox Hello!, compile and upload it for a check. I got 4 hits for "malware" 🤦♀️
I know. It started with UPX compression and then they got more and more strict. Anyways, I think Windows Defender should not alert, because as a standard it is on the most systems. Usually, I am able to recover files from quarantine. But in this case, it was erased completely. So normal users probably would fail to fix it.
I am quite busy the next days. But I will check out your update as soon as possible, maybe at the weekend or at the night if I am finding time. Looking forward to it!
Hi ewerybody,
If I am trying to download the modules, I am getting the following error message: “Error preparing folder. Not empty but no previous version found!”
Modules get downloaded, but stuck in the temp folder.
If I am copy them manually from temp to modules they work, but it seems to be the old version (CAnt see the expected changes). Same if I download it form tps://github.com/ewerybody/a2.modules and extract them to the module folder.
Can you fix it?