indexmap-rs / indexmap

A hash table with consistent order and fast iteration; access items by key or sequence index
https://docs.rs/indexmap/
Other
1.71k stars 150 forks source link

Kaspersky detected the indexmap build-script exe as malware (false positive) #321

Closed Venryx closed 7 months ago

Venryx commented 7 months ago

While I was running cargo +nightly check in my project (after updating rust to the latest version using rustup update), Kaspersky apparently detected the build-script for indexmap as being some form of malware ("VHO:Backdoor.Win32.Farfli.gen"):

This is presumably just a false positive, but figured I'd still create an issue for it, so others can find mention of it if searching on the detection themselves.

I also uploaded the file to VirusTotal, with the results seen here: https://www.virustotal.com/gui/file/b66a33cc39c6395088430109e2185649c81fa4ada73859962209ef8bbb8e9f45?nocache=1

As I'm confident there's not actual malware involved here (VirusTotal showed that out of 71 AVs, only Kaspersky and Cynet flagged it as malware), feel free to close. (just created the issue for searchability on the detection)

cuviper commented 7 months ago

Yes, virus scanners often get false positives on build scripts that use autocfg -- it must be something about invoking Command::new("rustc") that hits their heuristics. And if your only recent change was rustup update, then you would have to suspect the entire toolchain if there were real malware.

FWIW, indexmap v2 doesn't use a build script anymore, so please upgrade! (which might mean tracking down a dependency that still pulls v1...)