kdeldycke / meta-package-manager

🎁 wraps all package managers with a unifying CLI
https://kdeldycke.github.io/meta-package-manager
GNU General Public License v2.0
470 stars 33 forks source link

Windows binary detected as malware #1157

Closed wickles closed 9 months ago

wickles commented 10 months ago

What happened?

Windows Security detects the standalone binary as a threat and quarantines the file.

https://www.virustotal.com/gui/file/894a1c0cc2dabd485f16869f6396f524f9fdf609a66f9915df8e454048130710

kdeldycke commented 9 months ago

Thanks for the tip!

Looking at the report it seems the binary has been flagged because it matches some experimental or generic rules that triggers on anything that looks like a bundled Python binary (as produced by Nuitka or Py2exe). Like these signals:

There's also pointers to the fact that mpm is invoking external commands, but that's expected for a meta package manager calling other package managers installed on the system.

Can you point out to a specific instance of malware or unexpected behavior in the virus report? If not I will consider this issue as invalid.

That being said, I don't know anything about the Windows ecosystem. Do you? Can you help me figure out if this negative report can be ignore, or is there something we can do to add mpm to any allowlist? Is there a way to demonstrate the good intentions of mpm to virus vendors?

wickles commented 9 months ago

Right, I suspected it was a false positive due to bundling python.

I have reported it as such to microsoft via their malware analysis form.

I realize there is not much else you can do about it, just seemed appropriate to report it here.

kdeldycke commented 9 months ago

Thanks @wickles for the feedback, and thank you for submitting mpm to Microsoft for review. I didn't there was a way to send them binaries.

I'll close this issue for now but will reuse it if something come back on that topic.

github-actions[bot] commented 6 months ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.