Windows desktop app fails to start with "better_sqlite3.node is not a valid Win32 application."

[gabbpuy]

• [X] I have searched open and closed issues for duplicates
• [X] I am using Signal-Desktop as provided by the Signal team, not a 3rd-party package.

---

Bug Description

Signal desktop app fails to start on windows after update on 2023-09-20

Downloading installer and re-running install does not correct issue.

Database startup error:

Error: Error: \\?\[REDACTED].unpacked\node_modules\@signalapp\better-sqlite3\build\Release\better_sqlite3.node is not a valid Win32 application.
\\?\[REDACTED].unpacked\node_modules\@signalapp\better-sqlite3\build\Release\better_sqlite3.node
    at process.func [as dlopen] (node:electron/js2c/asar_bundle:2:1869)
    at Module._extensions..node (node:internal/modules/cjs/loader:1354:18)
    at Object.func [as .node] (node:electron/js2c/asar_bundle:2:2096)
    at Module.load (node:internal/modules/cjs/loader:1124:32)
    at Module._load (node:internal/modules/cjs/loader:965:12)
    at f._load (node:electron/js2c/asar_bundle:2:13377)
    at Module.require (node:internal/modules/cjs/loader:1148:19)
    at require (node:internal/modules/cjs/helpers:110:18)
    at bindings ([REDACTED]\node_modules\bindings\bindings.js:112:48)
    at new Database ([REDACTED]\node_modules\@signalapp\better-sqlite3\lib\database.js:48:64)
    at Worker.<anonymous> ([REDACTED]\ts\sql\main.js:62:26)
    at Worker.emit (node:events:513:28)
    at MessagePort.<anonymous> (node:internal/worker:234:53)
    at [nodejs.internal.kHybridDispatch] (node:internal/event_target:735:20)
    at exports.emitMessage (node:internal/per_context/messageport:23:28)

Steps to Reproduce

1. start signal

Actual Result:

Signal shows error dialog

Expected Result:

Signal should start

Screenshots

Platform Info

Signal Version:

Operating System:

Windows 11 Pro Build: 22631.2191

Linked Device Version:

Link to Debug Log

[scottnonnenberg-signal]

This error suggests that your update was corrupted somehow. Are you running antivirus? If so, what kind?

What happens if you go to https://signal.org/download and install again? In theory that will fix the corruption, and you won't lose any data if you install (without uninstalling) on top of what you have now.

[gabbpuy]

This error suggests that your update was corrupted somehow. Are you running antivirus? If so, what kind?

The AV running is the built-in Windows Security (Microsoft Essentials?). It didn't complain during the update (or the subsequent reinstall).

What happens if you go to https://signal.org/download and install again? In theory that will fix the corruption, and you won't lose any data if you install (without uninstalling) on top of what you have now.

I did try that (I mentioned in the ticket), downloading a copy of the installer and re-running it gives the same error.

[scottnonnenberg-signal]

It might be good to look a little closer at that file on disk, in the install directory - better_sqlite3.node. To start, you could grab the file size. It would also be good to get the SHA256: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-7.3

Maybe it is indeed corrupted on your machine. But it's possible that your machine just can't handle that file?

[gabbpuy]

It might be good to look a little closer at that file on disk, in the install directory - better_sqlite3.node. To start, you could grab the file size. It would also be good to get the SHA256: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-7.3

Maybe it is indeed corrupted on your machine. But it's possible that your machine just can't handle that file?

-rwxrwx---+ 1 Administrators akm 0 Sep 20 16:04 better_sqlite3.node

0 bytes so yeah, it seems like perhaps AV is unhappy with it.

Anti-Malware Protection has detected and blocked the malware 'ML:Generic.MaliciousExe' during the real-time scan.

GDI...

Let me go work out where this nonsense started, sorry for the noise...

[JoyMace]

FWIW: same thing (same error) happened to me and the fix was to uninstall Signal with Revo, delete all leftover items, used CCleaner to fix registry problems, rebooted PC and reinstalled Signal. I had to link it again with my phone, but I'm up and running fine now. Hope that helps.

[gabbpuy]

It might be good to look a little closer at that file on disk, in the install directory - better_sqlite3.node. To start, you could grab the file size. It would also be good to get the SHA256: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-7.3 Maybe it is indeed corrupted on your machine. But it's possible that your machine just can't handle that file?

-rwxrwx---+ 1 Administrators akm 0 Sep 20 16:04 better_sqlite3.node

0 bytes so yeah, it seems like perhaps AV is unhappy with it.

Anti-Malware Protection has detected and blocked the malware 'ML:Generic.MaliciousExe' during the real-time scan.

GDI...

Let me go work out where this nonsense started, sorry for the noise...

Nuking AV and installing works fine... but, heads up something thinks its bad, so possibly more of these will come your way.

[jamiebuilds-signal]

@gabbpuy Okay thank you, we'll be looking out for more reports. Please let us know if you're able to find anything else out about your anti-virus software

[JoyMace]

Since this isn't closed yet: Acronis quarantined better_sqlite3.node due to security vulnerabilities when Signal tried to update last night, so installation fails spectacularly.

I am willing to bet that the problem is a dev dependency of a dependency called minimist.

I followed the dependency tree for better_sqlite3 and found the first one that uses minimist, (fs-extra) and confirmed the version they're using has a security vulnerability that is making antivirus software very unhappy.

Based on my communications here I can bet you can tell I'm not usually all up in GitHub repo issue threads, but I did open an issue with fs-extra and gave them this link to the npm minimist page

The only reason I thought to do this is that minimist security vulnerabilities killed a work project I had because updating it required updating actual dependencies with breaking changes and we didn't have time or funds to start over. SO... hopefully that's not the case for fs-extra. And I stopped my search at fs-extra because minimist is everywhere. Hope this gets solved because no signal-desktop is... upsetting.

[indutny-signal]

@JoyMace thank you for this analysis. We will look into fs-extra and minimist to see what action needs to be taken.

I think the issue may not be related to JS modules, though. All javascript files that we have in the app are bundled and placed into the packed .asar file. Based on the reports on this thread, the asar file is not the one that antivirus software gets quarantined. Instead, it is the better_sqlite3.node binary file that is compiled from C++ source code.

Is there any way that a user of Acronis could submit feedback about false positive match?

Thanks!

[improwise]

better_sqlite3.node god blocked for me as well, having added it to exclusions, Signal seems to work again but still...

[Thulkash]

Same issue here… with Acronis

[toddbennett33704]

Same here. Acronis

[Achim1993]

Same here - also using Acronis

[MaSven]

You can track the issue here https://www.virustotal.com/gui/file/9abe42153e286a27bcb886b2b1ea4c54e7de88a8bc3d1467f760e2375a6f87d0

On of the scanners is flagging this because of the mentioned better_sqlite3.so.

[Thulkash]

You can track the issue here https://www.virustotal.com/gui/file/9abe42153e286a27bcb886b2b1ea4c54e7de88a8bc3d1467f760e2375a6f87d0

On of the scanners is flagging this because of the mentioned better_sqlite3.so.

Your link seems to refer to signal.exe, which process is fine. This one refers to better_sqlite3.node, which causing the problem: https://www.virustotal.com/gui/file/d32b87a6869f2486bb1f4e1945a02011dd34d003ac0166efd2a00725f3a44dc7