Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

weasyprint-windows.zip is beeing flagged by Kaspersky antivirus as a Trojan #2092

Closed
matyasLevinsky opened this issue Mar 10, 2024 · 2 comments
Closed

weasyprint-windows.zip is beeing flagged by Kaspersky antivirus as a Trojan #2092

matyasLevinsky opened this issue Mar 10, 2024 · 2 comments

Comments

@matyasLevinsky
Copy link

I downloaded the v61.2 zip file. (Eg. after security fix) Kaspersky is not happy:

User: AzureAD\matyaslevinsky
User type: Active user
Component: Virus Scan
Result: Detected
Result description: Detected
Type: Trojan
Name: Exploit.Win32.BypassUAC.hfea
Precision: Exactly
Threat level: High
Object type: File
Object name: weasyprint.exe
Object path: C:\ToInstall\weasyprint-windows.zip//dist
MD5 of an object: BD7853CA5B327CAB968E1104A13EF904
Reason: Hash
Databases release date: Today, 10.03.24 15:50:00

Do you reqire any additional information from me for trouble shooting?
@liZe
Copy link
Member

liZe commented Mar 10, 2024

Hi!

I’m not sure we can do much about this. I suppose that Kapersky detects all executable files created by PyInstaller as trojans because one day someone bundled a virus with it, just like its friend Windows Defender (see #2081).

If anyone knows a way to automatically mark WeasyPrint versions as safe in antivirus databases, that would be great.

@matyasLevinsky
Copy link
Author

Well, it should be fixed, although I dont know for how long:

Hello,

Sorry, it was a false detection. It will be fixed.
Thank you for your help.

Best regards, Anastasiya Makarova, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com/ https://securelist.com/
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

__________________________________________

From:  XXX
Received:       3/10/2024 9:06:33 PM (UTC)
Sent:   3/10/2024 9:06:32 PM (UTC)
To:     [newvirus@kaspersky.com](mailto:newvirus@kaspersky.com)
Subject:        Kaspersky Anti-virus Lab replies to your request [VD3] [FILE:2] [LN:EN]

Client feedback, query 027dae127904a08b7a0b2769f088ac932c675165738eaa894fbd1ed600e2e75a, type [Hash], zone [Red], was sent with the following commentary:
Hello, this is the v61.2 version of https://github.com/Kozea/WeasyPrint. The contributors claim that this is caused because of Pyinstaller. This is the github issue: https://github.com/Kozea/WeasyPrint/issues/2092 where one of the main maintainers says this has already once happened with Windows Defender: https://github.com/Kozea/WeasyPrint/issues/2081. I would ask for a recheck and if it passes a link to a guide how to prevent this in the future. Thank you.

This message is generated automatically by OpenTIP.
With Best regards,
OpenTIP Team.

If there are issues with Kaspersky in the future you can go to https://opentip.kaspersky.com/ and upload the file, after it gets flagged you can request a review (you have to provide them with an e-mail adress).

@liZe liZe mentioned this issue May 3, 2024
Closed
@liZe liZe mentioned this issue Aug 13, 2024
Closed
@liZe liZe mentioned this issue Sep 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@liZe @matyasLevinsky