Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use VS2008 to build the subprocess executable to avoid false positives by AVs #342

Closed
cztomczak opened this issue Mar 29, 2017 · 3 comments
Closed

Use VS2008 to build the subprocess executable to avoid false positives by AVs #342

cztomczak opened this issue Mar 29, 2017 · 3 comments
Labels
windows
Milestone
v56

Comments

@cztomczak
Copy link
Owner

v56.1 uses VS2015 to build the subprocess executable and there are a few false positives reported on virustotal.com:
https://virustotal.com/en/file/4a035e71be247a67ca0ab8267f5900aeff8c740a660a92e5cd183ec6e710027e/analysis/

v31.2 was built with VS2008 and virustotal detectedion ratio is 0/61:
https://virustotal.com/en/file/3487888da5cc8790c327b2fed3d4432319c059428dd984737df1448b65bf7305/analysis/1490807371/

Using VS2008 should fix the problem, however since VS2015 is much newer compiler it might have better performance. The /LARGEADDRESSAWARE flag used when building subprocess is supported also in VS 2008.

Initial report on the Forum:
https://groups.google.com/d/topic/cefpython/0jseNIjCqW4/discussion
@cztomczak cztomczak added this to the v56 milestone Mar 29, 2017
@cztomczak
Copy link
Owner Author

cztomczak commented Apr 14, 2017
edited
Loading

Using VS 2008 to generate subprocess executable fixes the issue with AVs. Virus total scans for subprocess.exe created with Python 2.7 32-bit and 64-bit (Detection ratio 0/61 and 0/57):

https://virustotal.com/en/file/0e5301bc6b3cdba528541a2fd0a44fba89410b2cefc83683e343c14ed7d7429b/analysis/1492162062/

https://virustotal.com/en/file/d59fa52bba8ba0d419695c4630718ac8578fb6675487a53e87401a027ce45d72/analysis/1492162231/

So to resolve the issue the build_distrib.py tools should be updated to build subprocess executable using VS 2008. Currently it uses subprocess executable built by the last Python version used and it loops Pythons from lowest to highest (2.7, 3.4, 3.5, 3.6).

cztomczak added a commit that referenced this issue Apr 14, 2017
@cztomczak
Use VS2008 to build subprocess.exe to avoid false positives by AVs (#342
5caa061 
)
@cztomczak
Copy link
Owner Author

Done in commit 5caa061.

@cztomczak
Copy link
Owner Author

With cefpython version 57.1 there are two false-positives reported for subprocess.exe by some unpopular AVs (Cylance, TrendMicro):

https://www.virustotal.com/#/file/711ecaddb4e0c38ec2fee5698a9ef15d18244e0c316635a49062e0be93edcbcd/detection

There are also three false-positives for the 57.1 wheel package:

https://www.virustotal.com/#/file/14f44112b08868bcf649ffbf91d2f438c863e4d48d6925a3a39c322b85510cdc/detection

There is also one false-positive for the chrome_elf.dll binary which is a CEF dependency:

https://www.virustotal.com/#/file/c9c3ff6755342440044301504a6aa008e22ba7225e6a4d274339354adc4c0950/detection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
windows
Projects
None yet
Milestone
v56
Development

No branches or pull requests
1 participant
@cztomczak