Bug #127918 for PAR-Packer: PAR::Packer produces executable with virus

Tue Dec 04 20:35:56 2018 jeff [...] hemmerling.net - Ticket created

Subject:	PAR::Packer produces executable with virus
Date:	Tue, 4 Dec 2018 17:29:55 -0800
To:	bug-PAR-Packer [...] rt.cpan.org
From:	Jeff Hemmerling <jeff [...] hemmerling.net>

Windows Defender and Antiy-AVL are reporting that all executables produced by Packer contain a virus (report from virustotal.com): Microsoft: Trojan:Win32/Skeeyah.A!rfn Antiy-AVL: Trojan/Win32.Miner It also reports that "boot.exe", the Packer intermediate file, also has this virus. This caused the installation to fail because "boot.exe" got quarantined as soon as it was produced. After white-listing the entire perl tree, installation succeeded. We use Packer to produce a complete executable for the convenience of our customers. While our developers can tell Windows Defender to ignore these files, our customers can not be expected to do the same. Since Defender is commonly used, this is a big issue. Any idea of a work around? Have others encountered this issue? Thank you. -- -- Jeff Hemmerling

Wed Dec 05 05:13:36 2018 mcgrath.martin [...] gmail.com - Correspondence added

In the past I'd experienced problems installing pp on windows in a corporate environment, caused by over sensitive AV/Security software. Once resolved the exes generated didn't exhibit the problem you're experiencing, but it's not unheard of: https://perlmonks.org/?node_id=1222404 I trust you've ensured that the machine itself has no underlying infection? Also, which version of perl do you have installed (AS/Strawberry, x86/x86_64?)

Wed Dec 05 05:13:38 2018 The RT System itself - Status changed from 'new' to 'open'

Wed Dec 19 18:52:01 2018 jeff [...] hemmerling.net - Correspondence added

Subject:	Re: [rt.cpan.org #127918] PAR::Packer produces executable with virus
Date:	Wed, 19 Dec 2018 15:51:50 -0800
To:	bug-PAR-Packer [...] rt.cpan.org
From:	Jeff Hemmerling <jeff [...] hemmerling.net>

On 12/05/2018 02:13, Martin McGrath via RT wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=127918 > > > In the past I'd experienced problems installing pp on windows in a corporate environment, caused by over sensitive AV/Security software. Once resolved the exes generated didn't exhibit the problem you're experiencing, but it's not unheard of: > > https://perlmonks.org/?node_id=1222404 > > I trust you've ensured that the machine itself has no underlying infection? Also, which version of perl do you have installed (AS/Strawberry, x86/x86_64?)

Thanks for your reply. I know it's Packer code causing the problem because the virus detector goes off as soon as "boot.exe" is produced during installation. I just rewrote the code in C++ to avoid all this. Using 32-bit Strawberry perl: % /apps/devtools/Strawberry/perl/bin/perl.exe --version This is perl 5, version 28, subversion 0 (v5.28.0) built for MSWin32-x86-multi-thread-64int Copyright 1987-2018, Larry Wall -- -- Jeff Hemmerling

Fri Jan 03 17:19:09 2020 puetzk [...] puetzk.org - Correspondence added

I cannot update the status in rt, but this should be resolved since Windows Defender definitions 1.289.641.0 (March 2019) - I hit it and was able to work with Microsoft to resolve the definition that was false-positive flagging it.

Sat Jan 04 08:45:38 2020 RSCHUPP [...] cpan.org - Correspondence added

On 2020-01-03 17:19:09, puetzk wrote: Show quoted text

> I cannot update the status in rt, but this should be resolved since > Windows Defender definitions 1.289.641.0 (March 2019) - I hit it and > was able to work with Microsoft to resolve the definition that was > false-positive flagging it.

Many thanks for resolving this! Cheers, Roderich

Sat Jan 04 08:45:40 2020 RSCHUPP [...] cpan.org - Status changed from 'open' to 'resolved'