PyInstaller binaries detected as malware
This is a summary of discussion about malware detection that happened mostly in email.
Blog comment showing VirusTotal analysis for
obfsproxy.exe from the 2.4.7-alpha-1 flashproxy+pyobfsproxy bundles. The purported malware detected is variants of "Backdoor/Win32.Swrort.gen."
The bundles being detected as malware were built by Alex. David independently built his own and they had similar malware results. A trivial "hello, world" executable built by David had similar malware results.
We traced the issue to PyInstaller upstream. This is their ticket for the "Swrort" detection. http://www.pyinstaller.org/ticket/603
Alex and David built new 2.4.10-alpha-2 bundles
(Alex, David) using PyInstaller commit 555e9f7f, which has a fix for the antivirus issue 603. (The 2.4.7-alpha-1 binaries were built with the PyInstaller 2.0 release.) However, they now test positive for different malware ("Gen:Variant.Strictor.20210").
Binaries from Nmap built with py2exe do not show any malware detection. Here is
ndiff.exe from http://nmap.org/dist/nmap-6.25-setup.exe:
Alex is testing py2exe to see if it works for the pluggable transports bundles.