Bug report #21600

PDM:Trojan.Win32.Generic in qgis-bin.exe & qgis-bin-g7.exe by Kaspersky Endpoint Security 10 For Windows

Added by Michał Klawon over 5 years ago. Updated over 5 years ago.

Status:Closed
Priority:Normal
Assignee:-
Category:Python plugins
Affected QGIS version:3.4.4 Regression?:No
Operating System:Windows 7 64bit Easy fix?:No
Pull Request or Patch supplied:No Resolution:invalid
Crashes QGIS or corrupts data:Yes Copied to github as #:29416

Description

Using Python plugin included. Work of plugin is walking directory tree contains hundreds of *.qgis project, read each project found and export few selected vector layers datas into GeoJson files.
After processing number of *.qgis files, Kaspersky kill qgis-bin.exe (or qgis-bin-g7.exe) process and move file into quarantine due to identify PDM:Trojan.Win32.generic.
Number of processed projects before kill by Kaspersky is different every run. Sometime it's about 30 another time more than 100.
I've confirmed this behaviour for 3.4.4-1 Madeira and 3.6.0 Noosa.

ibitexport.zip (35.5 KB) Michał Klawon, 2019-03-16 02:32 PM

kaspersky_report.txt Magnifier (7.18 KB) Michał Klawon, 2019-03-16 02:32 PM


Related issues

Related to QGIS Application - Bug report #21024: infected windows installer? Rejected 2019-01-17
Duplicated by QGIS Application - Bug report #21752: qgis-ltr-bin.exe is eliminated by antivirus Closed 2019-04-03

History

#1 Updated by Giovanni Manghi over 5 years ago

  • Status changed from Open to Feedback

I fail to see what is the QGIS issue here (that is tagged as infected by AV software?).

#2 Updated by Michał Klawon over 5 years ago

Direct scan by AV Kasperski did not found any infections in qGis files. Looks like heuristic AV scanner stops *.exe because actions taken by plugin seems like try to data theft...
Issue to close, this isn't qGis fault.
Maybe leave as info for other users using qGis together with AV software :-)

#3 Updated by Giovanni Manghi over 5 years ago

  • Resolution set to invalid
  • Status changed from Feedback to Closed

#4 Updated by Jürgen Fischer over 5 years ago

#5 Updated by Jürgen Fischer over 5 years ago

Also available in: Atom PDF