Every few months we get a message like this to the mailing list. It's usually one of the smaller antivirus packages reporting a virus. So far they have all been false positives. My guess is there are actual viruses out there using Python libraries, and not realizing they're looking at popular open source software, the antivirus company flags it.
Yep, and just to further explain how these builds are created for those that are interested (and/or are wondering how we attempt to protect our users who trust our builds):
Every night, when a change is pending, the build server literally builds an entirely new Windows 7 virtual machine with known-good copies of all of our base dependencies. It then creates the new chirp build on that machine and uploads it to the chirp website. When it's done, it *destroys* the temporary machine it created. The next day, the whole thing starts from scratch.
The process takes about 10 minutes total and occurs on an almost completely sealed private network. There's really no opportunity for anything to get on the build machine and disrupt the process, and it certainly wouldn't change day-to-day, build-to-build.
--Dan