On Tue, Oct 13, 2015 at 2:26 PM, Eric Vought evought@pobox.com wrote:
Most of the distribution IS python source is it not? It's compiled on-the- fly by the Python runtime. Tom, are there blobs in the package which might trigger a false- positive? Alex, does the download checksum correctly?
Yes, that is most likely what is happening.
Every few months we get a message like this to the mailing list. It's usually one of the smaller antivirus packages reporting a virus. So far they have all been false positives. My guess is there are actual viruses out there using Python libraries, and not realizing they're looking at popular open source software, the antivirus company flags it.
False positives are extremely common in antivirus software, and detection rates of real malicious software is low. I don't even bother with antivirus software.
Tom KD7LXL