yt-dlp is detected as a virus about yt-dlp HOT 45 CLOSED

Many AVs seems to be trigger-happy with PyInstaller-packaged Python software, one way to get around this is to rebuild the PyInstaller bootloader, so you don't share a signature with all other PyInstaller software. I made an automated job for this: https://github.com/webcomics/pyinstaller-builder

from yt-dlp.

Seems like Bitdefender doesn't like ytp-dl but only when it's run.

Their ignorant response:

The analysis of the file has been completed:

Youtube downloaders often come with adware. Because of this, and because of the fact that youtube downloaders do not comply with youtube terms of service, we do not consider these types of applications trustworthy. Therefore, we will not take any steps toward whitelisting this detection.

Meaning they didn't even bother checking the file.

from yt-dlp.

This will keep changing with each release
More importantly, as more people download/use it, the less likely a false positive becomes (apparently not)

from yt-dlp.

@hl2guide

will it update to the latest version released on GitHub and work?

Yes

Should I use the -U command instead?

No, pip version cannot be updated with -U

from yt-dlp.

Seems like Bitdefender doesn't like ytp-dl but only when it's run.

Their ignorant response:

The analysis of the file has been completed:

Youtube downloaders often come with adware. Because of this, and because of the fact that youtube downloaders do not comply with youtube terms of service, we do not consider these types of applications trustworthy. Therefore, we will not take any steps toward whitelisting this detection.

Meaning they didn't even bother checking the file.

I bet they are being paid by Alphabet to place this false-positive.

from yt-dlp.

I will try reporting to microsoft, but it is impractical to do so with each AV seperately

from yt-dlp.

Just fyi Windows Defender is again flagging the yt-dlp (in the build 2021.04.22) as Zpevdo.B and removes the file as quickly as possible, making almost impossible to whitelist the executable.

from yt-dlp.

Also, I've found that upgrading Python/PiP/Pyinstaller to their respective latest versions minimizes the detections. I haven't had a build of mine flagged as a virus by Defender or Malwarebytes in a long time now. https://www.virustotal.com/gui/file/6bdd6da0e1538195e93242a69aaf1b606e64b21551749ce36ed786cf5db60012/detection

from yt-dlp.

It is a false positive caused due to the exe being unsigned.
This is a known issue. I don't have any way of fixing it.

blackjack4494/youtube-dlc#114
https://www.reddit.com/r/youtubedl/comments/jrrkc0/youtubedlexe_shown_as_malware_on_virustotal/

I have been told that the issue existed for the previous version as well
https://www.virustotal.com/gui/file/a89125033bff06983b0bec46424d62882395370a04b9ad909cf88da19c331292/detection

from yt-dlp.

You could try building it yourself to get around it, it's actually really easy even on Windows. One thing I noticed is the resulting exe is 500kb smaller using the latest version of Python.
EDIT: It doesn't get detected by Microsoft (on my system) but Malwarebytes still hates it.
https://www.virustotal.com/gui/file/bbae6034f44dc22262b1adf78ffb664c7da4cf4bdd027b2dbd5d5c9dc4f49ddb/detection

from yt-dlp.

Yes, building is easy. Install pyinstaller and just run make_win.bat

Or even better, you can just install using pip py -m pip install --upgrade yt-dlp

The issue is that many users (especially on windows) are not tech savy enough to even have python installed, so the binary is the only way for them

from yt-dlp.

Yeah, obviously that's not a solution, just a temporary workaround. I don't have anything set up to test but I would probably try reverting these 2 commits to test: pukkandan/empty@732044a pukkandan/empty@f5b1bca

EDIT: reverting those 2 didn't seem to do anything.

from yt-dlp.

I think ill just build it myself. Just wanted to let you know incase this was a new problem

from yt-dlp.

huh. interestingly enough it downloads fine today
Im fairly certain the heuristic model score increases the less frequently a program has been downloaded.
Or maybe you just reported it to ms lol
You don't have to do that each release, it'll be fine

from yt-dlp.

I am closing the issue since there really is nothing I can do to permanently fix this. If anyone has any ideas, feel free to continue this thread

from yt-dlp.

Microsoft and Malwarebytes no longer detecting it as virus, just 4 AVs that I've never heard of now.
https://www.virustotal.com/gui/file/01e7c037f42f061146ff0ce71d05a27c43f2726ba30016696375fbea507047e6/detection

from yt-dlp.

If you click it you'll see more options like "Allow", then download again.

from yt-dlp.

To deal with this on Windows I ran:
pip.exe install --upgrade yt-dlp

In the future if I run:
pip.exe install --upgrade yt-dlp

@pukkandan: will it update to the latest version released on GitHub and work?

Should I use the -U command instead?

from yt-dlp.

Same happens for v. 2021.08.10

from yt-dlp.

@ezhikus which vendor?

from yt-dlp.

from yt-dlp.

Doesn't look like it: https://www.virustotal.com/gui/file/1f9073f331b9e58b752f7c172c8be0662141ca19620d50a8e003a40897eed758/detection
nvm, microsoft times out here

Anyway, this issue was closed as "wontfix". See #25 (comment)
@shirt-dev did do some tricks based on @TobiX's suggestion to lower the detection rate, but in general, the point about "there being nothing I can do to permanently solve this" still applies.

from yt-dlp.

Sorry I duplicated a discussion for this issue. I didn't have any issue with the previous version, but am now getting alerted as per my discussion thread. Perhaps the more people that flag the application as not a virus, MS decides it's OK?
#858

from yt-dlp.

I have a question, why does the README.md in the INSTALLATION section mention this explicitly:

• Download the binary from the latest release (recommended method)

I mean, what is the given rationale behind this?

from yt-dlp.

More news: now yt-dlp is also detected as a virus by McAfee

from yt-dlp.

@Hrxn, they answered this previously in the thread:

The issue is that many users (especially on windows) are not tech savy enough to even have python installed, so the binary is the only way for them

from yt-dlp.

So, this is the only reason?
No performance differences or changes in functionality or even features?

from yt-dlp.

@Hrxn -U only works in the release binaries. If using other methods, you have to use the tools' updater instead (Eg: pip --upgrade yt-dlp). Other than that, there is no difference

from yt-dlp.

I built this myself and my system freaked out about the .exe after the fact. For some reason it left my original copy in dist alone (I had copied it to another directory), so I tried uploading the dist version to virustotal.

https://www.virustotal.com/gui/file/be156a4c4c5bd28715d0f9bf71b4b19ddc1f238f0ff7f8a08c59b7d9c135e2c5?nocache=1

12 vendors flag it as a Trojan with high confidence. Now I end up with the same issue impacting my own software too sometimes; the false positives are impossible to get rid of. But I'm really not sure why antivirus software is freaking out over this. When I did a new scan, it complained about the dist copy as well, but only after the main scan finished and said no threats were found. Kinda bizarre.

from yt-dlp.

Since there are no functional differences, as stated in a comment here above:

@Hrxn -U only works in the release binaries. If using other methods, you have to use the tools' updater instead (Eg: pip --upgrade yt-dlp). Other than that, there is no difference

I personally would recommend basically all users to use the pip version instead. I can't see any reason opposed to that, honestly.
I mean, if you can use yt-dlp, you can also install Python and use pip. You don't actually need to know any Python.

With regard to the false positives: Maybe using py2exe instead of PyInstaller would be better?

from yt-dlp.

py2exe doesn't support Crypto modules

from yt-dlp.

I mean, if you can use yt-dlp, you can also install Python and use pip. You don't actually need to know any Python.

Yeah, try telling that to the average user!

from yt-dlp.

I'm telling everyone still in hearing distance this all the time 😄

from yt-dlp.

I'd say don't mind the Windows users. It's been explained it's a false positive and that it's lazy detection writing by the AV vendors (not so dissimilar to flagging on benign software that uses UPX packer). I would make this pure python and not worry about freezing/converting to exe it, if they're really serious about using it they'll jump thru the "difficult hoops" of installing Python i think.

from yt-dlp.

After previously allowing it, the latest win defender flags the latest ydl release as a SEVERE class threat "Trojan:Win32/Spursint.F!cl"
"This program is dangerous and executes commands from an attacker."

from yt-dlp.

I've worked around this problem for now by just creating a batch file, yt-dp.bat, and running directly from Python.

@echo off
python yt-dlp-master/yt_dlp/__main__.py %*

from yt-dlp.

^But you already have Python installed?! Why not install it via pip, you do not need any Batchfile workaround?

from yt-dlp.

^But you already have Python installed?! Why not install it via pip, you do not need any Batchfile workaround?

The batch file operates like the built .exe would. I don't really know Python or work with it enough. If I understand the pip method it would still involve py yt-dlp so I'd prefer to have a batch file regardless.

from yt-dlp.

@LummoxJR actually no. you'd be able to just use yt-dlp

from yt-dlp.

For "normal" users, it is not recommended to run directly from source code. Unless you are familiar with git, it makes updating hard. If you dont want to use the exe, use pip/zip versions instead.

But for those who do want to run straight from source anyway, there is already yt-dlp.cmd and yt-dlp.sh in the root of the repo

Anyway, all of this is off-topic. Please keep the thread on topic.

PS: Unless anyone has any better ideas on how to take the AV venders off our heels, no point it writing any comment here. This issue was closed as wontfix for a reason

from yt-dlp.

@kamyker is that on a forum? I'd like to add my 2c if it's somewhere public, because I'm a long BD customer.

from yt-dlp.

@kamyker is that on a forum? I'd like to add my 2c if it's somewhere public, because I'm a long BD customer.

No, emails. You can try asking them too here https://www.bitdefender.com/consumer/support/ . Don't do it too soon as they may think it's me again lol. I asked them again to at least analyze the file as that blocking behavior may also stop other apps working correctly and:

Thank you for getting back to me!
Unfortunately, as my colleagues from the AV labs provided us with the points from my last email, we cannot provide any other assistance regarding this issue.

Btw in rare cases Bitdefender doesn't detect it depending on what link is used. No idea why that's happening.

from yt-dlp.

I was bored, so I decided to run antivirus tests (using virustotal) on all the files in https://github.com/yt-dlp/yt-dlp/releases/tag/2022.05.18.
The results are as follows (files not listed below didn't have any timeouts nor positives):

yt-dlp, yt-dlp.tar.gz, Source code (zip) and Source code (tar.gz):
Lionic-timeout

yt-dlp_win.zip:
Lionic and Clamav-timeout

yt-dlp.exe:
Webroot-W32.Trojan.Gen
Microsoft-timeout

yt-dlp_min.exe (this one had the most positive detections by far):
Fortinet-PossibleThreat.PALLAS.H
Ikarus-Trojan.Python.Psw
Jiangmin-Trojan.PSW.Disco.els
SecureAge APEX-Malicious
Webroot-W32.Trojan.Gen

from yt-dlp.

Here's my virustotal results when I compiled from source:
Cylance - Unsafe
SecureAge APEX - Malicious

https://www.virustotal.com/gui/file/10e0425544edc2ea778cf607057a773c5ee29d3ba138b23ef729eef8a7aeef83

from yt-dlp.

Unless anyone has any better ideas on how to take the AV venders off our heels, no point it writing any comment here. This issue was closed as wontfix for a reason

from yt-dlp.