Bleachbit seems to contain lots of trojans after 1.12.


For 1.17, virus total reports 8 trojan / malware:

Checksum information
Name: BleachBit-1.17-setup-English.exe
Size: 7957568 bytes (7 MB)

SHA1: 412A69C741E22600CCFE8160697D6049A0043A39
For 1.12 it reports 1 trojan:

Checksum information
Name: BleachBit-1.12-setup-English.exe
Size: 6204600 bytes (5 MB)

SHA1: 55BFD437B0836F4CD9E1D4A7447EEDEB433003A4

Question: was there a compromise in the source? Also note that between version 1.12 and 1.17, there's an increase in number of reported malware.

Request: please run your programs through virustotal before uploading because it is a bit nerve racking to have reports of many malwares.

Between 1.12 and 1.17 there were major changes in the run-time environments. For example, I updated Python from 2.5 to 2.7. I also updated GTK.

There was no compromise in the source, and major releases of the source code are digitally signed with my PGP signature. You can verify this in the public Git repository.

I believe these reports are all false positives. This has been an ongoing issue. A few months ago I reported some of these directly to the vendors, and I got no negative feedback. Your report shows there are new reports that were not showing up earlier, so I will work again with the vendors.

The false alarms are generally most common in these scenarios
1. Anti-virus vendor with fewer customers
2. Newer release of BleachBit
3. Larger changes in BleachBit (e.g., Python 2.5 to Python 2.7)
4. I have not yet submitted the file directly to the vendor for whitelisting
5. BleachBit compresses its source code with UPX to save disk space
6. BleachBit uses the Python runtime, which confuses antivirus software

Feel free to keep this discussion ongoing because the goal is no false positives, especially for the major anti-virus vendors and for final (e.g., non-beta) releases of BleachBit.

Andrew, lead developer


I filed GH issue 222 for reporting the false positive to McAfee. I already have an account set up with McAfee and Intel for doing this as part of their whitelisting program.

Andrew, lead developer