Github Set correct PE checksum for .exe files (helps with virus false-positives)...

The-Compiler commented on Feb 22 •

Is your feature request related to a problem? Please describe.
As you've probably all seen before, virus scanner false-positives are a recurring problem for PyInstaller-generated executables, as well as PyInstaller's bootloader (see e.g. #5490, #5474, #5479, ...).

One piece of information virus scanners seem to use is the PE checksum. Quoting from that article:

• 83% of malware had invalid checksums
• 90% of legitimate files had valid checksums.

It looks like anything generated from PyInstaller (as well as the Windows bootloader in the release?) seems to have a checksum of 00 00 00 00, which is thus invalid.

Describe the solution you'd like
PyInstaller should set a correct PE checksum. This is possible using pefile, which it already seems to depend on:

import pefile
pe = pefile.PE('filename.exe')
pe.OPTIONAL_HEADER.CheckSum = pe.generate_checksum()
pe.close()
pe.write('filename.exe')

(You can use pe.verify_checksum() to verify that it is correct)

After doing this, e.g. PyInstaller's Windows-64bit/runw.exe (in the 4.2 release) goes down from 12 false-positives to only 5 - most notably, McAfee and Avast (which are the two affected engines I've actually heard of before...) now are happy with the file.

Doing this with my own project (which is built with PyInstaller), @bitraid found that:

the number of false positives for v2.0.2 goes down from 31 to 7. Similarly v2.0.0 goes down to 6 from 29 and v2.0.1 goes down to 8 from 15.

Describe alternatives you've considered
Submitting false-positive reports to antivirus vendors. A pain.

Also, doing this after PyInstaller has generated the exe - that works, but it seems to me like this should be done in PyInstaller itself.

Additional context
See qutebrowser/qutebrowser#6194