reflex icon indicating copy to clipboard operation
reflex copied to clipboard

Published 20 hours ago β€’ verified publisher icon reflex-dev

Bitdefender reports malicious command line detected during Bun install

Open m4thfr34k opened this issue 10 months ago β€’ 3 comments

Describe the bug Bitdefender reports malicious command line detected during Bun install of 'pip install reflect' on Windows 10.

Notification from Bitdefender The app C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe was passed a malicious command line and has been blocked. Your device is now safe.

Command line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" powershell -c "irm https://bun.sh/install.ps1|iex"

To Reproduce Steps to reproduce the behavior:

  1. Create a new python virtual env
  2. pip install reflex
  3. Wait for Bitdefender to complain
  • Code/Link to Repo:

Expected behavior Installation without notification from Bitdefender

Screenshots If applicable, add screenshots to help explain your problem.

Specifics (please complete the following information):

  • Python Version: 3.12.2
  • Reflex Version: 0.4.8
  • OS: Windows 10
  • Browser (Optional):

Additional context I can successfully run the command 'powershell -c "irm bun.sh/install.ps1 | iex"' without issue so not sure if Bitdefender just doesn't like it coming from the 'pip install reflex'.

m4thfr34k avatar Apr 18 '24 03:04 m4thfr34k

I see, perhaps you can temporarily disable bitdefender's commandline scan feature when running reflex init. See this thread for more https://community.bitdefender.com/en/discussion/93370/malicious-command-line-detected

ElijahAhianyo avatar Apr 18 '24 10:04 ElijahAhianyo

I see, perhaps you can temporarily disable bitdefender's commandline scan feature when running reflex init. See this thread for more https://community.bitdefender.com/en/discussion/93370/malicious-command-line-detected

I was able to install bun myself by running the command manually. Reported here because of the issue in case this needed a warning for other users or if there was something that could be reported to bitdefender so this isn't an issue for others going forward. Thanks for the quick response.

m4thfr34k avatar Apr 18 '24 15:04 m4thfr34k

We'll keep this one open until we come up with a good solution.

I think ultimately i'd like to see bun and node installed via binary wheels from pypi so we get better caching and avoid issues with dynamic installation at runtime.

masenf avatar Apr 18 '24 16:04 masenf