It's not a virus it's a checkpoint file #12

by Deltaadams - opened

Firstly, I have no idea why it's coming up as a virus, secondly it's a checkpoint file, which is at it's core just a fancy list and never gets directly executed, so it wouldn't ever run even if it was a virus.

I don't get this error so let me know if it's only one version or both.

I've only checked with the latest build.
Just giving you a heads-up, for whatever is happening over here (didn't dig deeper so I'm unsure why these two chunks are getting flagged by defender):

1665042306049-63374883164fd6b346e71d70.png

I've only checked with the latest build.
Just giving you a heads-up, for whatever is happening over here (didn't dig deeper so I'm unsure why these two chunks are getting flagged by defender):

1665042306049-63374883164fd6b346e71d70.png

Yeah that is very strange. I'm not sure what would cause that or why it would just be 14 since that's just an updated version of 12, but I'll look into it and will be posting the updated version soon anyways, so it should be fixed.

I get the same warning from my own checkpoint merger ckpt between other models. Definitely a false positive.

Firstly, I have no idea why it's coming up as a virus, secondly it's a checkpoint file, which is at it's core just a fancy list and never gets directly executed, so it wouldn't ever run even if it was a virus.

A checkpoint file is a script that can execute basically anything it wants and has permission to.
There is a legitimate security risk to running them blindly.

Ckpt files can be dangerous. So either the creator is playing dumb with us and has injected some kind of malicious python code into the file or it really is just a false positive.
You can run it through this script to see what is executed: https://rentry.org/safeunpickle

Ckpt files can be dangerous. So either the creator is playing dumb with us and has injected some kind of malicious python code into the file or it really is just a false positive.
You can run it through this script to see what is executed: https://rentry.org/safeunpickle

Go for it, but if someone was going to go through the trouble to make a virus they probably wouldn't make it in an obscure version of an obscure software.

Ckpt files can be dangerous. So either the creator is playing dumb with us and has injected some kind of malicious python code into the file or it really is just a false positive.
You can run it through this script to see what is executed: https://rentry.org/safeunpickle

Go for it, but if someone was going to go through the trouble to make a virus they probably wouldn't make it in an obscure version of an obscure software.

That's kind of besides the point. Any hypothetical malicious actor could take advantage of any attack vector.
The real point here is your original claim of "secondly it's a checkpoint file, which is at it's core just a fancy list and never gets directly executed, so it wouldn't ever run even if it was a virus" is just not true at all. Checkpoint files can be used maliciously thus why checking unverified/unknown model files (ESPECIALLY those that are giving people Defender alerts) with the python script above is just good practice.

Ckpt files can be dangerous. So either the creator is playing dumb with us and has injected some kind of malicious python code into the file or it really is just a false positive.
You can run it through this script to see what is executed: https://rentry.org/safeunpickle

How would I run this script? I assume I'd copy the linked text into the python window, but I don't see any section to specify what the target of the scan is.

Ckpt files can be dangerous. So either the creator is playing dumb with us and has injected some kind of malicious python code into the file or it really is just a false positive.
You can run it through this script to see what is executed: https://rentry.org/safeunpickle

How would I run this script? I assume I'd copy the linked text into the python window, but I don't see any section to specify what the target of the scan is.

I've modified this script to make it work with ckpt files directly and newer versions of pytorch: https://rentry.org/safeunpickle2
I ran the model through this script and it didn't find anything wrong with it. So I think it's safe to say that it really is a false positive.

Firstly, I have no idea why it's coming up as a virus, secondly it's a checkpoint file, which is at it's core just a fancy list and never gets directly executed, so it wouldn't ever run even if it was a virus.

I don't get this error so let me know if it's only one version or both.

maybe all models will get treated the as a threat other than SD1.4 official hash after this video:
Injecting Malicious Code into TensorFlow Models StableDiffusion
https://www.youtube.com/watch?v=0SNjsM8Hmok