-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flagged by windows 10 as trojan. #7
Comments
Thanks for the report and thanks @Xeevis for looking into it already, though you scanned the 64bit executable whereas this issue is about the 32bit executable. I'm basically here to report what Xeevis said though. I don't know why it's triggering as a trojan under Windows defender (or as a trojan on any of the virus total scanners). These are false-positives. My best guess is some AV heuristic flagging some of the stuff I do with pipes and win32 security API, I don't know for certain though. Here's the virus total scan of the 32bit v1.1 executable downloaded today from the release page. You can confirm that the exe you have, and the one this website scanned are the same by running And here's a scan of the same v1.1 32bit program, but built at a different time. The large discrepancy between amount of threats found on what amounts to a nearly identical executable is evidence that these indeed are false positives. Further evidence of false positives IMO is that the 64bit executable from the same v1.1 release has only two false positives. FWIW I didn't actually expect many users of the 32bit version, and don't use it myself. That all being said, if you are still concerned about these AV reports, compiling the software yourself is very easy with instructions included in the README, as well as a more in-depth |
@ndbeals Thanks for your response and a great tool! It might be worth noting that wsl-ssh-pageant has this exact same issue. On the side note, it might be beneficial to support reproducible builds so hashes don't change when compiled from same source so build artifacts are verifiable to be coming from given source. To my understanding this should be possible with the |
Thanks for that link, I'm looking into reproducible builds as well. |
v1.2 has some false positives on VT too, i voted for it and commented links to this issue and the Golang FAQ.
|
v1.2 is identical to v1.1, just built as a reproducible build. Could you link where you voted for it and commented the links? thanks. There's a section in the readme regarding AV false positives (https://github.com/ndbeals/winssh-pageant#antivirus-flagging) that links to this issue as well, so I'm going to leave this closed because IMO, this is resolved. People are welcome to open new issues to report AV false positives, but I'm not interested in keeping up with the cat-and-mouse game that are AV flags/false positives. |
The text was updated successfully, but these errors were encountered: