VirusTotal detects cyclonedx-win-x64.exe version 0.27.2 24 Nov 2024 as a Malicious file notified by SecureAge Acronis (Static ML)

Open freygagne opened this issue 1 year ago • 1 comments

The latest version 0.27.2 24 Nov 2024 of cyclonedx cli cyclonedx-win-x64.exe is seen by VirusTotal SecureAge Acronis as Malicious File . https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.27.2/cyclonedx-win-x64.exe

Is it a false positive ?

I need to be sure the cyclonedx cli binary is exempted of virus to respect the cybersecurity policy of my company...

Jan 03 '25 14:01 freygagne

Is it a false positive ?

Most likely. This is maintained by members of the cyclonedx organisation. I did the last few releases and the one in question. I have not seen anything suspicios in the source code nor was anything reported. The release are created via github actions and stored on github.

To be sure, you could download the sourcecode and build locally after checking the code for yourself. Or contact the the security vendor and report it as a false positive hoping they will give you confirmation that it is indeed a false positive.

Jan 03 '25 15:01 mtsfoni