ko icon indicating copy to clipboard operation
ko copied to clipboard

Published 20 hours ago verified publisher icon ko-build

Ko release get's flagged as malware by VirusTotal

Open cgrotz opened this issue 2 years ago • 2 comments

Hi, both Version 0.11.2 and 0.11.1 of Ko get's flagged as Malware by VirusTotal: https://www.virustotal.com/gui/file/11128bd24d437bddbbded4a6cb839050cf898f3b0da330c52587e99922633e0a?nocache=1 https://www.virustotal.com/gui/file/0345be9e8b85192cd548ef61df92b8acfa666d4a173081b5c27fa91f1c770cad/detection/f-0345be9e8b85192cd548ef61df92b8acfa666d4a173081b5c27fa91f1c770cad-1661330431

I verified the checksums of the downloaded .tar.gz files.

cgrotz avatar Aug 24 '22 08:08 cgrotz

Is v0.11.2 flagged as well? That's the recommended release anyway.

Which build of ko is reported here? It looks like the Darwin x86_64 build. Are other builds flagged too?

I'm not sure how to debug this much further to be honest.

imjasonh avatar Aug 24 '22 13:08 imjasonh

Yes 0.11.2 as well. Darwin AMD64

I also have no clue how to debug further though. That's why the bug is so sparse. :-(

cgrotz avatar Aug 24 '22 17:08 cgrotz

More precisely, two vendors. This is considered a false positive, which often happen,

ghost avatar Oct 25 '22 12:10 ghost

It doesn't sound like there's anything we can do to avoid this.

imjasonh avatar Oct 25 '22 13:10 imjasonh

It doesn't sound like there's anything we can do to avoid this.

It's entirely fine IMO, because it happens with a lot of open source projects. It is not something that should be fixed on ko's side, but rather something that should be fixed on the vendors' side.

ghost avatar Oct 25 '22 13:10 ghost