Daily VirusTotal scan

[co-stig]

We've already received a few reports that Windows Defender detects flowkeeper.exe as malware, e.g. #107. Those are not caught by the Defender scans that the pipeline runs as part of the release. Indeed, Defender might update its detection database after the release.

We need to implement a scheduled pipeline (ideally public, in GitHub), which runs every day and submits / rescans the latest binaries using VirusTotal APIs. Once it detects a false positive -- it should send me an email.

The results can be published as a badge on the GitHub page, and added to Downloads section on flowkeeper.org, so that the users feel safe when they install it.

This can be done together with #103.

Reporting false positives: https://docs.virustotal.com/docs/false-positive-contacts

Potential alternatives to VirusTotal:

• https://polyswarm.network/scan
• https://metadefender.opswat.com/
• https://analyze.intezer.com/
• https://www.hybrid-analysis.com/
• https://app.any.run/
• https://tria.ge/submit/file

[co-stig]

Reminder -- need to scan the "installed" Flowkeeper.exe, too -- apparently that's the one which gets flagged most: