Virus reported after downloading 0.0.42

[KoljaKrueckmeyer]

Describe the bug
A virus is reported by windows after downloading the kam cli 0.0.42

To Reproduce
Steps to reproduce the behavior:

1. download kam cli 0.0.42
2. See error reported by windows

Expected behavior
no error is reported while downloading or using the kam cli

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

[wtam2018]

What is your antivirus program? @KoljaKrueckmeyer

[KoljaKrueckmeyer]

@wtam2018 i think my campany is using windows defender.

[KoljaKrueckmeyer]

i've added a new screenshot

[jduimovich]

I downloaded on two different windows machines. I used Chrome so I also send the binary to google to scan. Google reported no errors and on my Microsoft Defender which I launched like this

and results look like this -- sadly the UI doesn't name the file I scanned but it claims no errors

I ran cli also to see if windows detected ...

I noticed your exe error said "kam.exe" had the error, did you rename the binary ?

[KoljaKrueckmeyer]

yes, I have renamed the binary.

[KoljaKrueckmeyer]

Chrome and Edge both report "Virus detected" for the download of https://github.com/redhat-developer/kam/releases/download/v0.0.42/kam_windows_amd64.exe

[jannfis]

Can you please share the sha256 checksum of the binary you downloaded?

[jduimovich]

Hi Jann,
I'm not the original reporter but this is the what I have and how I got the values in case that helps . The tool I used is certutil which I believe is part of the base windows install .
Note: On my machine it Chrome and Edge do not report a virus.

C:\Users\jduim\Downloads\kam>certutil -hashfile kam_windows_amd64.exe SHA256
SHA256 hash of kam_windows_amd64.exe:
7065435ec2710d2a3c4e7d800bc79bcc0b17ec1ba61334cbbc00312546010131
CertUtil: -hashfile command completed successfully.

C:\Users\jduim\Downloads\kam>dir kam_windows_amd64.exe
 Volume in drive C is OS
 Volume Serial Number is ACDC-7238

 Directory of C:\Users\jduim\Downloads\kam

2022-04-12  11:13 AM        47,888,896 kam_windows_amd64.exe
               1 File(s)     47,888,896 bytes
               0 Dir(s)  276,312,481,792 bytes free
 
C:\Users\jduim\Downloads\kam>kam_windows_amd64.exe version
kam version v0.0.42-0-gdb69fcb

[KoljaKrueckmeyer]

PS C:\Users\KoljaMariusKrueckmey> certutil -hashfile "C:\Program Files\oc\kam.exe" SHA256
SHA256 hash of C:\Program Files\oc\kam.exe:
7065435ec2710d2a3c4e7d800bc79bcc0b17ec1ba61334cbbc00312546010131
CertUtil: -hashfile command completed successfully.

[jannfis]

Thanks. I ran the file through virustotal.com, this is the result:

I would suspect a client-side issue.

[jannfis]

Seems Microsoft Defender flags some files some times, some times not. There are others having similar problems, e.g. tarkah/grout#35

The general recommendation seems to be to submit the file to Microsoft as a false positive via https://www.microsoft.com/en-us/wdsi/filesubmission

@wtam2018 @chetan-rns It may make sense to publish SHA256 checksums for the release assets, so that people can validate their downloads to make sure they have the same thing.