in a routine procedure before using a new binary, I uploaded the latest Linux releases 7.0.0, 7.1.0, and 7.1.1 to https://www.virustotal.com/. This runs over 60 malware scanners. Note that I don't have any reason to believe that anything shady is going on.
Here, I discovered that the 7.1.0 and 7.1.1 releases got flagged by 3 respectively 4 scanners while 7.0.0 did not raise any concerns.
While I do believe they are false positives, please have a look what could have caused this. Maybe there were some (transitive) dependency updates containing code that could be viewed as malicious?
lucas-koehler
commented
4 days ago
Dear Yubico team,
in a routine procedure before using a new binary, I uploaded the latest Linux releases 7.0.0, 7.1.0, and 7.1.1 to https://www.virustotal.com/. This runs over 60 malware scanners. Note that I don't have any reason to believe that anything shady is going on.
Here, I discovered that the 7.1.0 and 7.1.1 releases got flagged by 3 respectively 4 scanners while 7.0.0 did not raise any concerns.
While I do believe they are false positives, please have a look what could have caused this. Maybe there were some (transitive) dependency updates containing code that could be viewed as malicious?
Scans
No flags for yubico-authenticator-7.0.0-linux.tar.gz : https://www.virustotal.com/gui/file/ec6bdca21ffabb0565d0d63f3e5525953dbb98b7ac2263bacea3770a18555ee5
3 flags for yubico-authenticator-7.1.0-linux.tar.gz: https://virustotal.com/gui/file/c06e8dbe854d34370bba85f169d8ae88864c3e046875ff783557fb259d477837
4 flags for yubico-authenticator-7.1.1-linux.tar.gz: https://www.virustotal.com/gui/file/f553503a810ded105254d4b537434d4870657c5240bf43c1a47afae798ace3f2/detection