Why does VirusTotal say that some vendors flag the .exe as Trojan.Malware?

[Robinzon100]

[andrewkroh]

False positives are a pretty common occurrence for Go programs. See https://go.dev/doc/faq#virus.

You should be able to reproduce the same false positives if you build from source, and retest your binaries. The binaries attached to releases are fully produced within Github Action runners via automation and the toolchain should be entirely reproducible if you review the GH action config and go.mod.

Here's a scan of gvm-windows-amd64.exe from v0.5.2: https://www.virustotal.com/gui/file/27ef4c679475e480346fcfd4e3d8acc254f476491eeb6c572897e8960b5ed8dc

[andrewkroh]

NVM had a similar issue with Crowdstrike Falcon. https://github.com/coreybutler/nvm-windows/issues/769

[Robinzon100]

My apologies Andrew @andrewkroh I should have researched this more, instead of creating an issue