Open carolosfw opened 5 months ago
vladmos
commented
5 months ago Which version does it analyze? Where does it take it from? The file name is buildozer-darwin-amd64-2 which is a bit suspicious because the files uploaded to Github releases don't contain the -2 suffix.
carolosfw
commented
5 months ago Try upload this file to virus total: https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildozer-darwin-amd64
The -2 was introduced while I was testing multiple versions.
The last version that doesn't have this issue is 6.0.0
https://www.virustotal.com/gui/file/d29e347ecd6b5673d72cb1a8de05bf1b06178dd229ff5eb67fad5100c840cc8e?nocache=1
VirusTotal has detected some issues and the sandbox seems to detect some strange behaviour.
Just want to confirm if this is a false positive or possibly a supply chain attack.