`go install` triggers malware detection

chainguard-dev / malcontent

detect malicious program behaviors

Apache License 2.0

407 stars 26 forks source link

`go install` triggers malware detection #75

Closed josephlewis42 closed 5 months ago

josephlewis42 commented 6 months ago

Installing bincapz as specified in the README using go install causes go to download and save the testdata directory in its mod cache. testdata contains samples that trigger malware scanners.

Would it be possible to either distribute binaries, make it so the samples are obfuscated (e.g. in zip files with the "infected" password or encrypted), or something else to prevent this?

Thanks!

tstromberg commented 6 months ago

I think that should be possible - any tip as to what scanner was triggering this?

cruiserh commented 6 months ago

The tool uses a scanner developed by ReversingLabs.

tstromberg commented 6 months ago

I asked because I've run into something similar with Elastic Defend—but it triggers on the YARA rules rather than the testdata.

I'm open to providing binaries - particularly if someone contributes the GitHub actions configuration to do so.