Closed Ryuukae closed 9 months ago
codemakerai-dev
commented
9 months ago I am unable to reproduce this behavior on Chrome on MacOS in which the download is successful. If you have any doubts about the downloads, you are more then welcome to build the code directly from source code.
We will try to reproduce this issue.
Ryuukae
commented
9 months ago Thanks for the reply.
Here's what I was met with:
I have no knowledge of Go, how would I go about building the code? I'm using Windows 11.
codemakerai-dev
commented
9 months ago I am unable to confirm that there is anything wrong with the artifacts that we are building. This project is open source so that anyone can inspect the code base.
Those are the steps that I have taken to reproduce this issue.
git clone https://github.com/codemakerai/codemaker-cli.git
mkdir windows-amd64
GOOS=windows GOARCH=amd64 go build -o windows-amd64/bin/codemaker.exeThe website that you linked reports 4 malicious findings: https://www.virustotal.com/gui/file/151aa6aa1dc635a7e28b244e497999f6034296d9f30f491422896403739b3795
git clone https://github.com/codemakerai/codemaker-cli.git
mkdir windows-arm64
GOOS=windows GOARCH=arm64 go build -o windows-arm64/bin/codemaker.exeSame step this time the website reports 3 malicious findings: https://www.virustotal.com/gui/file/b093e0ceec39ba238d25b05b95d4f01e65a0acf5c282f66afa8493f1b6b6302e?nocache=1
3 of them do not even match the other report.
Now you can inspect the code base and see that the only thing that the code is doing is integrating with our SDK and executing the CLI commands, there is no other code there that is not performing the above task.
I went as far as to verify that my build toolchain was not affecting the result and built the artifact through a clean docker container.
FROM golang:latest AS build
USER root
WORKDIR /src
ENV CGO_ENABLED=0
COPY . .
RUN GOOS=windows GOARCH=amd64 go build -o /out/exampledocker cp build:/out/example - > codemaker.exeAnd once again uploaded it to the linked website. It is still reporting a malicious code: https://www.virustotal.com/gui/file-analysis/ZjY0ZDc2MTM5ZWRiZjUzMTkwMmIxYmJhNzE1MzNmOGU6MTcwNjEyODA2NA==
Which is impossible. The findings appear to be false positives in this case.
codemakerai-dev
commented
9 months ago I actually reached out to Virustotal and reported false and misleading results reporting. They have replied with the claim that they don't take responsibility for the results the show on their website.
VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We are not intended to be an authoritative reputation engine but rather provide intelligence and context to users so that they can make the best decision. 1/60 and even 5/60 doesn’t automatically mean “Bad”, and 0/60 doesn't always mean good. Each decision on whether something is malicious ultimately the responsibility of users or the security vendors who use the data to improve their services.
After a quick Google search, it appears that recently there had been a change on the way virus scanning tools handle Go compiled code on Windows incorrectly marking any code that was built with Go as malicious.
https://www.reddit.com/r/golang/comments/1729tuc/my_programs_keep_getting_flagged_as_viruses/
And this is correct. Even a Go hello world application is reported as invalid.
Steps to reproduce:
There is on thing we will try to do to mitigate that, but I am not sure if that will have any effect.
Ryuukae
commented
9 months ago Thank you for your detailed reply and the effort made to obtain that information. Deeply appreciate it.
so chrome itself blocked my download attempts and upon scanning the links with totalvirus, found three services listed https://github.com/codemakerai/codemaker-cli/releases/download/v0.0.14/codemaker-cli_Windows_x86_64.zip and https://github.com/codemakerai/codemaker-cli/releases/download/v0.0.12/windows-amd64.zip as being a virus. What's with that?