Virus in Windows Distribution

[Andrew-B-Smith]

Describe the bug

When downloading the Windows msi file I get this virus warning. When scanning it with other online virus detection websites, they also report it has a virus.

Andrew

Reproduction

Download and scan with virus software.

Platform and versions

Windows 11

Stack trace

No response

[undorev]

Possibly because it isn't signed.

Reference: https://learn.microsoft.com/en-us/windows/win32/msi/digital-signatures-and-windows-installer

[Andrew-B-Smith]

It's not that, it doesn't like the crypt library. I've rebuilt it from source and the virus checker doen't like the exe file.

Andrew

[franciscoBSalgueiro]

Why do you say it's due to the crypt library?

Tauri/rust apps are often flagged as malicious by windows defender, there isn't much I can do

[Andrew-B-Smith]

Virus total is showing this for the distributed msi file

[Andrew-B-Smith]

And this for the exe generated from source

[Andrew-B-Smith]

This is the scan for the exe from the distruted msi file

[karimbenbourenane]

Possibly because it isn't signed.

Reference: https://learn.microsoft.com/en-us/windows/win32/msi/digital-signatures-and-windows-installer

Can the maintainers of this project explain why we cannot get signed release packages? It's fairly common these days, and it creates a bunch of hoops to jump through in macOS (and it appears Windows as well) to not sign the release. Is it really that difficult/expensive that it cannot be easily done?

[franciscoBSalgueiro]

It's not difficult, but it's extremely expensive, especially when you're not making any money from the app. The donations definitely don't cover the hundreds of $ for the signatures. Also, according to Tauri developers, signing Windows apps isn't even guaranteed to remove the warning.