jarmo
commented
8 months ago @mora-01 thank you for your report.
I built WindowsForms.exe myself and uploaded it to virustotal (https://www.virustotal.com/gui/file/055dc4f55b3c69fb85a1dd6364ce9a8b4b261e95c46af6ac24d5002cfa5ed8ba?nocache=1) and can verify that 4 out of 72 think that it is malicious.
I have a strong reason to believe that it's a false-positive - WindowsForms.exe is not committed to the repository, but it is built with rake build using source code part of the repository at [ext/WindowsForms](). This executable is used for running specs to test that RAutomation can handle Windows UI elements as expected. Since executable is built by anyone running specs (or just rake build:windows_forms) then it is possible in theory that during building this executable an infected machine can make a malicious executable. But it's definitely not the first time in history when some AV-software is being too careful.
Since all the source code is fully visible in this repo to build WindowForms.exe then if you (or anyone else) can locate a malicious code within [ext/WindowsForms]() (or anywhere else within this repository) then please reopen/recreate an issue, which shows that. Until this I will close this issue.
Still, thank you for bringing this under attention and it's better to be safe than sorry.
Hi, Pls, beware, rautomation gem is considered as malicious. I submitted WindowsForms.exe to https://www.virustotal.com for analyse and here is the result.