Open aaronps opened 3 years ago
Unfortunately there’s not much I can do. It’d be great to get someone with Go experience and a Windows machine to figure out what’s causing the false positive
On Thu, 24 Dec 2020 at 8:43 pm Aaron Perez Sanchez notifications@github.com wrote:
I tried the following:
- Downloaded twice
- Checked the hashes
- Uncompressed with 7zip
- Uncompressed with gunzip in git bash prompt
As soon as chisel.exe is written, the antivirus complains.
I see this is the second time something similar happens: #157 https://github.com/jpillora/chisel/issues/157 I'm not going to use this or try to compile from source but at least let you know it happens.
Recommend to check the binaries on a windows system before uploading to Github.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jpillora/chisel/issues/229, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE2X47NEDN33FTGS7VKZWTSWMELXANCNFSM4VIAQXWA .
Kaspersky Lab. antivirus: chisel_1.7.3_windows_amd64 -> HEUR:HackTool.Win32.Chisel.a
I try to compile from source but it's still complains by Kaspersky Lab. antivirus.
I submitted a false positive to Avast and Windows AntiSpam (or whatever it's called today), and so far only Avast has replied.
Hello,
Thank you for submitting this.
Our virus specialists have removed the threat detection, however, it will be still classified as a PUP - potentially unwanted.
Please find further details in the following article: Avast Clean Guidelines.
With regards,
Avast Customer Care
Compiled a windows executable from source and submitted to virus total
So for future reference, compiling from source won't help
I guess it's technically correct. It can be used as a "hack tool" but so can ssh(1)
. I'll leave this open so people can find it though not sure what we can do other than put anti-anti-virus measures in place, and I don't want to go down that road, though I'm open to other solutions
Is there a Powershell command that achieves the same as clicking into Windows Defender control panel -> "Allow threat" -> Start actions?
For those who're not looking for an alternative: I used a hexeditor and replaced all chisel to murloc (case insensitive, all 6-char string should work) so that it bypassed Windows Defender. Tested both 32 and 64 bit on Version: 1.7.6 (go1.16rc1).
For those who're not looking for an alternative: I used a hexeditor and replaced all chisel to murloc (case insensitive, all 6-char string should work) so that it bypassed Windows Defender. Tested both 32 and 64 bit on Version: 1.7.6 (go1.16rc1).
Does not work on the latest versions because client sends a string containing 'chisel', and server expects to see that string. A blind replacement will break that part.
I tried the following:
As soon as
chisel.exe
is written, the antivirus complains.I see this is the second time something similar happens: #157 I'm not going to use this or try to compile from source but at least let you know it happens.
Recommend to check the binaries on a windows system before uploading to Github.