Closed danielamiao closed 1 year ago
Here's a brain dump from my investigation of the issue(s): https://docs.google.com/document/d/1NhfgCOBlN710lEkEW3ROAREnd_vk5USW8k4Ze4bWIcM/edit?usp=sharing
The trojan classification is a false positive, and older versions are falsely flagged as well. The "!ml" class of trojans are surfaced via machine learning and are responsible for a ton of false positives. These are particularly prevalent for new software from small publishers like us.
Using VirusTotal (https://www.virustotal.com/gui/home/upload) to scan our CLI shows that all antivirus solutions supported by the site (over 60 different scanners) report that it is clean.
Instructions: https://github.com/momentohq/momento-cli#windows
Since the code changes from v0.21.0 to v0.21.1 are innocuous looking (changes only to the README), maybe something changed in the rust toolchain. That would change our build environment and the binary