trojan.barys detected by BitDefender, GData, and McAffee

[onmyouji]

Hello,

Just want to report that windows_krokiet.exe is flagged as malicious by some popular antivirus like BitDefender, GData, and McAffee

https://www.virustotal.com/gui/file/c98191d420f3c66f56fab9e232e604c354ecae30513b79497f8430f6111be42c/detection

[qarmin]

This is strange, Binaries comes directly from "Version 7.0" commit, you can verify sha256sum - https://github.com/qarmin/czkawka/actions?query=event%3Apush++

Binaries which I used were cross-compiled on linux, but looks that also compiled on windows binaries show the same problem, with a lower number of detections - https://www.virustotal.com/gui/file/91764fcdae8acf9b0c028a00f8ebe007a4cd934af745a4969c8349ac5b5f623b/detection

The problem happens with slint backend but not with GTK, so I tried to compile gallery slint example and it not found same set of threats - https://www.virustotal.com/gui/file/da564cd2952daba700370bd3386a04b83996c3c6338f72eda9de9582c13aa7d0

Linux version not show anything - https://www.virustotal.com/gui/file/9b455e816727504446b7928cd3f5133e5cad55e41d6f8dc4913fbdb2929189d2

So my guess is that combination of slint + other dependencies + windows + fat lto results in the display of these warnings.

https://www.virustotal.com/gui/file/c98191d420f3c66f56fab9e232e604c354ecae30513b79497f8430f6111be42c/behavior - not shows for me any suspicious behavior

If anyone have such warning on local computer, please report exe sample to antivirus provider, so maybe in future none of this apps will flag krokiet as threat.

[qarmin]

I manually compiled windows exe without lto, from linux in release mode, and virustotal showed only 1 possible threat, so looks that lto may be considered as code obfuscation, that also viruses do.

[onmyouji]

Closing this issue, thank you