32-bit Windows Binaries are recognized as Virus

[Etienne-Carriere]

Hi,

The sf.exe in 32 bits is recognized as a Virus by F-Secure Antivirus as a Variant.Graftor.296960 It happened with the versions : 1.6.1 => 1.6.5 . The versions 1.6.0 and 1.5.0 are not affected (I didn't analyse older versions). No issues with 64 bits. Unfortunately, the virus databases definition are non public so we can't know why there is this false positive. I will give thoses files to clamav to see if it detects something.

Regards,

[Etienne-Carriere]

Hi,

I also open a case to F-Secure.

Regards,

[richardlehane]

thanks for letting me know and for reporting to F-Secure!

From v1.6.1 upwards, I've been automating the windows builds with https://www.appveyor.com/ . For all earlier versions I was doing the windows builds myself. I doubt it is appveyor itself causing this, more likely the fact that when I was doing builds myself I was using an old golang compiler (v1.4) and the appveyor builds use much more recent versions of golang (1.6 and 1.7).

A workaround for this issue, if you need to install on a work machine with virus policies, may be to build siegfried from source with golang 1.4 (available here: https://golang.org/dl/). I'm happy to help with this if you need.

[Etienne-Carriere]

Hi,

I just receive the confirmation from F-Secure that it is a false positive that will be excluded from threat in the next virus database update.

Regards,

[richardlehane]

brilliant, thanks very much for doing that cheers Richard

[Etienne-Carriere]

Hi,

The sf.exe in 1.6.5 32 bits has been whitelisted (and i confirmed it is ok) but the previous versions are still considered as a virus so I fear the next version will also be considered as a virus.

I will give them your elements about your build system (https://www.appveyor.com/)

Regards,

[Etienne-Carriere]

It can be closed . The version 1.7.0 was nos recognized as a false positive virus by F-Secure.

[richardlehane]

thanks for following this up @Etienne-Carriere