search

tizbac / proxmoxbackupclient_go

In development proxmox backup client written in golang, aimed at windows compatibility
GNU General Public License v3.0
193 stars 14 forks source link

Trojan detected in latest binaries #12

Closed gsly closed 7 months ago

gsly commented 10 months ago

Downloaded the latest version and Windows Defender found Trojan:Win32/Wacatac.B!ml in both executables.

tizbac commented 10 months ago

Hi, very likely false positive which already happened with other golang binaries , will check with clamav to make sure and see how to fix it

Il lun 1 gen 2024, 13:15 gsly @.***> ha scritto:

Downloaded the latest version and Windows Defender found Trojan:Win32/Wacatac.B!ml in both executables.

— Reply to this email directly, view it on GitHub https://github.com/tizbac/proxmoxbackupclient_go/issues/12, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABBV6SP4ZOLKR5USXDTMZTYMKSERAVCNFSM6AAAAABBI7NFH6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3DCNJSGUYDONY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

tizbac commented 10 months ago

Have reported it to microsoft, https://www.virustotal.com/gui/file/25a097bd743a59d7c7f8968408cc18c4b726e30afb41c8054a0555c47a600272/detection All detections are by Machine Learning / AI antivirus, may be the fact this program is reading files and sending them massively to pbs server and plus interacting with VSS triggering it

Tacioandrade commented 8 months ago

I believe that one of the reasons it is also being detected is because it uses VSS, creating and deleting snapshots. This really is something that can be seen as something risky and generating this false positive.

tizbac commented 7 months ago

As of now, i see it is no longer detected as virus by defender on virustotal