truekonrads
commented
1 year ago 
https://www.virustotal.com/gui/file/00db6782e44cdfe2351196911f038fc0e94e0eb48dcbdb3db88d1bbc71d89344
Open truekonrads opened 1 year ago
truekonrads
commented
1 year ago
https://www.virustotal.com/gui/file/00db6782e44cdfe2351196911f038fc0e94e0eb48dcbdb3db88d1bbc71d89344
vi
commented
1 year ago Is it duplicate of #172?
Do you have any additional confirmation (besides scanner results) that it is not a false positive?
Note that I have attached additional file "websocat_rebuild.x86_64-pc-windows-gnu.exe" which shows less (though nonzero) detection entries on VirusTotal.
truekonrads
commented
1 year ago Hi - same issue. I did a basic check to see if if the triggers are mostly on "socat" and the answer to that is yes. If I replace in the binary "socat" with something else and "dest-unreach" wit hsomething else the results are only 13/72 vs original 38/72. I think if you want to provide windows builds you need to EV code sign the artefacts or rename your project away from the word "socat". Have a look here for some code signing stuff.
vi
commented
1 year ago Some Windows builds of Websocat show no detections (example: https://www.virustotal.com/gui/file/a03ab5059a1250f88825315f9ee9297419d0104297f49a37bf3f2a3a6fc032f2).
rename your project away from the word "socat"
Socat is also a legitimate networking tool (and is a direct inspiration of Websocat). It should not be unconditionally detected as a malware, though malware, like other software, can use all those networking tools as components.
I don't think it's a good idea to condone to security scanners' false positives in such a drastic way as to rename the project.
EV code sign the artefacts
How do I do it (not being a Windows or Microsoft user)? Do you have a guide of Linux to Windows crosscompilation with code signing? Is EV code signing friendly towards Open Source? Should "Cosign" tool from the linked website provide protection from the false positives?