Windows security detects trojan in windows release.

[osmanizbat]

Hi,

Windows security detects usql.exe file in usql-0.10.0-windows-amd64.zip release as "Trojan:Win32/Wacatac.D!ml" and quarantines it. Have any ideas?

OS: Windows 10 Pro, Build: 19044.1706

[kenshaw]

Thanks for bringing this to my attention. I really don't know where this is coming from. My guess is that there are viruses built/made with Go that use similar dependencies that usql uses. For what it's worth, I build usql releases on a VM that has nothing else installed except for the utilities needed to build usql itself.

I am of course extremely concerned about this. I'll dig deep into the issue/cause here. If, somehow, my VM has become infected (I can't imagine how, since I don't use it for anything other than building usql), I'll rectify the issue and publish a new binary build for Windows. In the interim, I'd suggest building from source for Windows.

[kenshaw]

I've looked into this, and I believe this is a false positive and it seems to have flagged other Go applications at times namely ngrok and cloudflared. I'm closing this for now, as I don't believe the binary has an actual virus/trojan.

[osmanizbat]

Thanks @kenshaw, Your guess about using similar dependencies that are used in viruses makes sense. As I investigated, Windows Defender's machine learning algorithm might cause such false positives sometimes. ml suffix expresses this. By the way after I've checked the Windows Defender update today, it doesn't detect as trojan anymore.

[vazbloke]

Can confirm that building from source in an MSYS2 environment on windows has 0 virus flags on virustotal