Gitea 1.22 detected as virus by windows defender

[yp05327]

When download gitea 1.22 from dl.gitea.com, I got a warning from windows defender.
1.21.10 is fine.

[yp05327]

gitea-1.22.0-rc0-windows-4.0-amd64.exe is also ok

the detected virus is Trojan:Win32/Wacatac.B!ml

[42wim]

That's an issue with defender, they seem to be labeling almost every Go program with Trojan:Win32/Wacatac.B!ml
See also https://go.dev/doc/faq#virus

For fun, try compiling a go windows binary that just prints "hello world" and upload it to virustotal.com :)
(https://www.virustotal.com/gui/file/0f7a665f7bb31e36fe33daa4608799f916a365dee74df18f1d5c75615083315b?nocache=1)

[silverwind]

Maybe it needs some kind of signature in the binary. How to other go programs avoid this?

[silverwind]

golang/vscode-go#3182 looks related, but likely their fix does not apply to gitea.

[42wim]

Afaik there is no general way for the "little man", thats the sad state of antivirus at the moment. We're having the same issue with in-house software, even with certificate signing.

You can upload it to the different antivirus vendors and have them check it and whitelist it.
https://www.microsoft.com/en-us/wdsi/filesubmission

More complaints to be found here: kachick/dotfiles#442

[silverwind]

Likely it just searches for some static strings in the binary which then causes the false-positive, so maybe it's possible to eliminate/obfuscate these parts of the binary. If those parts happen to be inside golang runtime parts, the issue should be reported to the golang/go repo.

https://mrd0x.com/bypass-static-detection-windows-defender/

[yp05327]

I can't reproduce this on my personal PC. But my PC is Windows 11.
My office's PC is Windows 10, and may have some special settings from the company (not sure).