Gitea v1.21.11 removed by Windows Security #30593
Comments
|
Many antivirus softwares do very bad with Golang programs .... these softwares just add a lot of unchecked fingerprints into their virus database ..... then unfortunately, some malwares written by Golang keep polluting their database and make a lot of normal Golang programs false-positive. For example:
|
wxiaoguang
added
type/upstream
|
Submitting Gitea releases to Microsoft as a software developer should enable Gitea to be marked as safe by Microsoft. (I could also do it as a home customer, but this would obviously have much less impact than if the Gitea team would do a submission as a software developer, since they'll be regarded much more trustworthy than any random person that submits a file.) |
|
All you can do is submit the executable to the A/V company so they can clear it. I have Todo this occasionally with my python applications that I turn into an exe with cx_freeze Who should submit? Well all of us because the more positive request the quicker it will be cleared. Could gitea "work around it" ... But that's what viruses do.... A all-clear signature is required to override a virus-signature. Could golang do something ... Maybe, the compiler could change the machine code so it doesn't create a know signature Could gitea the corp do something, possibly once it gets a bit more momentum as they can provide a creditable point of contact to give the ok to their exe |
|
Related: #30488. Ultimately I think it's likely only something that golang could attempt to workaround. |
|
While I agree golang should do a much better job here, the submission page says "Software providers wanting to validate detection of their products" for the "Software developer" option. So I believe if the Gitea team were to do this, the false positive would soon be fixed and it would likely also prevent future releases from being falsely flagged.
I believe that a single submission by a member of the Gitea team, via the "Software developer" option, would help much more than dozens of individual submissions via the "Home customer" option. |
|
If the signature detected is inside the golang runtime chunk of the binary, only golang can realistically "fix" it. |
|
Closing, as Windows Security no longer flags the binary and false positives can be resolved (much quicker than I thought) by submitting the file to Microsoft ourselves. Thanks for the swift responses. |
Description
Tuesday I upgraded to v1.21.11.
Yesterday I attempted to push a commit to Gitea, which failed: Windows Security had detected/quarantined/removed the Gitea executable as
Trojan:Script/Wacatac.H!ml.Note that I had been able to push commits a couple of hours before, so I assume there's been an update of the antivirus definitions in between.
Also note that the removal only occurred when I tried to actually push a commit, so the running Gitea process wasn't considered problematic as such (assuming Windows scans all running processes whenever the antivirus definitions are updated).
This is similar to #30488 and I understand it's a false positive, but I'd rather not add an antivirus exclusion.
Gitea Version
v1.21.11
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
Git Version
git version 2.42.0.windows.2
Operating System
Windows 11
How are you running Gitea?
Running https://dl.gitea.com/gitea/1.21.11/gitea-1.21.11-gogit-windows-4.0-amd64.exe as a Windows service
Database
SQLite
The text was updated successfully, but these errors were encountered: