You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This was first flagged by my company's security team. When I checked it at virustotal.com, the latest 3.1.0 beta is flagged with Trojan.PSW.Disco.frp and Trojan.Malware.300983.susgen:
All of the builds are done via a single github action, not from my personal machine, so I think the likelihood that it's a false positive is high. The builds leverage a 3rd party build & packaging tool: goreleaser
Virustotal doesn't make it clear what file is triggering the warning, although I would expect one of the EXEs, as the compiled UI assets would be the same in the Linux release.
If we can narrow it down to a particular file, we could try building that outside of github and see if it still triggers.
Edit: I should note that the Inbucket program does not try to phone home, or do any analytics/telemetry collection.
Virustotal doesn't make it clear what file is triggering the warning, although I would expect one of the EXEs, as the compiled UI assets would be the same in the Linux release.
If we can narrow it down to a particular file, we could try building that outside of github and see if it still triggers.
It's inbucket-client.exe, though I expect the Go links are probably correct.
This was first flagged by my company's security team. When I checked it at virustotal.com, the latest 3.1.0 beta is flagged with Trojan.PSW.Disco.frp and Trojan.Malware.300983.susgen:
https://www.virustotal.com/gui/file/9cbf8a7bc63935a5f7f74480eb3fd72610a12b469677003c5fc9a0f268d36f5a?nocache=1
The 3.1.0 Linux build comes up clean. Are these false positives?
Older builds have similar results.
The text was updated successfully, but these errors were encountered: