The .exe embedded in the installation zip file triggers malware detection in Sophos #41
Comments
|
I'm not sure why it would trigger Sophos' malware detection, although that doesn't sound great... Maybe you can try building the module from source on your Windows machine? We use karalabe/xgo for cross compilation to publish the executables. I don't have access to a Windows machine, so I can't do it myself :( After you GIT_HASH=$(git rev-parse HEAD)
VERSION=$(git describe --tags HEAD)
LD_FLAGS="-X github.com/aotimme/gocsv/cmd.VERSION=${VERSION} -X github.com/aotimme/gocsv/cmd.GIT_HASH=${GIT_HASH}"
mkdir bin
go build -ldflags "${LD_FLAGS}" -o bin/gocsv.exe(apologies in advance if my syntax is wrong for Windows or if I forgot a step) Then you can check if Sophos triggers for the built file I think that should result in the same binary that is in the v1.0.0 release. For comparison, here is what I get when I check the MD5 and SHA-1 on that $ file gocsv.exe
gocsv.exe: PE32+ executable (console) x86-64, for MS Windows
$ shasum gocsv.exe
0dd2c0490520d48cccacb8ca7c4a3e03dce498e4 gocsv.exe
$ md5 gocsv.exe
MD5 (gocsv.exe) = 2f3657c6c478f2f8f320ad35dd1b673fNote that these don't match the hashes from the Sophos website for CXrep/MalGo-A published here. |
|
Could this project use |
|
@dynajoe, I'm not super familiar with the Go tool chain, but the way I see that this project is set up, no, it needs that script to inject the GIT_HASH and VERSION string into the binary. This has been a standard practice in Go for a while, How to set package variable using -ldflags -X in Golang build. That practice may now be superseded by go:generate and go:embed, A better way than “ldflags” to add a build version to your Go binaries. That said, when I want to make changes, I just use |
I've downloaded
gocsv-windows-4.0-amd64.zipand when I extract gocsv.exe, it triggers Sophos' malware detection.The malware in question is identified as CXrep/MalGo-A. Is there an alternative?
The text was updated successfully, but these errors were encountered: