Gitea 1.22 detected as virus by windows defender #12844

New Issue

Closed

opened 2025-11-02 10:22:39 -06:00 by GiteaMirror · 7 comments

GiteaMirror commented 2025-11-02 10:22:39 -06:00

Owner

Copy Link

Originally created by @yp05327 on GitHub (Apr 15, 2024).

When download gitea 1.22 from dl.gitea.com, I got a warning from windows defender.
1.21.10 is fine.

Originally created by @yp05327 on GitHub (Apr 15, 2024).  When download gitea 1.22 from dl.gitea.com, I got a warning from windows defender. 1.21.10 is fine.

GiteaMirror added the issue/needs-feedback label 2025-11-02 10:22:39 -06:00

GiteaMirror closed this issue 2025-11-02 10:22:39 -06:00

GiteaMirror commented 2025-11-02 10:22:40 -06:00

Author

Owner

Copy Link

@yp05327 commented on GitHub (Apr 15, 2024):

gitea-1.22.0-rc0-windows-4.0-amd64.exe is also ok

the detected virus is Trojan:Win32/Wacatac.B!ml

@yp05327 commented on GitHub (Apr 15, 2024): `gitea-1.22.0-rc0-windows-4.0-amd64.exe` is also ok the detected virus is `Trojan:Win32/Wacatac.B!ml`

GiteaMirror commented 2025-11-02 10:22:40 -06:00

Author

Owner

Copy Link

@42wim commented on GitHub (Apr 15, 2024):

That's an issue with defender, they seem to be labeling almost every Go program with Trojan:Win32/Wacatac.B!ml
See also https://go.dev/doc/faq#virus

For fun, try compiling a go windows binary that just prints "hello world" and upload it to virustotal.com :)
(https://www.virustotal.com/gui/file/0f7a665f7bb31e36fe33daa4608799f916a365dee74df18f1d5c75615083315b?nocache=1)

@42wim commented on GitHub (Apr 15, 2024): That's an issue with defender, they seem to be labeling almost every Go program with `Trojan:Win32/Wacatac.B!ml` See also https://go.dev/doc/faq#virus For fun, try compiling a go windows binary that just prints "hello world" and upload it to virustotal.com :) (https://www.virustotal.com/gui/file/0f7a665f7bb31e36fe33daa4608799f916a365dee74df18f1d5c75615083315b?nocache=1)

GiteaMirror commented 2025-11-02 10:22:40 -06:00

Author

Owner

Copy Link

@silverwind commented on GitHub (Apr 15, 2024):

Maybe it needs some kind of signature in the binary. How to other go programs avoid this?

@silverwind commented on GitHub (Apr 15, 2024): Maybe it needs some kind of signature in the binary. How to other go programs avoid this?

GiteaMirror commented 2025-11-02 10:22:41 -06:00

Author

Owner

Copy Link

@silverwind commented on GitHub (Apr 15, 2024):

https://github.com/golang/vscode-go/issues/3182 looks related, but likely their fix does not apply to gitea.

@silverwind commented on GitHub (Apr 15, 2024): https://github.com/golang/vscode-go/issues/3182 looks related, but likely their fix does not apply to gitea.

GiteaMirror commented 2025-11-02 10:22:41 -06:00

Author

Owner

Copy Link

@42wim commented on GitHub (Apr 15, 2024):

Afaik there is no general way for the "little man", thats the sad state of antivirus at the moment. We're having the same issue with in-house software, even with certificate signing.

You can upload it to the different antivirus vendors and have them check it and whitelist it.
https://www.microsoft.com/en-us/wdsi/filesubmission

More complaints to be found here: https://github.com/kachick/dotfiles/issues/442

@42wim commented on GitHub (Apr 15, 2024): Afaik there is no general way for the "little man", thats the sad state of antivirus at the moment. We're having the same issue with in-house software, even with certificate signing. You can upload it to the different antivirus vendors and have them check it and whitelist it. https://www.microsoft.com/en-us/wdsi/filesubmission More complaints to be found here: https://github.com/kachick/dotfiles/issues/442

GiteaMirror commented 2025-11-02 10:22:41 -06:00

Author

Owner

Copy Link

@silverwind commented on GitHub (Apr 15, 2024):

Likely it just searches for some static strings in the binary which then causes the false-positive, so maybe it's possible to eliminate/obfuscate these parts of the binary. If those parts happen to be inside golang runtime parts, the issue should be reported to the golang/go repo.

https://mrd0x.com/bypass-static-detection-windows-defender/

@silverwind commented on GitHub (Apr 15, 2024): Likely it just searches for some static strings in the binary which then causes the false-positive, so maybe it's possible to eliminate/obfuscate these parts of the binary. If those parts happen to be inside golang runtime parts, the issue should be reported to the golang/go repo. https://mrd0x.com/bypass-static-detection-windows-defender/

GiteaMirror commented 2025-11-02 10:22:41 -06:00

Author

Owner

Copy Link

@yp05327 commented on GitHub (Apr 15, 2024):

I can't reproduce this on my personal PC. But my PC is Windows 11.
My office's PC is Windows 10, and may have some special settings from the company (not sure).

@yp05327 commented on GitHub (Apr 15, 2024): I can't reproduce this on my personal PC. But my PC is Windows 11. My office's PC is Windows 10, and may have some special settings from the company (not sure).

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label issue/needs-feedback

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#12844