I just downloaded syncthing-windows-setup.exe and Avira Antivirus quarantied it when I tried to install. I downloaded it from here:
Please see False positive on Virustotal? · Issue #62 · Bill-Stewart/SyncthingWindowsSetup · GitHub. There is nothing that can be done on the Syncthing’s side about these false detections. You could report the file to your antivirus as a false positive.
2 Likes
Thanks for the fast reply and the link to related topics. BTW, I found what Avira didn’t like about the installer when trying to run it (interestingly, a manual scan with Avira and Malwarebytes found nothing wrong with the file after downloading, only Avira choked when I tried to run it).
Drop.Win32.APC.HE… (the last part of the virus name was cut off).
According to google, this is malware that drops and loads payload components. So my follow up question is - Being open source, is it possible that someone other than Bill uploaded software to the github site?
Thanks.
I think only if his account has been compromised, so theoretically “yes” (as in this case, the binaries aren’t built with GitHub actions). If you need this type of certainty, then I’d say you should probably build the installer from source.
2 Likes
Understood, thanks so much. I’m not looking for guarantees, as obviously that is not possible anyway. Your input as well as from other posts on this forum are good enough for me to go for it. Thanks again.