Virus detected warning when downloading javy-x86_64-windows-v4.0.0.gz

[kpym]

Virus detected warning when downloading javy-x86_64-windows-v4.0.0.gz

Issue description

When I attempted to download the file javy-x86_64-windows-v4.0.0.gz (version 4.0.0) on Windows, my antivirus software flagged it with the message "Virus detected" and blocked the download. This could discourage users from using the tool.

Steps to reproduce

1. Use a Windows machine with antivirus enabled (e.g., Windows Defender).
2. Download the file javy-x86_64-windows-v4.0.0.gz.

Expected behavior

The file should download without being flagged as a potential virus.

Actual behavior

The antivirus software blocks the download and displays a "Virus detected" warning.

Screenshot

Environment

• OS: Windows 10 Pro
• OS Version: 10.0.19041 Build 19041
• Architecture: 64-bit
• Antivirus: Windows Defender
  • AMProductVersion: 4.18.24090.11
  • AntispywareEnabled: True
  • RealTimeProtectionEnabled: True

Please investigate whether the file is safe or if there's an issue with how it's packaged.

Additional Note

I did not encounter this issue when downloading the file javy-x86_64-windows-v3.2.0.gz, it downloaded without being flagged by antivirus.

[jeffcharles]

Thanks for reaching out! I just gave this a try on my Windows 10 computer running the same version of Windows Defender (4.18.24090.11) with anti-spyware and real time protection enabled and using security intelligence version 1.421.639.0 and was not able to reproduce the problem. The download of the javy-x86_64-windows-v4.0.0.gz succeeded. The executable file attached to the release has the exact same md5sum as the executable artifact created by the build assets GitHub Actions workflow job that ran for the 4.0.0 release so it's safe. I'm not sure why it would be flagged as a virus.

Do you mind sharing which browser including version you used to attempt the download?

Do you have any additional anti-virus software running?

In terms of how the release artifact is generated, this GitHub action workflow run backed by this source code created the release artifacts. You can click on summary and see check the artifacts created as part of that job if you're curious.

[jeffcharles]

FWIW, I ran the gz file through virustotal.com and it says:

No security vendors flagged this file as malicious

The sha-256 hash for the file matches up with the sha-256 hash attached to the release for that binary as well.

[kpym]

Do you mind sharing which browser including version you used to attempt the download?

Chrome Version 131.0.6778.108 (Official Build) (64-bit)
But I checked also with Edge and the issue is the same : Windows Defender detect a virus.

Do you have any additional anti-virus software running?

No.

Here is what I have in my protection history.

[jeffcharles]

Are you able to reproduce this issue on other Windows 10 machines or Windows 10 virtual machines running Windows Defender?

[ktzanev]

Are you able to reproduce this issue on other Windows 10 machines or Windows 10 virtual machines running Windows Defender?

I've got Windows 10 machines (no virtualisation used), but I haven't had a chance to check on another one yet.

I have seen many other false positives with Windows Defender. It may be that the slightly modified version 4.0.1 is no longer detected as a virus. I think the best thing you can do is just wait and see ;)