Menu

#114 False positive in 'emailrelay-keygen.exe'

v1.0 (example)
closed
nobody
None
5
2025-06-19
2025-06-18
No

Greetings,

In the latest release the file 'emailrelay-keygen.exe' is being flagged as a virus by ESET. On VirusTotal, one engine flags it as a virus.
I assume it's a false positive.

Sincere regards,
Mario

Discussion

  • Graeme Walker

    Graeme Walker - 2025-06-19

    Thanks for taking the trouble to let me know. There are only a few dozen lines of code in that executable that are not from the MbedTLS project (until recently part of Arm Holdings), so quite easy to audit. The released binaries were built on a VM from Microsoft, with no network access. If you want to do your own clean-room build you should look at the "emailrelay-build" repository on github. My own experiments with virus-scanning aggregators have led me to the conclusion that their false positive rates render them completely worthless. YMMV

     
  • Graeme Walker

    Graeme Walker - 2025-06-19
    • status: open --> closed
     
  • Graeme Walker

    Graeme Walker - 2025-06-19

    I should add that the keygen executable is optional, so you can delete it from the release zipfile. The only consequence will be that if you enable server-side TLS in the installation GUI it will require an existing certificate file rather than generating one itself.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.