In the latest release the file 'emailrelay-keygen.exe' is being flagged as a virus by ESET. On VirusTotal, one engine flags it as a virus.
I assume it's a false positive.
Thanks for taking the trouble to let me know. There are only a few dozen lines of code in that executable that are not from the MbedTLS project (until recently part of Arm Holdings), so quite easy to audit. The released binaries were built on a VM from Microsoft, with no network access. If you want to do your own clean-room build you should look at the "emailrelay-build" repository on github. My own experiments with virus-scanning aggregators have led me to the conclusion that their false positive rates render them completely worthless. YMMV
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I should add that the keygen executable is optional, so you can delete it from the release zipfile. The only consequence will be that if you enable server-side TLS in the installation GUI it will require an existing certificate file rather than generating one itself.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for taking the trouble to let me know. There are only a few dozen lines of code in that executable that are not from the MbedTLS project (until recently part of Arm Holdings), so quite easy to audit. The released binaries were built on a VM from Microsoft, with no network access. If you want to do your own clean-room build you should look at the "emailrelay-build" repository on github. My own experiments with virus-scanning aggregators have led me to the conclusion that their false positive rates render them completely worthless. YMMV
I should add that the keygen executable is optional, so you can delete it from the release zipfile. The only consequence will be that if you enable server-side TLS in the installation GUI it will require an existing certificate file rather than generating one itself.