Arduino 101 - McAffee reports trojan in arduino101load.exe

[facchinm]

Issue opened by @VisualMicro in arduino/Arduino#4952

Running windows and 1.6.9.
I just installed the 1.0.5 Intel core. The previous 1.0.4 was ok.
McAffee report attached.

[bbaltz505]

I pulled the source for the 1.6.4+1.19-windows tag and built it. Initially, there were significant differences between the rebuilt binary and the one in GitHub but then I noticed many of them were a build path. Once I renamed the source folder to match the original build folder name then the rebuilt and released binaries match exactly.
This is built on an Ubuntu 12.04 LTS 64-bit with:

• go version go1.5.3 linux/amd64
• mingw-w64 2.0.1-1

[facchinm]

It's obviously a false positive, sorry for not reporting it earlier 😄
The build from sources matches with the binary

[VisualMicro]

Good news. Thanks for investigating so promptly. I will report it to McAffee.

[calvinatintel]

The .go scripts in the same directory are the source for the arduino101load.exe for those who want to compile their own copy.

VirusTotal scan detects 8 out of 56 matches which is rather low. Most hits say "proxy" and McAfee-GW-Edition says "BehavesLike.Win32.Downloader.wh". Since arduino101load.exe is used for communicating with the board, I suspect that a code snippet was incorrectly identified as a malicious uploader.