pigz is listed as Trojan on VirusTotal

Copper Contributor

Hi there,

One of our customers is using k3s and it detected "pigz" as Trojan by the Endpoint Protection. The report is as below on Virtus Total:

Screenshot 2024-03-22 at 10.42.15 AM.png


There's a discussion on k3s issues and k3s team are working on it.



The original files can be found in https://github.com/k3s-io/k3s-root/releases/download/v0.13.0/k3s-root-amd64.tar  Could we have your helps to clarify it if it's a false positive? Thanks.


2 Replies

@WayneChou1222 since Virus Total can also be considered as a big 'collection' of other 3rd parties antivirus/antimalware engine scan and detections results I believe that also working directly with many of those singular 3rd parties would have likely helped them to speed final confirmation their involved SW was just a temporary only 'false positive'.

Now because I've seen that Microsoft was also listed too I'd also have suggested those developers to also directly submit their application files ASAP (if they still hadn't already done so, given all the time that has already passed), via 'WDSI Submit a file' public web page, by using the available [ Software developer ] button that is specifically meant for 'Software providers wanting to validate detection of their products' and obviously after also reading the official 'submission guidelines', ok ?

P.S. I obviously hope ITMT such 'false positive' issue might have already been definitively solved. 0;-)
P.P.S. But if that didn't already really happened (or if it did so but only partially) then maybe you could even try to ask your customer to urge k3s dev team to also directly use above mentioned [ Software developer ] button based method always after reading the official 'submission guidelines'.

ITMT even your own customer, (or maybe even you after receiving their approval) may probably want to do the same (probably also depending if they just prefer to rely/depend only on Virus Total scan results or they may even just accept a variation in MS only scan results).
As you probably may have already noticed, in same 'WDSI Submit a file' public web page there's also a separate button usable by any 
Enterprise customer ] and specifically meant for 'Corporate account holders with licenses to run Microsoft security solutions in their businesses'...

HTHed too, and if it really did then please feel also very free to mark this post as a solution... Thx in advance :suprised::happyface:

Thank you @SwimmeRM for the information, it helps a lot!