Hi. Not sure if you can do anything with this, but looks like some binaries from 1.6.0 are flagged by VirusTotal: https://www.virustotal.com/gui/file/aee23e5e4f50c4ed8aaeaadd54117c1f85ecaa5679efee9c428197427e01d944/detection

Apparently not much. I rebuilt everything with go1.17.9 and updated all the dependencies to the latest versions - same results. Should say that "detection" looks pretty fishy to me - depending on if I use .zip file with release or .exe it gives me different results. I guess somebody started using go to build malware and signatures become marked.

Makes sense, thanks for looking. In my particular situation, antivirus detects sorelay.exe as malware (at the same time I am using npiperelay.exe without issues). However I still use win-gpg-agent - just connect WSL gpg to it using https://github.com/BusyJay/gpg-bridge.

sorelay scan by VirusTotal shows exactly the same "signatures" as agent-gui:

I guess we have to wait till the AV model gets enough data. I do think, however, that if you download release zip from github and validate its integrity with minisign using provided key - there would be no virus there.

sorelay scan by VirusTotal shows exactly the same "signatures" as agent-gui:

Yes, and this also makes me wonder why my particular antivirus (corporate one) flags sorelay and has no concerns about agent-gui. Anyway, thanks for great utility!