{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihqghnvefvlfepdnnb7jeez4z6hgo5pvhfhdb2vgbbqybnxyapjkq",
    "uri": "at://did:plc:34cg4tn4iwemk3v5k3n3adwf/app.bsky.feed.post/3mhz3jjybajk2"
  },
  "path": "/t/afwall-4-0-2-f-droid-build-flagged-as-malicious/34206#post_1",
  "publishedAt": "2026-03-26T20:38:08.000Z",
  "site": "https://forum.f-droid.org",
  "tags": [
    "virustotal.com",
    "VirusTotal",
    "github.com/ukanth/afwall",
    "[ISSUE] 4.0.2 F-Droid - virus ?",
    "cayenne17"
  ],
  "textContent": "Hi folks!\n\nThe F-Droid build of AfWall 4.0.2 made 5 engines on VirusTotal go crazy:\n\nvirustotal.com\n\n### VirusTotal\n\nVirusTotal\n\nThe build directly from github was fine on the other hand.\n\nThe developer of AfWall suspected a false positive because of gcc static compiled binaries and released a new version with NDK binaries. But he had no explanation for why his build didn’t trigger any engines, while the F-Droid build did. More context here:\n\ngithub.com/ukanth/afwall\n\n####  [ISSUE] 4.0.2 F-Droid - virus ?\n\nopened 05:34PM - 25 Feb 26 UTC\n\nclosed 06:14AM - 01 Mar 26 UTC\n\n\n\n          cayenne17\n        \n\nCritical\n\nhttps://www.virustotal.com/gui/file/69b70b8da4c891ce7b194dea7d9abff6bea1e35d674f…9dbccb272f44eee7b493?nocache=1 <img width=\"1359\" height=\"601\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/a35c6501-a590-4b2c-8ef9-fd08565eb897\" /> <img width=\"1002\" height=\"1280\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/0d71c701-f3d5-4776-8383-eed412cb33d5\" />\n\nThere was no issue with 4.0.1 and 4.0.3 from F-Droid, by the way.\n\nAnyone with more expertise than me care to investigate? Is it possible that the build process from F-Droid got compromised?",
  "title": "AfWall 4.0.2 F-Droid build flagged as malicious"
}