Question

doctl v1.87.0 for windows is detected as a malware by windows security

Today I attempted to update the doctl in my pc from 1.85.0 to 1.87.0 via scoop. The update process was broken on the package extraction step because the content of the package was detected as Trojan:Script/Wacatac.B!ml

❯ scoop install doctl
Installing 'doctl' (1.87.0) [64bit] from main bucket
Starting download with aria2 ...
Download: Download Results:
Download: gid   |stat|avg speed  |path/URI
Download: ======+====+===========+=======================================================
Download: 5f8f02|OK  |   2.8MiB/s|C:/Users/magelan/scoop/cache/doctl#1.87.0#https_github.com_digitalocean_doctl_releases_download_v1.87.0_doctl-1.87.0-windows-amd64.zip
Download: Status Legend:
Download: (OK):download completed.
Get-Content: C:\Users\magelan\scoop\apps\scoop\current\lib\core.ps1:1173
Line |
1173 |          return Get-Content $file -AsByteStream -TotalCount 8
     |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Operation did not complete successfully because the file contains a virus or potentially unwanted software. :
     | 'C:\Users\magelan\scoop\cache\doctl#1.87.0#https_github.com_digitalocean_doctl_releases_download_v1.87.0_doctl-1.87.0-windows-amd64.zip'
Checking hash of doctl-1.87.0-windows-amd64.zip ... Get-FileHash: C:\Users\magelan\scoop\apps\scoop\current\lib\install.ps1:674
Line |
 674 |      $actual = (Get-FileHash -Path $file -Algorithm $algorithm).Hash.T …
     |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Operation did not complete successfully because the file contains a virus or potentially unwanted software. :
     | 'C:\Users\magelan\scoop\cache\doctl#1.87.0#https_github.com_digitalocean_doctl_releases_download_v1.87.0_doctl-1.87.0-windows-amd64.zip'
InvalidOperation: C:\Users\magelan\scoop\apps\scoop\current\lib\install.ps1:674
Line |
 674 |      $actual = (Get-FileHash -Path $file -Algorithm $algorithm).Hash.T …
     |      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | You cannot call a method on a null-valued expression.
Get-Content: C:\Users\magelan\scoop\apps\scoop\current\lib\core.ps1:1173
Line |
1173 |          return Get-Content $file -AsByteStream -TotalCount 8
     |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Operation did not complete successfully because the file contains a virus or potentially unwanted software. :
     | 'C:\Users\magelan\scoop\cache\doctl#1.87.0#https_github.com_digitalocean_doctl_releases_download_v1.87.0_doctl-1.87.0-windows-amd64.zip'
ERROR Hash check failed!
App:         main/doctl
URL:         https://github.com/digitalocean/doctl/releases/download/v1.87.0/doctl-1.87.0-windows-amd64.zip
First bytes:
Expected:    01506e9987faf47ab52ff028005955818a58c1c696d7b2387f5ef76129ed4fec
Actual:

Please try again or create a new issue by using the following link and paste your console output:
https://github.com/ScoopInstaller/Main/issues/new?title=doctl%401.87.0%3a+hash+check+failed

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Andrew SB
DigitalOcean Employee
DigitalOcean Employee badge
November 17, 2022

The scoop installer is a third-party tool for installing software. Official doctl downloads are available on GitHub:

https://github.com/digitalocean/doctl/releases

We provide checksums that can be used to validate the downloads.

Looking at the error message, 01506e9987faf47ab52ff028005955818a58c1c696d7b2387f5ef76129ed4fec is the correct checksum for the official doctl-1.87.0-windows-amd64.zip release.

Have you opened an issue with the Scoop team?

Please try again or create a new issue by using the following link and paste your console output:
https://github.com/ScoopInstaller/Main/issues/new?title=doctl%401.87.0%3a+hash+check+failed