Security concern about Windows binary (v2.23.0)

[Geogboe]

Describe the bug
Want to first clarify that I believe this is a false positive but still wanted to bring it to the attention of the maintainers. When I tried to download the archive for this via Firefox I got a warning which prompted me to run it through virustotal which is flagging it for a multiple reasons -- all of which I don't fully understand not being familiar with the code.

Here's the report: https://www.virustotal.com/gui/file/be1c45308c479db5d0ef6db49eefdbd41c2dbe543027807909e180b49fec2f0e

Edit: updated description

To Reproduce
NA

Expected behavior
NA

Screenshots
NA

Versions:

• Version: 2.23.0
• OS: NA
• Shell Version: NA

Additional context

Here's what I tested

archive file:
Name: navi-v2.23.0-x86_64-pc-windows-gnu.zip
Size: 2611933 bytes (2550 KiB)
SHA256: 97539b0aa149c60dee1315d90e9339d84fb33ec80311b6d3c85aac07e5f22f22

executable:
Name: navi.exe
Size: 5172488 bytes (5051 KiB)
SHA256: be1c45308c479db5d0ef6db49eefdbd41c2dbe543027807909e180b49fec2f0e

VirusTotal report: https://www.virustotal.com/gui/file/be1c45308c479db5d0ef6db49eefdbd41c2dbe543027807909e180b49fec2f0e

I looked through the code base and build pipeline it looks like upx is being used to compress the binary: https://github.com/denisidoro/navi/actions/runs/7156992883/job/19487333651#step:5:208 and I'm thinking that might be making the bin more suspicious to scanners. I found a similar issue for another rust project: svenstaro/miniserve#1210 (comment) and even a pinned issue for upx itself: upx/upx#437

These are pretty small binaries so I just wonder how much larger it would be without running it through upx and if that would remove some of the warnings?

[welcome]

Thanks for opening your first issue here! In case you're facing a bug, please update navi to the latest version first. Maybe the bug is already solved! :)

[denisidoro]

I can disable upx for Windows :)