detect particular software is not a trojan or virus

Hi people,

I’m a stupid Windows user and I got a question:
I have a user in my company that uses service to access our corporate network from outside.

This thing generates you a binary you run on your Linux machine, but how could I know this is not a trojan or virus? Any way to check it?

Should I allow such software in my network? This is a source repo - how could I verify it’s integrity?

Thank you!!!

This would be difficult for a binary executable.

Even if it’s run without elevated privileges, and the user account it’s run from has no administrative rights, I’d still be uneasy about allowing it and would first want to run it on an isolated system and try to see what it’s doing.

My point is, you have no way of knowing whether the generated binary is being generated from the same code that’s in the github repo

Yes, you could attempt to dissect what it’s doing with things like wireshark, memory dumps, and process tracking … but I’m guessing that’s a little beyond you ?, I know it is me.

I wouldn’t allow it on a corporate network unless you have the time and knowledge to do these things on an isolated system first … but ath the end of the day it comes down to how paranoid are you ?

I’d say if you even felt the need to ask this question you shouldn’t allow it … it’s unnecessary, and setting up a certificate authenticated VPN tunnel with well known trusted software (openvpn) from the repos would be the way forward.