From 2c0c310408c2aab993dadd2a45cfa8182d479a04 Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Fri, 13 Feb 2026 02:54:10 +0000
Subject: [PATCH] docs(RELEASE.md): add section about dealing with antivirus
 false positives

---
 RELEASE.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/RELEASE.md b/RELEASE.md
index 58f7c8be1f..c0bf4d87d9 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -22,6 +22,23 @@ For example, to release version 1.116.0 of the core, do the following steps.
 
 9. Create a GitHub release: `gh release create v1.116.0 --notes ''`.
 
+10. Once the binaries are generated and published, check Windows binaries for false positive detections at [VirusTotal]. Either upload the binaries directly or submit a direct link to the artifact. You can use [old browsers interface](https://www.virustotal.com/old-browsers/) if there are problems with using the default website. If you submit a direct link and get to the page saying "No security vendors flagged this URL as malicious", it does not mean that the file itself is not detected. You need to go to the "details" tab and click on the SHA-256 hash in the "Body SHA-256" section. If any false positive is detected, open an issue to track removing it. See <https://github.com/chatmail/core/issues/7847> for an example of false positive detection issue. If there is a false positive "Microsoft" detection, mark the issue as a blocker.
+
+[VirusTotal]: https://www.virustotal.com/
+
+## Dealing with antivirus false positives
+
+If Windows release is incorrectly detected by some antivirus, submit requests to remove detection.
+
+"Microsoft" antivirus is built in Windows and will break user setups so removing its detection should be highest priority.
+To submit false positive to Microsoft, go to <https://www.microsoft.com/en-us/wdsi/filesubmission> and select "Submit file as a ... Software developer" option.
+
+False positive contacts for other vendors can be found at <https://docs.virustotal.com/docs/false-positive-contacts>.
+Not all of them may be up to date, so check the links below first.
+Previously we successfully used the following contacts:
+- [ESET-NOD32](mailto:samples@eset.com)
+- [Symantec](https://symsubmit.symantec.com/)
+
 ## Dealing with failed releases
 
 Once you make a GitHub release,