When a False Positive Sparks Open‑Source Backlash: The Rise and Fall of Kapitano

In early 2023, developer zynequ released Kapitano , a GTK4/libadwaita front‑end for the command‑line antivirus engine ClamAV, aiming to make virus scanning more accessible to Linux users. The tool simply invokes clamscan and freshclam without altering detection logic.

Shortly after launch, a user named LoucheBear opened an issue on the project's Codeberg page claiming that Kapitano reported 24 malware detections on a Linux Mint system, all of which were actually files belonging to Kapitano’s own Flatpak package. The user warned others not to download the application.

Kapitano’s author responded calmly, linking to a ClamAV wiki page and explaining that the false positives originated from ClamAV itself, not from Kapitano. He highlighted the relevant source‑code functions scan_for_malware and update_malware_definitions, which merely call the underlying ClamAV commands.

The dispute escalated when the same user reopened a new issue and later renamed the thirteenth issue to accuse the developer of malicious behavior. After a series of heated exchanges, zynequ closed the issue and eventually announced that he would cease maintaining Kapitano.

In his termination statement, zynequ noted that the project was a hobby effort released under the Unlicense, that he received no donations, and that personal attacks had drained his motivation. He removed the application from Flathub, kept the Codeberg repository temporarily for possible forking, and planned to delete his Codeberg account.

The incident sparked broader community reflection on platforms such as Hacker News, where participants discussed the emotional toll of open‑source harassment, the responsibility of users to report false detections to upstream maintainers, and the need for greater respect toward volunteer developers.