Store Page
The Polynomial
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

The Polynomial

Store Page
View Stats:
Global Achievements
Ozzie_Warrior Aug 25, 2022 @ 2:24am
Latest update generating the following alert in BitDefender
libiconv-2.dll - is infected with Gen:Variant.Babar.84225
< >
Showing 1-9 of 9 comments
dmytryl  [developer] Aug 25, 2022 @ 5:46am 
Yeah someone else reported that yesterday also...

I released a minor update v141 without debug information in the DLLs and at least according to virustotal it is clear in bitdefender now. Was definitely a false positive since debug information that I removed wasn't even executable code or loaded during normal use.

edit: ahh wait, now it's flagging a different DLL, libiconv-2 ? What the hell. I'm pretty confident it's not actual Babar since Babar isn't known for having a Linux version and I do my Windows builds under Linux, not to mention that majority of antiviruses are not flagging anything.
Last edited by dmytryl; Aug 25, 2022 @ 6:28am
#1
Ozzie_Warrior Aug 25, 2022 @ 6:27am 
thanks for clearing up
#2
dmytryl  [developer] Aug 25, 2022 @ 6:33am 
May not have cleared it up after all - the other user reported a different library, libintl-8.dll where the positive went away when I removed debug symbols. Seems like libiconv-2 is still getting detected for some reason, though.

I'm pretty confident this can't be Babar because the builds are made under Linux, plus Babar is not known for being cross platform or infecting arbitrary binaries like an old school virus.
#3
dmytryl  [developer] Aug 25, 2022 @ 7:07am 
Curiouser and curiouser: ibintl-8.dll with debug symbols causes this alert, without debug symbols no alert.

But for libiconv-2.dll it is the opposite: with debug symbols, no alert, without debug symbols, alert.

That is particularly ridiculous because the one without debug information is literally a cut down version of the one with. I even verified by making a comparison between the files and finding that the one without debug information didn't have anything added to it, only removed.
#4
Ozzie_Warrior Aug 25, 2022 @ 7:53am 
maybe just stumbled over the signature - guess this is the difference between signature and behaviour based AV / malware detection
#5
dmytryl  [developer] Aug 25, 2022 @ 8:07am 
Yeah got to be an overly broad signature, or even some "heuristics" where pieces of code can weight positively or negatively towards it being babar. I guess I'll make version 142 now, keeping debug symbols in libiconv-2 but not libintl-8 .

I could probably just remove 32-bit version altogether since almost nobody on Steam uses 32-bit windows any more, but I'd rather keep it since the original release supported 32-bit and I'd rather honor original system requirements.
#6
Ozzie_Warrior Aug 25, 2022 @ 9:09am 
maybe they're watching :) - its just gone through clear
#7
dmytryl  [developer] Aug 25, 2022 @ 9:15am 
I made another update, version 142 , just now - keeping debug information in libiconv-2 but removing it from libintl-8 .

It's like one guy has to take off the beret to not be mistaken for a french spy, and their co-worker has to wear a beret to not be mistaken for a french spy.
#8
Ozzie_Warrior Aug 27, 2022 @ 3:06am 
Thanks for taking the time to process this - thank you
:cozybethesda:
#9
< >
Showing 1-9 of 9 comments
Per page: 1530 50

The Polynomial > General Discussions > Topic Details
Date Posted: Aug 25, 2022 @ 2:24am
Posts: 9

Discussions Rules and Guidelines