Obchod
The Polynomial
Vše Diskuze Snímky obrazovky Obrázky Přenosy Videa Novinky Návody Recenze

The Polynomial

Obchod
Zobrazit statistiky:
Globální achievementy
The Polynomial > Obecné diskuze > Detaily tématu
Ozzie_Warrior 25. srp. 2022 v 2.24
Latest update generating the following alert in BitDefender
libiconv-2.dll - is infected with Gen:Variant.Babar.84225
< >
Zobrazeno 19 z 9 komentářů
dmytryl  [vývojář] 25. srp. 2022 v 5.46 
Yeah someone else reported that yesterday also...

I released a minor update v141 without debug information in the DLLs and at least according to virustotal it is clear in bitdefender now. Was definitely a false positive since debug information that I removed wasn't even executable code or loaded during normal use.

edit: ahh wait, now it's flagging a different DLL, libiconv-2 ? What the hell. I'm pretty confident it's not actual Babar since Babar isn't known for having a Linux version and I do my Windows builds under Linux, not to mention that majority of antiviruses are not flagging anything.
Naposledy upravil dmytryl; 25. srp. 2022 v 6.28
#1
Ozzie_Warrior 25. srp. 2022 v 6.27 
thanks for clearing up
#2
dmytryl  [vývojář] 25. srp. 2022 v 6.33 
May not have cleared it up after all - the other user reported a different library, libintl-8.dll where the positive went away when I removed debug symbols. Seems like libiconv-2 is still getting detected for some reason, though.

I'm pretty confident this can't be Babar because the builds are made under Linux, plus Babar is not known for being cross platform or infecting arbitrary binaries like an old school virus.
#3
dmytryl  [vývojář] 25. srp. 2022 v 7.07 
Curiouser and curiouser: ibintl-8.dll with debug symbols causes this alert, without debug symbols no alert.

But for libiconv-2.dll it is the opposite: with debug symbols, no alert, without debug symbols, alert.

That is particularly ridiculous because the one without debug information is literally a cut down version of the one with. I even verified by making a comparison between the files and finding that the one without debug information didn't have anything added to it, only removed.
#4
Ozzie_Warrior 25. srp. 2022 v 7.53 
maybe just stumbled over the signature - guess this is the difference between signature and behaviour based AV / malware detection
#5
dmytryl  [vývojář] 25. srp. 2022 v 8.07 
Yeah got to be an overly broad signature, or even some "heuristics" where pieces of code can weight positively or negatively towards it being babar. I guess I'll make version 142 now, keeping debug symbols in libiconv-2 but not libintl-8 .

I could probably just remove 32-bit version altogether since almost nobody on Steam uses 32-bit windows any more, but I'd rather keep it since the original release supported 32-bit and I'd rather honor original system requirements.
#6
Ozzie_Warrior 25. srp. 2022 v 9.09 
maybe they're watching :) - its just gone through clear
#7
dmytryl  [vývojář] 25. srp. 2022 v 9.15 
I made another update, version 142 , just now - keeping debug information in libiconv-2 but removing it from libintl-8 .

It's like one guy has to take off the beret to not be mistaken for a french spy, and their co-worker has to wear a beret to not be mistaken for a french spy.
#8
Ozzie_Warrior 27. srp. 2022 v 3.06 
Thanks for taking the time to process this - thank you
:cozybethesda:
#9
< >
Zobrazeno 19 z 9 komentářů
Na stránku: 1530 50

The Polynomial > Obecné diskuze > Detaily tématu
Datum zveřejnění: 25. srp. 2022 v 2.24
Počet příspěvků: 9

Pravidla a pokyny k diskuzím