Yeah someone else reported that yesterday also...

I released a minor update v141 without debug information in the DLLs and at least according to virustotal it is clear in bitdefender now. Was definitely a false positive since debug information that I removed wasn't even executable code or loaded during normal use.

edit: ahh wait, now it's flagging a different DLL, libiconv-2 ? What the hell. I'm pretty confident it's not actual Babar since Babar isn't known for having a Linux version and I do my Windows builds under Linux, not to mention that majority of antiviruses are not flagging anything.

thanks for clearing up

May not have cleared it up after all - the other user reported a different library, libintl-8.dll where the positive went away when I removed debug symbols. Seems like libiconv-2 is still getting detected for some reason, though.

I'm pretty confident this can't be Babar because the builds are made under Linux, plus Babar is not known for being cross platform or infecting arbitrary binaries like an old school virus.

Curiouser and curiouser: ibintl-8.dll with debug symbols causes this alert, without debug symbols no alert.

But for libiconv-2.dll it is the opposite: with debug symbols, no alert, without debug symbols, alert.

That is particularly ridiculous because the one without debug information is literally a cut down version of the one with. I even verified by making a comparison between the files and finding that the one without debug information didn't have anything added to it, only removed.

maybe just stumbled over the signature - guess this is the difference between signature and behaviour based AV / malware detection

Yeah got to be an overly broad signature, or even some "heuristics" where pieces of code can weight positively or negatively towards it being babar. I guess I'll make version 142 now, keeping debug symbols in libiconv-2 but not libintl-8 .

I could probably just remove 32-bit version altogether since almost nobody on Steam uses 32-bit windows any more, but I'd rather keep it since the original release supported 32-bit and I'd rather honor original system requirements.

maybe they're watching :) - its just gone through clear

I made another update, version 142 , just now - keeping debug information in libiconv-2 but removing it from libintl-8 .

It's like one guy has to take off the beret to not be mistaken for a french spy, and their co-worker has to wear a beret to not be mistaken for a french spy.

Thanks for taking the time to process this - thank you