Author Topic: The 30 August 2014 build (9884) is out.  (Read 41118 times)

Offline jens

  • Administrator
  • Lives here!
  • *****
  • Posts: 7265
    • Jens' unofficial debian-repository for the Code::Blocks - IDE
Re: The 30 August 2014 build (9884) is out.
« Reply #15 on: September 03, 2014, 11:11:31 am »
Avast antivirus is complaining there is a virus/malware in this binary (for Windows).
Search the forum.
My (very personal) opinin:
there is a malware on your system called avast.

Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #16 on: September 03, 2014, 12:44:42 pm »
Hello Everybody.

I use Norton 360 from Symantec as virus-scanner and I can confirm that you get an arlarm with a nightly. And to be honest Roman and I are not the only people facing this problem. If you search through your forum, you will find some more comments around this.

My Norton calls the reason of detection "heuristic" and it is associated with the file "CbLauncher.exe" in the archive "CB_YYYYMMDD_revXXXX_win32.7z". Since this heuristic warning comes with every nightly since I use Norton 360 (end of last year), I replaced date by YYYYMMDD and revision-number by XXXX. I don't realy know, what "heuristic" realy means. But I think it means that the virus-scanner tries to estimate if a program may be a problem. This means not that the programm is realy corrupted but the scanner is not able to exclude the possibility.

Symantec offers to register such cases to avoid detecting trustable programs as a problem on its webside. Therfore I had to give them the associated download location. For some reasons (perhaps a problem between my ears whyle filling the online formular) they where not able to download. I tried to send them some more details but until now they didn't react. If you are intersted, I may send you the content of the emails. Perhaps we find to gether what I did wrong (except sending them a file they deteted as a potential virus).

How ever, in my case the problem is the file "CbLauncher.exe". When I download a nightly at my company, I have no problem since we use an other virus-scanner. Thus I unpack the download there and put it on a stick. In this unpacked state I can transfer it to my computer at home, where "CbLauncher.exe" will be still deleted by my Norton-360. But as I see everyday, for the normal use "CbLauncher.exe" is not neccessary. Thus I would propose to offer "CbLauncher.exe" in an own package as long as this virus-scanner problem is not solved.

Best regards,
Eckard.

Offline SteelRat

  • Multiple posting newcomer
  • *
  • Posts: 45
  • Stainless
Re: The 30 August 2014 build (9884) is out.
« Reply #17 on: September 03, 2014, 02:01:03 pm »
Stupid heuristic analyzer. All anti-viruses are useless shit. Use firewalls and java-script blockers in browsers and you'll never catch a virus.

Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #18 on: September 03, 2014, 05:36:39 pm »
Hello SteelRat.

 ??? Stupid ???

I don't know. If you have to maintain a tool like a virus-scanner it is hard to define exactly that an unknown programm that looks in some parts similar to a virus is not a virus. I think there is no other posibility to register the software (or to let it register) to become the status as known what means trusted software. Since Code::Blocks is an open source project this should be no normaly no problem.

Best regards,
                  Eckard.

Offline SteelRat

  • Multiple posting newcomer
  • *
  • Posts: 45
  • Stainless
Re: The 30 August 2014 build (9884) is out.
« Reply #19 on: September 03, 2014, 05:52:40 pm »
Yep, but it's nightly build, not official release. It does not need to be registered anywhere.

Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #20 on: September 03, 2014, 07:32:13 pm »
Hello SteelRat.

Since Code::Blocks is freeware it has to be registered no where even it is an oficial release.

To register it in a list of an virus-scanner provider as "False Positive detected" means to give him a chance to update his product. Otherwise every user with this virus-scanner may have problems to download a nightly, since it is not posible to download it without the "CbLauncher.exe".

I think today there are good reasons to have a virus-scanner. And I think it is not realy a good idea to skip it since it has problems with only one application.

Regards,
            Eckard.

Offline oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12122
    • Travis build status
Re: The 30 August 2014 build (9884) is out.
« Reply #21 on: September 03, 2014, 10:45:27 pm »
It should work if you remove the line completely from debian/control.
g++ should depend on the correct libstdc++-dev automatically,
and g++ is a dependency of the build-essential-package which is an automatic dependency of the debian build-system.

I don't know if it also works for older revisions of debian-based distro's, but on wheezy it seems to work.
It worked, but it didn't pick the revision number correctly...
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]

Offline RomanV

  • Single posting newcomer
  • *
  • Posts: 4
Re: The 30 August 2014 build (9884) is out.
« Reply #22 on: September 05, 2014, 06:44:33 am »
Avast antivirus is complaining there is a virus/malware in this binary (for Windows).
Search the forum.
My (very personal) opinin:
there is a malware on your system called avast.
I agree. I personally think it's False Positive result of Avast's heuristics. Avast only complained about this build. I usually install all nightly builds. And it was the first time Avast complained about the build.

But Avast itself is not top-level antivirus. I have many friends in IT security field which do not seriously think about Avast.
I posted my initial message because I just wanted other people to know about it to Code::Blocks community. Because I think some other users of Code::Blocks also use Avast and they may encounter the same false positive result of the scan.

Offline White-Tiger

  • Multiple posting newcomer
  • *
  • Posts: 83
Re: The 30 August 2014 build (9884) is out.
« Reply #23 on: September 05, 2014, 01:18:18 pm »
hey... avast! is quite good ;) There aren't that much more AV's that are better (and free)
And what is more important to me then the count of viruses/malware it detects is simply the performance. And avast! is also good with that one. Its features and feeling is quite good ;) (or at least was, it's been a few years since I last used an AV or software firewall)

And complaining about an AV because of false positives is also not a really good idea. They at least increase your security to some point ;) Plus you can easily bypass them if you're really sure everything is ok. Just use your AV right.
It's also the user of the AV who needs to take actions and report that false positive, not the developer of the software. Because you've got the AV, you've got the tools to report the false positive not the dev. (well some offer an online form without using their AV, but others don't. Also, why should a dev really care if only 1 AV got problems he didn't directly cause?)

P.S. avast! doesn't seem to report it anymore: https://www.virustotal.com/en/file/c892433b6092890716e76ee662877eb566ee43fdafc6e821ec9f602364c3f0ce/analysis/1409915475/
Windoze 8.1 x86_64 16GiB RAM, wxWidgets-2.8x (latest,trunk), MinGW-builds (latest, posix-threads)
Code::Blocks (x86 , latest , selection length patch , build option fixes/additions , toggle comments)

Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #24 on: September 07, 2014, 06:32:49 pm »
Hello Everybody.

I agree that the user of the anti virus software has to report the "false positive" detection to his av-scanner provider. But I think it would be helpful if there would be a topic in the forum of code::blocks, that can be used to post information about this. It may be useful, if every kind of anti virus software has its own sub-topic. Other users can see, what is already reported if the reporter posts the ticket-number.

In my case I found in the forum the post http://forums.codeblocks.org/index.php/topic,19182.0.html, where I learned that afb45 already reported a similar "false positive" detection under the ticked number " submission [3491738]" in April. But his detection reported the detection of "Trojan.Gen.SMH" while in my case the "Suspicious.Cloud.7.F" was detected. For some reasons my first report to Symantec under the ticket-number "submission (3590276)" last month was not successful. Thus I reported it new today under the ticket-number "submission (3613580)".

I hope this information is helpful for other users of Symantec which have a similar problem.

Best regards,
                   Eckard.


Offline stahta01

  • Lives here!
  • ****
  • Posts: 6671
    • My Best Post
Re: The 30 August 2014 build (9884) is out.
« Reply #25 on: September 07, 2014, 07:53:06 pm »
Hello Everybody.

I agree that the user of the anti virus software has to report the "false positive" detection to his av-scanner provider. But I think it would be helpful if there would be a topic in the forum of code::blocks, that can be used to post information about this. It may be useful, if every kind of anti virus software has its own sub-topic. Other users can see, what is already reported if the reporter posts the ticket-number.

In my case I found in the forum the post http://forums.codeblocks.org/index.php/topic,19182.0.html, where I learned that afb45 already reported a similar "false positive" detection under the ticked number " submission [3491738]" in April. But his detection reported the detection of "Trojan.Gen.SMH" while in my case the "Suspicious.Cloud.7.F" was detected. For some reasons my first report to Symantec under the ticket-number "submission (3590276)" last month was not successful. Thus I reported it new today under the ticket-number "submission (3613580)".

I hope this information is helpful for other users of Symantec which have a similar problem.

Best regards,
                   Eckard.



I think it would be better to have only a single thread on the subject.
And, have a Wiki page on the subject with sub-pages to the Wikipage as needed.

But, I am NOT a CB Dev; they are the ones to decide.
And, I have forgot the little I learned on doing Wiki pages; so, I have no plans to start a Wiki page.
I would think subpages for each DLL or EXE in CB Blocks would be nice with page sections for each AV.

Tim S.
C Programmer working to learn more about C++ and Git.
On Windows 7 64 bit and Windows 10 32 bit.
On Debian Stretch, compiling CB Trunk against wxWidgets 3.0.
--
When in doubt, read the CB WiKi FAQ. http://wiki.codeblocks.org

Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #26 on: September 08, 2014, 04:04:44 pm »
Hello Everybody.

This time I was successfull. Symantec answered:

Quote
In relation to submission [3613580].

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

   854E5D01E60235E3ACFA0AFAD2AADC36 - cblauncher.exe


The updated detection(s) will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor, why not take part in our whitelisting program?
To participate in this program, please complete the following form: https://submit.symantec.com/whitelist

First of all they agree that this was realy a wrong detection.

But second, they offer a more longlasting posibility to avoid such problems in the futute if you follow the link "https://submit.symantec.com/whitelist" you will reach a dialog that allows you to register Code::Blocks and its components in their white-list. But since this establishes a connection between symantec and the C::B project using this posibility is not the decision of a user it is a decision of the developers.

Thus, dear deveoplers of Code::Blocks please think about. As far as I understand it, with every new virus that behaves in some aspects like a component of Code::Blocks we the user have to report a new wrong detection again. With this offer you have the chance to make Code::Blocks known.

Best regards,
                  Eckard.




Offline oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12122
    • Travis build status
Re: The 30 August 2014 build (9884) is out.
« Reply #27 on: September 08, 2014, 07:12:22 pm »
Bleh... so we'll have to upload every cb release we do to every av software vendor?
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]

Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #28 on: September 09, 2014, 10:43:26 am »
Hello C::B Developers.

Quote
... so we'll have to upload every cb release we do to every av software vendor? ...

Some body has to do. OK, I agree that it is a great effort for the project to inform all possible av software publisher about every new nightly. And it may be easier, if the user is doing this to share this effort. But I still think that this topic should be supported with an own sub-forum to give us useres a central place to share the information, what files and realeases are allready reported to which vendor and with what result.


Best regards,
                  Eckard.

Offline White-Tiger

  • Multiple posting newcomer
  • *
  • Posts: 83
Re: The 30 August 2014 build (9884) is out.
« Reply #29 on: September 09, 2014, 12:54:08 pm »
Actually, uploading it to Google's VirusTotal should be enough :P
One of the benefits of VirusTotal are that results are shared among AV companies. This means if someone detects something but others do not, it's possible for those others to get samples and fix their detection... Well this was meant for non detected viruses, but I'm certain that it might also work with false positives^^

But I don't know how automatic that all works... or if false positives are handled at all... Still maybe better then nothing :P

Otherwise, uploading CB to every AV vendor on every release (nightly or not) can only be done by having it done automated... and even then it requires a lot of time (to upload it) unless you're using a server to do that :P

Anyway, I'm still saying the user is responsible for his AV, and every user should be able to handle false positives anyway or they should use a different AV. It's their PC that has a problem with it ;)

P.S. you'll never know if a report is indeed a false positive ;) Because the developers PC could be corrupted or the upload somehow was.. so best is to use VirtusTotal if unsure and then... well guessing if you want to trust it if only 1 or 2 report it and others don't... could be still infected :P
And false positives don't disappear by the first report, to have a false positive to disappear a lot of people have to report it. Why should the AV company trust the first one to report it? Why should it really be a false positive? You only know if you've got enough data.
I don't even think they'll trust developers blindly, it will just give them a hint.. also note their note about signing the executables... that costs a lot of money which Microsoft wants to receive just to have it signed. So not even near possible for Code::Blocks.
« Last Edit: September 09, 2014, 01:00:32 pm by White-Tiger »
Windoze 8.1 x86_64 16GiB RAM, wxWidgets-2.8x (latest,trunk), MinGW-builds (latest, posix-threads)
Code::Blocks (x86 , latest , selection length patch , build option fixes/additions , toggle comments)