Author Topic: The 30 August 2014 build (9884) is out.  (Read 41214 times)

Offline RomanV

  • Single posting newcomer
  • *
  • Posts: 4
Re: The 30 August 2014 build (9884) is out.
« Reply #30 on: September 09, 2014, 03:10:42 pm »
BTW I submitted this build to VirusTotal. See the result:
https://www.virustotal.com/en/file/b187b0b7cf24dc67740f5e8d844bd0d43e6f81ecf7590a6630b9a0cf2b4d39bc/analysis/1410267798/

So it's clean. Strange, but even Avast shows it as clean. While on desktop Avast (with latest updates) shows:
Infection blocked

    URL
    hxxp://softlayer-dal.dl.sourceforge.net/project/codeblocks/Binaries/Nightlies/2014/CB_20140830_rev9884_win32.7z|CbLauncher.exe

    Infection
    Win32:Evo-gen [Susp]


Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #31 on: September 09, 2014, 03:30:00 pm »
Hello White-Tiger

Quote
And false positives don't disappear by the first report, to have a false positive to disappear a lot of people have to report it. Why should the AV company trust the first one to report it? Why should it really be a false positive? You only know if you've got enough data.

If you report a false positive detection you also have the podibility to upload the effacted file. Thats how I did it.

Best regards,
                   Eckard.

PS.: How ever, I miss in this discussion the comments of the developers and/or the forum admin. Even if I accept, that I have to do the report and upload for my av-software, I still think an own sub-forum to post information about this for other users would be a great help for all of us.

Offline White-Tiger

  • Multiple posting newcomer
  • *
  • Posts: 83
Re: The 30 August 2014 build (9884) is out.
« Reply #32 on: September 09, 2014, 04:54:25 pm »
[...]
So it's clean. Strange, but even Avast shows it as clean. While on desktop Avast (with latest updates) shows:
Infection blocked
[...]
well... avast! doesn't just do some on-access scan as most simple and free AV's do, it also checks HTTP,SMTP, etc. traffic and intercepts things before they even arrive on your HDD / PC
And I guess it's basically blocking the URL... so if you had the file on your local PC, it wouldn't even complain...

It's actually weird that it behaves this differently... and it looks like the traffic filter isn't up-to-date^^

Anyway, did you try to manually check for updates for avast!? Maybe you're even using an older version :P VirusTotal is kinda up-to-date in that regard
Windoze 8.1 x86_64 16GiB RAM, wxWidgets-2.8x (latest,trunk), MinGW-builds (latest, posix-threads)
Code::Blocks (x86 , latest , selection length patch , build option fixes/additions , toggle comments)

Offline oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12125
    • Travis build status
Re: The 30 August 2014 build (9884) is out.
« Reply #33 on: September 09, 2014, 06:55:02 pm »
PS.: How ever, I miss in this discussion the comments of the developers and/or the forum admin.
You've asked for it: I wouldn't have bothered to do this even if I was using windows... I'm not so I can't care less.

If you don't trust us, then build everything from the sources...
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]

Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #34 on: September 09, 2014, 09:18:49 pm »
Hello Developers.

Quote
If you don't trust us, then build everything from the sources...

For me this is not question of trusting your work. If I would not trust you I would not user Code::Blocks.  Don't ask me why av-tools detect C::B parts as potential viruses. Furthermore if you report them the "false positive" with an upload of the binary detected as suspicious, they agree that it was a "false positive" and set it on their white-list until they start to search for a new virus that behaves like a part of C::B. Then you get the next "false positive" and a new report has to be done.

Even this is a never ending story, we have to deal with it and this means when ever a "false positive" detection occures, somebody has to report it and share the report as well as the result with the community. The reason why I ask for a sub-forum is, that this makes it easier for the useres to share information about reporting "fasle positive" detections. If we the user have to do it, it would be extremly helpful to know if sombody already has done it for a specific detection-case and for a specific av-tool. An other advantage may be that this gives us the chance to collect some historical data. Symantec offers the posibility to add some additional information. Thus I noted down all available ticket-numbers I found here in the forum associated with cblauncher in the hope to animate them to find a more longlasting solution.

I don't want to blame you for the fact that av-tools detect C::B bianries as suspicious. My intention is to help you and other useres to deal in a constuctive way with this wrong detections.

Best regards,
                   Eckard.


Offline oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12125
    • Travis build status
Re: The 30 August 2014 build (9884) is out.
« Reply #35 on: September 10, 2014, 01:09:47 am »
I don't see that much demand for a sub-forum, you can start a topic about this and if people start posting in it then we can pin it at the top.

Also, keep in mind that past experiences have shown that most users fail to find what they need (either without even searching for it or either because the forum's search functionality is not very good) and instead start a new topic at a random sub-forum.
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]

Offline RomanV

  • Single posting newcomer
  • *
  • Posts: 4
Re: The 30 August 2014 build (9884) is out.
« Reply #36 on: September 10, 2014, 08:29:03 am »
well... avast! doesn't just do some on-access scan as most simple and free AV's do, it also checks HTTP,SMTP, etc. traffic and intercepts things before they even arrive on your HDD / PC
And I guess it's basically blocking the URL... so if you had the file on your local PC, it wouldn't even complain...

It's actually weird that it behaves this differently... and it looks like the traffic filter isn't up-to-date^^

Anyway, did you try to manually check for updates for avast!? Maybe you're even using an older version :P VirusTotal is kinda up-to-date in that regard
Did you read my message? I said I was using Avast with latest updates (program updates and virus definitions). The result is not only because of traffic interception. I turned off live shield of Avast. downloaded build's file (it was saved on my drive). Then I turned on shield. So I got the same message from Avast.

I repeat: I think it's false positive.
In reality what I did: it decided the following: I skip this build. I will wait for another build. That's all. Because I don't have time to find out how to turn off this Avast false positive. I should disable something in Avast heuristics I guess. But it may be useful in some situations. So I will wait to the next build.

And I think developers of Code::Blocks do not have to spend their time and submit nightly builds to different virus check sites. Nightly build - as it's said "nightly build". Cautious users must use "yearly" build or something. And for these rare build maybe virus check makes sense. But it's not the case for nightly builds. It's better to spend more time on development of new features or issue corrections.

Offline eckard_klotz

  • Almost regular
  • **
  • Posts: 150
Re: The 30 August 2014 build (9884) is out.
« Reply #37 on: September 11, 2014, 11:59:05 am »
Hello Everybody.

Just to bring it to an end (or better temporary end):

I don't want to stress the points who has to do what and why any more since I learned in the last days that this is not really helpful as long as it does not result into a constructive solution. But pleas allow me to post the what I was able to do to solve my current anti virus problem just as an example for others and I hope that this is what all others expect from me if they write about things which are not the job of the project but by the users.

  • Like RomanV and other users I have an anti virus software on my computer (in my case Norton 360 from Symantec) that detected a part of Code::Blocks as suspicious. Like other users I use Code::Blocks on other systems  also and I have no problems there. Thus I think it is a false positive detection.
  • My anti virus software provider offers me to report this, what contains the possibility to upload the involved files to let it test. Once the test from my provider is passed, the file will be set on a white list and will not be detected as being a specific virus.
  • As I posted in this nightly discussion, I did this and I've got the agree from my anti virus software provider, that the file is really clean. Furthermore they updated their detection profiles. Yesterday evening I started a complete system scan and I've got no false positive detection associated with a part of Code::Blocks any more.

What did I learn:

  • The only way to solve a false positive detection is to report it. Otherwise the anti virus software provide will not know about. If a project like Code::Blocks is not able to upload every nightly on Websites of every anti virus software, it should be plausible that the provider of an anti virus software is not able to react on every nightly or other releases of every open-source-project in the world. 
  • Even you may have the impression that heuristic scan-procedures are not really intelligent, you have to face the fact that this kind of scan-procedures is used nearly by all modern anti virus programs. The reason is that this procedure seems to be the best compromise between speed and quality of detection, what not means that the quality is the very best.

    But at the end you have to decide between 2 evils:
    • On the one side you may have a security system you have to maintain together with its provider.
    • On the other side you may have an wide open system for all kind of shit or an totally closed one by disabling really everything.
  • As far as I know now heuristic scan means to observe only some aspects of every file and to compare it with known viruses.
     What looks like a known virus and behaves like a known virus is a virus as long as nobody proves that it is not a virus.
    Unfortunately today's virus developers use the look and feel of already existing programs to mask their bad software. The result is, with every new virus, that is using a part of Code::Blocks as camouflage, we got a new false positive detection.
  • Since Code::Blocks is not the only affected project you can imagine that the number of false positive reports may be as high as the number of posts in this forum (or higher). And even they try to atomize a lot of actions,  it may  need some more communication between the reporter and the anti virus software provider. I started to report my current case in August and until some days ago it took 12 mails and 3 reports to solve the problem (what may be an other argument for the project, that this is better done by single persons out side of the project. But it may  an argument to have a central place to share this information to minimize this effort also).
  • The discussion shows, that we can not expect from the developers some support in this special point. Most of them didn't react and the one who did made clear that this can not be the job of the project. Even that this fits not with my personal proposals, I think we have to accept this. Since Code::Blocks is a project run by volunteers which have founded this great project to publish this IDE with out expecting some revenue, I can understand that they don't see it as their responsibility to solve problems caused by criminals (where I'm talking about those who developed the viruses and not about the anti virus software providers).

RomanV, you decided to wait for the next nightly. As long nobody reports the false positive to your anti virus software provider this will not help you. Since your scanner does not detect a real infection of a file but only an alikeness with an infected one. This alikeness is part of the strategy used by the developer of a real virus to mask his bad software. Thus the best you can do, is finding out how you can report the false positive detection together with an upload of the file detected as suspicious. If you don't do it, who else should.

Best regards,
                  Eckard.

PS.: Dear Code::Blocks team. For some reasons I have the feeling that stressing this special problem is not really welcome what I can understand. Thus please accept my apologize if my posts may contain  unreasonable expectations or something like this. This was not my intention.
 

Offline cacb

  • Regular
  • ***
  • Posts: 399
Re: The 30 August 2014 build (9884) is out.
« Reply #38 on: September 14, 2014, 12:17:37 pm »
Based on Jens' source tarball found here , I have successfully built this Nightly (svn9884) under raspbian for the Raspberry PI. It took around 14 hours to complete, but it worked  :) It seems to me that this nightly runs faster than the old nightly that I got from someone else in January. I have not found up to date builds of C::B for raspbian elsewhere.

I'd be willing to upload the binaries to some place where others can access it, assuming that I don't break any rules by doing that. Please advice if you are interested.


Offline edison

  • Multiple posting newcomer
  • *
  • Posts: 53
Re: The 30 August 2014 build (9884) is out.
« Reply #39 on: September 15, 2014, 06:20:51 pm »
LLVM Clang does not support -mwindows any more, so please update the switch of GUI Application in options_clang.xml:

from:
value="$linker $libdirs -o $exe_output $link_objects $link_resobjects $link_options $libs -mwindows"/>

to:
value="$linker $libdirs -o $exe_output $link_objects $link_resobjects $link_options $libs -Wl,--subsystem,windows"/>
« Last Edit: September 15, 2014, 07:51:00 pm by edison »

Offline oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12125
    • Travis build status
Re: The 30 August 2014 build (9884) is out.
« Reply #40 on: September 15, 2014, 09:23:11 pm »
Patch?
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]

Offline edison

  • Multiple posting newcomer
  • *
  • Posts: 53
Re: The 30 August 2014 build (9884) is out.
« Reply #41 on: September 16, 2014, 02:08:55 am »
Patch?

Sorry, I dont how to make a patch(I am a rookie here), but the file is locale here:
src\devel\share\CodeBlocks\compilers\options_clang.xml

The content need to change is in line 188.

update:
src\plugins\compilergcc\options_clang.xml
« Last Edit: September 16, 2014, 02:40:16 pm by edison »

Offline oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12125
    • Travis build status
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]

Offline edison

  • Multiple posting newcomer
  • *
  • Posts: 53
Re: The 30 August 2014 build (9884) is out.
« Reply #43 on: September 16, 2014, 03:22:50 pm »
http://wiki.codeblocks.org/index.php?title=Creating_a_patch_to_submit_to_BerliOS_%28Patch_Tracker%29

I don't know how to use svn ... :

Quote
G:\cb_svn\src\plugins\compilergcc\resources\compilers>svn add options_clang.xml
svn: warning: W150002: 'G:\cb_svn\src\plugins\compilergcc\resources\compilers\op
tions_clang.xml' is already under version control
svn: E200009: Could not add all targets because some targets are already version
ed
svn: E200009: Illegal target for the requested operation

Offline ollydbg

  • Developer
  • Lives here!
  • *****
  • Posts: 5247
  • OpenCV and Robotics
    • Chinese OpenCV forum moderator
Re: The 30 August 2014 build (9884) is out.
« Reply #44 on: September 16, 2014, 03:51:05 pm »
http://wiki.codeblocks.org/index.php?title=Creating_a_patch_to_submit_to_BerliOS_%28Patch_Tracker%29

I don't know how to use svn ... :

Quote
G:\cb_svn\src\plugins\compilergcc\resources\compilers>svn add options_clang.xml
svn: warning: W150002: 'G:\cb_svn\src\plugins\compilergcc\resources\compilers\op
tions_clang.xml' is already under version control
svn: E200009: Could not add all targets because some targets are already version
ed
svn: E200009: Illegal target for the requested operation
I think running the command "svn diff > my.patch" should be enough to create the patch file.
If some piece of memory should be reused, turn them to variables (or const variables).
If some piece of operations should be reused, turn them to functions.
If they happened together, then turn them to classes.