ldc2-1.22.0-windows-multilib.7z: Trojan detection for libcurl.dll #3472
Comments
|
Thanks, that's at least a bit more info than in #3448. The VirusTotal results are here (retriggered, McAfee didn't detect anything when the file was firstly scanned about a month ago IIRC): https://www.virustotal.com/gui/file/5b965af2d2df7f290addb855a4f8a8da06849104d04045b83756b231af81f029/detection That DLL has been built on my box. |
|
I've temporarily enabled Windows defender to scan the file (+ a quick scan for my system), no hits (although VirusTotal reports 'Microsoft' complaining). Anyway, it's exactly the same file bundled with v1.21. The 32-bit version was also built on my box using the same official source some seconds after building the 64-bit version. So as far as I can tell, just another false positive. |
|
FYI: DMD had a lot of these messages in the past as well. I'm sure the DLF would be okay with sharing access to the certificate (VisualD uses it too). Though, it's quite a pain to work with as it's not easy to integrate into CIs and Martin Nowak had fun times integrating it in the D release pipeline (see e.g. dlang/installer#339). |
|
Interestingly there seems to be no positives on virustotal for the libcurl.dlls provided with DMD (32 or 64-bit version) but about 23/67 positives for the versions (32 and 64-bit) provided with LDC. None of the four dlls are signed. Maybe the solution is to use the builds or build settings from DMD . |
|
@kinke AFAICT the libcurl.dll files are prebuilt and don't change too often. Would it be feasible to sign them manually (I could do that as part of bundling them with Visual D) and put these into the releases? |
|
To be perfectly honest, I hate having to deal with workarounds for crappy anti-virus stuff, unless someone can actually show I've indeed been spreading malware via one of the last few artifacts built on my personal box. If anyone wants to try to reproduce, the steps are listed in #3378. If the upstream builds work fine, I guess we could simply reuse them; IIRC, you're using a MinGW toolchain, while I'm using MSVC plus making sure it can be linked statically (incl. linking fine with the MinGW-based libs, and no MSVCRT dependencies for the DLL...). |
|
McAfee Endpoint Security is fine with Thank you. |
|
Great - the libcurl.dll files are exactly the same as bundled since v1.21... ;) |
|
@kinke Thanks. |
|
I'm now also troubled by Windows Defender removing libcurl.dll while building the Visual D installer that bundles LDC. This seems to have started within the last couple of days. |
|
The issue is also occurring for me again. In the meantime I also send a sample to McAfee for further investigations but never received an answer. |
I guess so, but I would obviously prefer my libs if given a choice. ;) |
|
@rainers: The new libs linked above don't seem to have these issues. https://github.com/ldc-developers/mingw-w64-libs/releases/download/v8.0.0/libcurl-7.74.0-zlib-static-ipv6-sspi-schannel.7z |
|
Thanks @kinke. No problems anymore when adding these files to LDC 1.24 and building the bundling installer. |
|
Yes, McAfee is fine with curl dll files from 1.25.0 beta1. Thank you! |
This is to make you aware McAfee Endpoint Security reports in archive ldc2-1.22.0-windows-multilib.7z a trojan
RDN/Generic.dxin lib/libcurl.dll and lib64/libcurl.dll.The text was updated successfully, but these errors were encountered: