Comments (7)
I think it must be some debris from the C++ filesystem detection that's not being cleaned:
-rwxrwxr-x 1 build build 287222 Jan 9 03:15 build_ldflags1306077.exe
-rwxrwxr-x 1 build build 287222 Jan 9 03:15 build_ldflags1306085.exe
-rwxrwxr-x 1 build build 287222 Jan 9 03:15 build_ldflags1306094.exe
-rwxrwxr-x 1 build build 287222 Jan 9 03:15 build_ldflags1306109.exe
build_ldflags.pl should probably cleanup after itself.
from z88dk.
I wasn't being entirely serious about stopping building it!
Re-building the container is a pain - mainly gathering up the dependencies - my main concern is that even when it's done, some heuristic will perceive the binaries to be a threat - it seems to be a systemic result of building with mingw which triggers a false positive.
from z88dk.
I went through this with @pauloscustodio a couple of months ago (see https://www.virustotal.com/gui/file/bdd2bbf33af084848a52e48a3978d0154536e588e7629b245949b2348ab35ca9?nocache=1 for a report from back then.
We went through binary by binary:
appmake:
https://www.virustotal.com/gui/file/e60126f3211d19fac2a4f5dc371cb0dab6c9a34cd9c993bd043f592c218b53ab
basck:
https://www.virustotal.com/gui/file/f997efcb17dc1b613f370d0d60d4b78169acebbd9802efe7bbea0a0ea6f242ce
copt:
https://www.virustotal.com/gui/file/44b098ce754ec30acf55c857bf168264056c5329b12ff5d74598805d72458f4e
z88dk-dzx0:
https://www.virustotal.com/gui/file/0d8c3c3485ff5354434f3cff4eee104608817b7379c95d48376a362bf98dc225
z88dk-dzx7:
z88dk-z80nm:
https://www.virustotal.com/gui/file/1ff934dca381188858293493af42ec792ec425e45d76ac00e79c405d3ab24c7c
z88k-fontpv1000:
https://www.virustotal.com/gui/file/0151b131b1ebf10dc3c015114057e9d620563669e85b231f5025a52c417604f7
z80asm:
https://www.virustotal.com/gui/file/479a3ec32385b5594921d11d33c27bb36c070d74e4a1f5deafc381641e6c7697
We concluded that it was just false positives being picked up by ML scanners.
The binaries are cross-compiled using mingw on Linux
from z88dk.
build_ldflags2229334.exe
looks suspicious, as it is not generated by the tool-chain. The original file is build_ldflags.pl
from z88dk.
This has reared its head again - between this and Russian spammers on the forum I'm starting to wonder why I bother.
I've reviewed again, and I can see we have the following:
- Most detections are by relatively unknown checkers
- Most detections are by engines that use ML
- Most detections are ML matches
- The files with the most detections are z88dk-zx0 and z88dk-zx7 which are < 250 lines of code
- Recompiling on my desktop also results in detections (admittedly fewer)
My desktop uses a different version of mingw (nightly is a 9.3 from 2020)
So pulling on that thread, it appears we're not alone:
- https://www.reddit.com/r/Malware/comments/erricw/binaries_generated_by_mingw32_detected_as_trojan/
- https://security.stackexchange.com/questions/229576/program-compiled-with-mingw32-is-reported-as-infected
- Issue 10295 on MINGW-packages
amongst many others.
So, options:
- Discontinue Windows builds
- Upgrade mingw on the build machine and hope that it's not a wasted effort
- Start reporting these false positives to the AV vendors
- Use GitHub to build nightly packages for Visual Studio, upload binaries, let users combine binaries + libraries.
- Only release Windows builds with manually built Visual Studio binaries
- Live with it
from z88dk.
In my opinion, discontinuing Windows builds, or making it more difficult for users is not desirable. I can help on upgrading mingw on the build machine. Ideally we should do it on a clone, to be able to roll-back easily if it does not work as expected. Please let me know.
from z88dk.
I'm new to z88dk and received a similar virus notification. Not having any experience yet with z88dk so I was about to make knee-jerk reaction and remove it, thinking it was some cover for a virus scheme. But instead I was led to this post. I'm glad it was here as a known (and more importantly, unwanted) issue. I just wanted to mention this for context with other new-comers.
Can we just omit or change the implementation of this executable?
from z88dk.
Related Issues (20)
- Link .map files from other builds instead of clib/startup/crt0? HOT 2
- zcc does not process defc files via -g option
- Wav generation issue + potential solution HOT 14
- `libsrc` build system prone to bricking when interrupted HOT 2
- Any type of file IO causes errors with submit.com HOT 15
- (z80asm) wrong representation of 0.0 in -float=zx81
- fwrite hangs depending on buffer size. HOT 5
- Declaring prototype for interrupt handler breaks the handler
- (z80asm) Parse1.c compilation issue for m68k HOT 1
- Far memory support for MSX HOT 11
- [appmake][c128] Capital/Small generated file names HOT 12
- [snap][bug?] How to install the latest z88dk under Ubuntu 21.10? HOT 4
- Compiler and linker hints mess with Eclipse and probably other IDEs HOT 5
- [feature request][devcontainer] No install option HOT 3
- Docker images should be tagged HOT 10
- (z80asm) test fails in SNAPcraft HOT 1
- Merging the lib3d.lib into gfx HOT 16
- Support Tandy-Emeritus
- (z80asm) Pseudo instructions causing trouble HOT 3
- (sccz80) Const initialisation issue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from z88dk.