The exe generated by dmd unable pass Malware scan
David Wilson
dw at botanicus.net
Tue Dec 11 06:47:28 PST 2007
On 12/11/07, Eric Suen <eric.suen.tech at gmail.com> wrote:
> "David Wilson"
> > In the time you have spent arguing about this you could probably have
> > had a 5-byte binary diff to cure the behaviour, that could be applied
> > as part of the build. It's not hard.
> crow over can make D language popular, do you means to using D language
> I have to learn analysis asm first, then do what you so called "had a
> 5-byte binary diff to cure the behaviour"? I'm just a Java programmer
> want port my java program to D.
Your problem is not that the compiler is generating syntactically
invalid executables, because it isn't. Your problem is that your
client is using a vendor of snake oil for producing their network.
Fix your client, by telling them to use a more reputable vendor (I'd
suggest Symantec if they insist on using something as 20th century as
a virus scanner), or fix the vendor, by reporting the *bug in their
scanner* to them, but fixing D makes no sense at all.
Signature-based virus checkers have always had false positives like
this. The companies have a habit of putting any old crap in their
databases, including as a wild example, some example PHP code I wrote
in 2002 demonstrating how you can use the MySQL libraries to get
around safe mode (this was absolutely *not* a virus).
The effect of that was a DDoS against my old e-mail address by
Microsoft Exchange installations all over the world (yes I am still
bitter), claiming my original message contained a virus. Posting a
message to Bugtraq containg code which some idiot adds to his idiot
vendor's database was patently not my fault, and I certainly shouldn't
have been the one to fix the problem. I had to abandon that e-mail
address as a result. If I could have afforded it, I may have been able
to taken action against the company in question.
Similar to so much else in the computer security industry, virus
checkers are somewhat reactionary snake oil. Trying to make them
proactive results in incredibly generic signatures such as the second
one you are seeing matching your D binary.
Also like so much else in the security industry, this entire class of
software would be rendered effectively useless if people spent more
time thinking about robust software and secure software
configurations. Modifying D to not match this cowboy virus checker
would be a step backwards in that respect.
>
> Anyway, will the next version DMD fix this problem? or I have to learn ASM now?
>
> Eric
>
>
>
More information about the Digitalmars-d
mailing list