Kaspersky Endpoint Security 10 flags the DMD installer as malicious!

Seb seb at wilzba.ch
Thu Jul 26 07:25:24 UTC 2018 

On Wednesday, 25 July 2018 at 09:49:54 UTC, Radu wrote:
> On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole 
> wrote:
>> On 25/07/2018 8:27 PM, Rel wrote:
>>> To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
>>> Few other AV software does the same:
>>> https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection
>>> 
>>> 
>>> I think, we should do something about it, at very least report
>>> for false-positive to Kaspersky or something.
>>
>> This is a pretty regular problem for Windows.
>> Until we start signing the executables, it will never end.
>
> It is a very simple thing to do. But the foundation hasn't 
> bothered buying a code signing certificate, even though it is 
> cheap.
>
> Would be nice to hear why they haven't done this yet, 
> considering that just the recurring open collective donations 
> could cover expenses like this.

It's not about paying for the certificate, if that would be all, 
we would have done this long ago!

The problem is to integrate it in our release process and that no 
one involved has much experience with Windows. It doesn't make 
things easier that we run Windows via VirtualBox for the release 
building and the snake oil industry requires a hardware 2FA 
process when signing binaries with their certificate.

Let me quote Martin (our release tzar) from one of the many 
internal mails:

>>>
I can figure this all out, it's again a small but lower-priority 
issue cutting the line though.

After my vacation I'm currently finalizing the highly-available 
code.dlang.org migration.
Next will be migrating ci.dlang.io to Buildkite, then beginning 
the research for use-after-free/alias tracking.

---
Would be great if someone with actual interest in this would take 
care of it completely.

Win binary builds to sign .exe and .dll:
https://github.com/dlang/installer/blob/master/create_dmd_release/create_dmd_release.d#L267-L268
Win installer build:
https://github.com/dlang/installer/blob/e780ad79a1b2721f3c1a3c841bd46a4bd39b37dc/create_dmd_release/build_all.d#L313-L322
Setup script for Win box in case we need to install tools:
https://gist.github.com/MartinNowak/8270666
---

<<<

More information about the Digitalmars-d mailing list