• Eric Suen (7/7) Dec 10 2007 Hi,
• Daniel Keep (5/17) Dec 10 2007 I can confirm the above results with DMD 1.023 and the following program...
• Alexander Panek (5/10) Dec 10 2007 'Tis the new bloody hello.world virus!1 Take cover!
• Eric Suen (4/20) Dec 10 2007 So, what is that suppose to means, it was reported by mistake
• novice2 (2/6) Dec 10 2007 imho, you should write complain email to authors of Ikarus and Prevx, so...
• Robert Fraser (3/13) Dec 10 2007 I'd say go to the source. Complain to the authors of the Warezov virus
• Walter Bright (3/11) Dec 10 2007 Since dmd generated executables don't have self-modifying code in them,
• Eric Suen (9/20) Dec 11 2007 This is really embarrassing situation, what if a hacker write a
• Matti Niemenmaa (16/34) Dec 11 2007 Bull. As a test, I compiled the following two programs using DMC:
• Eric Suen (13/19) Dec 11 2007 Then how do you explain it to your client?
• David Wilson (5/26) Dec 11 2007 In the time you have spent arguing about this you could probably have
• Eric Suen (7/40) Dec 11 2007 crow over can make D language popular, do you means to using D language
• David Wilson (30/40) Dec 11 2007 Your problem is not that the compiler is generating syntactically
• Robert Fraser (7/10) Dec 11 2007 I don't have much idea of what I'm talking about, but I can say that
• Yigal Chripun (11/22) Dec 11 2007 I can't argue with your first point, however, regarding the second
• Alexander Panek (11/13) Dec 12 2007 Even though it is out of context: I haven't ever found a need for a
• Derek Parnell (6/20) Dec 12 2007 I'm guessing you don't have teenage sons?
• Walter Bright (3/4) Dec 13 2007 The best defense there is give them their own computer, and periodically...
• Derek Parnell (7/12) Dec 13 2007 LOL ... That is exactly what I did. He now has a much better machine tha...
• Daniel Keep (13/23) Dec 13 2007 Careful. WoW is like a cancer. First, it starts by eating up your
• Bruce Adams (2/11) Dec 13 2007 Memetic viruses are the worst sort.
• Robert Fraser (6/21) Dec 12 2007 I agree that for users like us, malware scanners aren't too useful.
• David Wilson (35/56) Dec 13 2007 I often make a point of removing virus checkers / "security suites"
• Bruce Adams (14/25) Dec 13 2007 That is only one method of infection.
• David Wilson (18/24) Dec 11 2007 You could isolate the offending segment in the file by a simple
• Walter Bright (3/4) Dec 13 2007 I cannot fix a problem DMD doesn't have. It's the virus scanner that has...
• Walter Bright (6/7) Dec 13 2007 I'd tell them that Digital Mars has been distributing dmc for 7 years to...
• Walter Bright (7/10) Dec 13 2007 "Suspicious archive structure" ?? It's an ordinary, freakin' zip file!
• 0ffh (7/7) Dec 11 2007 That topic should be:
• Gregor Richards (3/16) Dec 11 2007 You expect random Internet users to know better? Hah!
• 0ffh (4/5) Dec 11 2007 There you just see what kind of positive and optimistic

"Eric Suen" <eric.suen.tech gmail.com> writes:

Hi,

Any exe generated by dmd 1.024 unable pass Virus and Malware scan

by http://www.virustotal.com/, it report:

Ikarus T3.1.1.12 2007.12.10 MalwareScope.Worm.Warezov.3
Prevx1 V2        2007.12.10 Heuristic: Suspicious Self Modifying File

anyone has same issue, or there are something wrong on my computer?

Eric

Daniel Keep <daniel.keep.lists gmail.com> writes:

Eric Suen wrote:
 Hi,
 
 Any exe generated by dmd 1.024 unable pass Virus and Malware scan
 
 by http://www.virustotal.com/, it report:
 
 Ikarus T3.1.1.12 2007.12.10 MalwareScope.Worm.Warezov.3
 Prevx1 V2        2007.12.10 Heuristic: Suspicious Self Modifying File
 
 anyone has same issue, or there are something wrong on my computer?
 
 Eric

I can confirm the above results with DMD 1.023 and the following program:

import std.stdio;
void main() { writefln("Hello, World!"); }

	-- Daniel

Alexander Panek <alexander.panek brainsware.org> writes:

On Mon, 10 Dec 2007 20:51:08 +1100
Daniel Keep <daniel.keep.lists gmail.com> wrote:

 I can confirm the above results with DMD 1.023 and the following
 program:
 
 import std.stdio;
 void main() { writefln("Hello, World!"); }

'Tis the new bloody hello.world virus!1 Take cover!

-- 
Alexander Panek <alexander.panek brainsware.org>

"Eric Suen" <eric.suen.tech gmail.com> writes:

 Hi,

 Any exe generated by dmd 1.024 unable pass Virus and Malware scan

 by http://www.virustotal.com/, it report:

 Ikarus T3.1.1.12 2007.12.10 MalwareScope.Worm.Warezov.3
 Prevx1 V2        2007.12.10 Heuristic: Suspicious Self Modifying File

 anyone has same issue, or there are something wrong on my computer?

 Eric

 I can confirm the above results with DMD 1.023 and the following program:

 import std.stdio;
 void main() { writefln("Hello, World!"); }

 -- Daniel

  So, what is that suppose to means, it was reported by mistake
or dmd has problem? I really don't want my program be treated as
Malware, or all programs write by D be treated as Malware...

Eric

novice2 <sorry noem.ail> writes:

Eric Suen Wrote:

 Ikarus T3.1.1.12 2007.12.10 MalwareScope.Worm.Warezov.3
 Prevx1 V2        2007.12.10 Heuristic: Suspicious Self Modifying File



   So, what is that suppose to means, it was reported by mistake
 or dmd has problem? I really don't want my program be treated as


imho, you should write complain email to authors of Ikarus and Prevx, so they
can fix their inaccurate signatures and "heuristic". imho, this is normal
situation. i so such problem for other antivir products and for other file
types (even non-exe). even i hope you can see that problem desappeared without
your actions after some time period after some antivir bases updates.

Robert Fraser <fraserofthenight gmail.com> writes:

novice2 wrote:
 Eric Suen Wrote:
 
 Ikarus T3.1.1.12 2007.12.10 MalwareScope.Worm.Warezov.3
 Prevx1 V2        2007.12.10 Heuristic: Suspicious Self Modifying File



 
   So, what is that suppose to means, it was reported by mistake
 or dmd has problem? I really don't want my program be treated as

 
 
 imho, you should write complain email to authors of Ikarus and Prevx, so they
can fix their inaccurate signatures and "heuristic". imho, this is normal
situation. i so such problem for other antivir products and for other file
types (even non-exe). even i hope you can see that problem desappeared without
your actions after some time period after some antivir bases updates.

I'd say go to the source. Complain to the authors of the Warezov virus 
and tell them to change their code or not write their malware in D.

Walter Bright <newshound1 digitalmars.com> writes:

Eric Suen wrote:
 Any exe generated by dmd 1.024 unable pass Virus and Malware scan
 
 by http://www.virustotal.com/, it report:
 
 Ikarus T3.1.1.12 2007.12.10 MalwareScope.Worm.Warezov.3
 Prevx1 V2        2007.12.10 Heuristic: Suspicious Self Modifying File
 
 anyone has same issue, or there are something wrong on my computer?


Since dmd generated executables don't have self-modifying code in them, 
the scanners are buggy.

"Eric Suen" <eric.suen.tech gmail.com> writes:

"Walter Bright"
 Eric Suen wrote:
 Any exe generated by dmd 1.024 unable pass Virus and Malware scan

 by http://www.virustotal.com/, it report:

 Ikarus T3.1.1.12 2007.12.10 MalwareScope.Worm.Warezov.3
 Prevx1 V2        2007.12.10 Heuristic: Suspicious Self Modifying File

 anyone has same issue, or there are something wrong on my computer?


 Since dmd generated executables don't have self-modifying code in them, the 
 scanners are buggy.

  This is really embarrassing situation, what if a hacker write a
real Malware using D language and using this as excuse? Because
now this is not the problem of one program, this is about all the
exe generated by dmd have the same problem. In the end it will
harm the D language itself...

This is the report of the dmc.zip has the same problem...

http://www.virustotal.com/resultado.html?f20046857b1831dc0d559116ada684d7

Eric 

Matti Niemenmaa <see_signature for.real.address> writes:

Eric Suen wrote:
 "Walter Bright"
 Eric Suen wrote:
 Any exe generated by dmd 1.024 unable pass Virus and Malware scan
 
 by http://www.virustotal.com/, it report:
 
 Ikarus T3.1.1.12 2007.12.10 MalwareScope.Worm.Warezov.3 Prevx1 V2 
 2007.12.10 Heuristic: Suspicious Self Modifying File
 
 anyone has same issue, or there are something wrong on my computer?

 
 Since dmd generated executables don't have self-modifying code in them, the
  scanners are buggy.

 
 This is really embarrassing situation, what if a hacker write a real Malware 
 using D language and using this as excuse? Because now this is not the 
 problem of one program, this is about all the exe generated by dmd have the 
 same problem. In the end it will harm the D language itself...

Bull. As a test, I compiled the following two programs using DMC:

C program:
	main(){printf("Hello, world!\n");}
C++ program:
	#include <iostream>
	main(){std::cout << "Hello, world!\n" << std::endl;}

Both give the same results at virustotal.com. (
http://www.virustotal.com/resultado.html?7cea308e6efc369ecce29f36643cb026 and
http://www.virustotal.com/resultado.html?d4a22dc322ff2b90da03bbf9d8fe8ee7 )

Are C and C++ "harmed" because two virus scanners (and not even the better ones,
like Kaspersky) don't like the code a specific compiler produces? I don't think
so.

If you want to perform a manual analysis of the generated asm to make sure it
doesn't do anything malicious, feel free. I won't bother.

-- 
E-mail address: matti.niemenmaa+news, domain is iki (DOT) fi

"Eric Suen" <eric.suen.tech gmail.com> writes:

 Are C and C++ "harmed" because two virus scanners (and not even the better 
 ones,
 like Kaspersky) don't like the code a specific compiler produces? I don't 
 think so.

Because most C and C++ are compiled using vc,gcc or others, not dmc...
Beside C and C++ are mantained by a standard not a person...

 If you want to perform a manual analysis of the generated asm to make sure it
 doesn't do anything malicious, feel free. I won't bother.

Then how do you explain it to your client?

from:
http://www.alexa.com/data/details/traffic_details/prevx.com
http://www.alexa.com/data/details/traffic_details/digitalmars.com

Seems the people using prevx are much more than the people using dmc or dmd,
and my program is for these kinds of user, not the one like you who can
analysis asm.

Is there anyone using D language write freeware/commercial program, will
the software download site like: download.com/softpedia.com mark it as
clean software or whatever?

Eric

"David Wilson" <dw botanicus.net> writes:

On 12/11/07, Eric Suen <eric.suen.tech gmail.com> wrote:
 Are C and C++ "harmed" because two virus scanners (and not even the better
 ones,
 like Kaspersky) don't like the code a specific compiler produces? I don't
 think so.

 Because most C and C++ are compiled using vc,gcc or others, not dmc...
 Beside C and C++ are mantained by a standard not a person...

 If you want to perform a manual analysis of the generated asm to make sure it
 doesn't do anything malicious, feel free. I won't bother.

 Then how do you explain it to your client?

 from:
 http://www.alexa.com/data/details/traffic_details/prevx.com
 http://www.alexa.com/data/details/traffic_details/digitalmars.com

 Seems the people using prevx are much more than the people using dmc or dmd,
 and my program is for these kinds of user, not the one like you who can
 analysis asm.

 Is there anyone using D language write freeware/commercial program, will
 the software download site like: download.com/softpedia.com mark it as
 clean software or whatever?

In the time you have spent arguing about this you could probably have
had a 5-byte binary diff to cure the behaviour, that could be applied
as part of the build. It's not hard.


David.

 Eric

"Eric Suen" <eric.suen.tech gmail.com> writes:

"David Wilson"
 On 12/11/07, Eric Suen <eric.suen.tech gmail.com> wrote:
 Are C and C++ "harmed" because two virus scanners (and not even the better
 ones,
 like Kaspersky) don't like the code a specific compiler produces? I don't
 think so.

 Because most C and C++ are compiled using vc,gcc or others, not dmc...
 Beside C and C++ are mantained by a standard not a person...

 If you want to perform a manual analysis of the generated asm to make sure 
 it
 doesn't do anything malicious, feel free. I won't bother.

 Then how do you explain it to your client?

 from:
 http://www.alexa.com/data/details/traffic_details/prevx.com
 http://www.alexa.com/data/details/traffic_details/digitalmars.com

 Seems the people using prevx are much more than the people using dmc or dmd,
 and my program is for these kinds of user, not the one like you who can
 analysis asm.

 Is there anyone using D language write freeware/commercial program, will
 the software download site like: download.com/softpedia.com mark it as
 clean software or whatever?

 In the time you have spent arguing about this you could probably have
 had a 5-byte binary diff to cure the behaviour, that could be applied
 as part of the build. It's not hard.


 David.

 Eric


crow over can make D language popular, do you means to using D language
I have to learn analysis asm first, then do what you so called "had a
5-byte binary diff to cure the behaviour"? I'm just a Java programmer
want port my java program to D.

Anyway, will the next version DMD fix this problem? or I have to learn ASM now?

Eric

"David Wilson" <dw botanicus.net> writes:

On 12/11/07, Eric Suen <eric.suen.tech gmail.com> wrote:

 "David Wilson"

 In the time you have spent arguing about this you could probably have
 had a 5-byte binary diff to cure the behaviour, that could be applied
 as part of the build. It's not hard.


 crow over can make D language popular, do you means to using D language
 I have to learn analysis asm first, then do what you so called "had a
 5-byte binary diff to cure the behaviour"? I'm just a Java programmer
 want port my java program to D.

Your problem is not that the compiler is generating syntactically
invalid executables, because it isn't. Your problem is that your
client is using a vendor of snake oil for producing their network.

Fix your client, by telling them to use a more reputable vendor (I'd
suggest Symantec if they insist on using something as 20th century as
a virus scanner), or fix the vendor, by reporting the *bug in their
scanner* to them, but fixing D makes no sense at all.


Signature-based virus checkers have always had false positives like
this. The companies have a habit of putting any old crap in their
databases, including as a wild example, some example PHP code I wrote
in 2002 demonstrating how you can use the MySQL libraries to get
around safe mode (this was absolutely *not* a virus).

The effect of that was a DDoS against my old e-mail address by
Microsoft Exchange installations all over the world (yes I am still
bitter), claiming my original message contained a virus. Posting a
message to Bugtraq containg code which some idiot adds to his idiot
vendor's database was patently not my fault, and I certainly shouldn't
have been the one to fix the problem. I had to abandon that e-mail
address as a result. If I could have afforded it, I may have been able
to taken action against the company in question.

Similar to so much else in the computer security industry, virus
checkers are somewhat reactionary snake oil. Trying to make them
proactive results in incredibly generic signatures such as the second
one you are seeing matching your D binary.

Also like so much else in the security industry, this entire class of
software would be rendered effectively useless if people spent more
time thinking about robust software and secure software
configurations. Modifying D to not match this cowboy virus checker
would be a step backwards in that respect.


 Anyway, will the next version DMD fix this problem? or I have to learn ASM now?

 Eric

Robert Fraser <fraserofthenight gmail.com> writes:

David Wilson wrote:
 (I'd
 suggest Symantec if they insist on using something as 20th century as
 a virus scanner)

I don't have much idea of what I'm talking about, but I can say that
a) Symantec products are generally considered terrible
b) Virus scanners are very useful in th modern world; when did they ever 
stop being so?
c) This stuff matters to clients, whom are more likely to trust a virus 
scanner than a software developer.

Yigal Chripun <yigal100 gmail.com> writes:

Robert Fraser wrote:
 David Wilson wrote:
 (I'd
 suggest Symantec if they insist on using something as 20th century as
 a virus scanner)

 
 I don't have much idea of what I'm talking about, but I can say that
 a) Symantec products are generally considered terrible
 b) Virus scanners are very useful in th modern world; when did they ever 
 stop being so?
 c) This stuff matters to clients, whom are more likely to trust a virus 
 scanner than a software developer.

I can't argue with your first point, however, regarding the second 
point: for people who use a (more) secure computer environment a virus 
scanner is indeed something from the 20th century. like the saying goes 
- "An ounce of prevention is worth a pound of cure".

simply put in terms of secure systems: bsd variants >= linux >> windows.
and from what David wrote in his post he doesn't have a windows 
installation.

I for one await the truly secure systems of the future (which can be 
proven to be secure). take a look at coyotos.org for such an effort.

--Yigal

Alexander Panek <alexander.panek brainsware.org> writes:

On Tue, 11 Dec 2007 13:35:47 -0800
Robert Fraser <fraserofthenight gmail.com> wrote:

 b) Virus scanners are very useful in th modern world; when did they
 ever stop being so?

Even though it is out of context: I  haven't ever found a need for a
"virus" scanner (the word virus in this context is hilarious) apart
from the time where I was searching for cracks for games using IE 5 on
Windows 98 when I was a kid.

Point being: don't use malware or software that enables malware by
default. Then you also don't need resource-sucking software like
virus/malware scanners.

-- 
Alexander Panek <alexander.panek brainsware.org>

Derek Parnell <derek psych.ward> writes:

On Wed, 12 Dec 2007 10:09:07 +0100, Alexander Panek wrote:

 On Tue, 11 Dec 2007 13:35:47 -0800
 Robert Fraser <fraserofthenight gmail.com> wrote:
 
 b) Virus scanners are very useful in th modern world; when did they
 ever stop being so?

 
 Even though it is out of context: I  haven't ever found a need for a
 "virus" scanner (the word virus in this context is hilarious) apart
 from the time where I was searching for cracks for games using IE 5 on
 Windows 98 when I was a kid.
 
 Point being: don't use malware or software that enables malware by
 default. Then you also don't need resource-sucking software like
 virus/malware scanners.

I'm guessing you don't have teenage sons?

-- 
Derek Parnell
Melbourne, Australia
skype: derek.j.parnell

Walter Bright <newshound1 digitalmars.com> writes:

Derek Parnell wrote:
 I'm guessing you don't have teenage sons?

The best defense there is give them their own computer, and periodically 
wipe the disk and reinstall on it. Never let them use your computer <g>.

Derek Parnell <derek psych.ward> writes:

On Thu, 13 Dec 2007 14:08:19 -0800, Walter Bright wrote:

 Derek Parnell wrote:
 I'm guessing you don't have teenage sons?

 
 The best defense there is give them their own computer, and periodically 
 wipe the disk and reinstall on it. Never let them use your computer <g>.

LOL ... That is exactly what I did. He now has a much better machine that I
have ... something to do with WoW.

-- 
Derek Parnell
Melbourne, Australia
skype: derek.j.parnell

Daniel Keep <daniel.keep.lists gmail.com> writes:

Derek Parnell wrote:
 On Thu, 13 Dec 2007 14:08:19 -0800, Walter Bright wrote:
 
 Derek Parnell wrote:
 I'm guessing you don't have teenage sons?

 The best defense there is give them their own computer, and periodically 
 wipe the disk and reinstall on it. Never let them use your computer <g>.

 
 LOL ... That is exactly what I did. He now has a much better machine that I
 have ... something to do with WoW.
 

Careful.  WoW is like a cancer.  First, it starts by eating up your
internet bandwidth.  Then it starts consuming you cash monies by way of
continual upgrades, building ever more powerful machines to keep pace
with the increasingly complex and resource-hungry UI modifications.

Before you know it, he's living off Coke and Pizza, raiding at 3 AM to
keep up with the Yanks in the guild.  His every waking moment will be
seen through a third-person stylised lens.  Coffee will confer a buff,
your wrath is nothing but an elite mob to be trained onto his little
brother.  His life will revolve around getting ploot and rep farming.

It will eat him alive.

Not that I... y'know... know from personal experience or anything...

	-- Daniel (who totally doesn't have a dozen characters)

"Bruce Adams" <tortoise_74 yeah.who.co.uk> writes:

On Thu, 13 Dec 2007 22:24:10 -0000, Derek Parnell <derek psych.ward> wrote:

 On Thu, 13 Dec 2007 14:08:19 -0800, Walter Bright wrote:

 Derek Parnell wrote:
 I'm guessing you don't have teenage sons?

 The best defense there is give them their own computer, and periodically
 wipe the disk and reinstall on it. Never let them use your computer <g>.

 LOL ... That is exactly what I did. He now has a much better machine  
 that I
 have ... something to do with WoW.

Memetic viruses are the worst sort.

Robert Fraser <fraserofthenight gmail.com> writes:

Alexander Panek wrote:
 On Tue, 11 Dec 2007 13:35:47 -0800
 Robert Fraser <fraserofthenight gmail.com> wrote:
 
 b) Virus scanners are very useful in th modern world; when did they
 ever stop being so?

 
 Even though it is out of context: I  haven't ever found a need for a
 "virus" scanner (the word virus in this context is hilarious) apart
 from the time where I was searching for cracks for games using IE 5 on
 Windows 98 when I was a kid.
 
 Point being: don't use malware or software that enables malware by
 default. Then you also don't need resource-sucking software like
 virus/malware scanners.
 

I agree that for users like us, malware scanners aren't too useful. 
However, there are a lot of people out there who would still open that 
mysterious attachment called "that document you requested.exe", which 
still makes a scanner useful both for ens users and for system 
administrators as a first line of defense.

"David Wilson" <dw botanicus.net> writes:

On 12/12/07, Robert Fraser <fraserofthenight gmail.com> wrote:
 Alexander Panek wrote:
 On Tue, 11 Dec 2007 13:35:47 -0800
 Robert Fraser <fraserofthenight gmail.com> wrote:

 b) Virus scanners are very useful in th modern world; when did they
 ever stop being so?

 Even though it is out of context: I  haven't ever found a need for a
 "virus" scanner (the word virus in this context is hilarious) apart
 from the time where I was searching for cracks for games using IE 5 on
 Windows 98 when I was a kid.

 Point being: don't use malware or software that enables malware by
 default. Then you also don't need resource-sucking software like
 virus/malware scanners.

 I agree that for users like us, malware scanners aren't too useful.
 However, there are a lot of people out there who would still open that
 mysterious attachment called "that document you requested.exe", which
 still makes a scanner useful both for ens users and for system
 administrators as a first line of defense.

I often make a point of removing virus checkers / "security suites"
from people's computers when I'm asked to fix a problem. The resulting
lack of "PORT SCAN PORT 123!!!!" and "DONT FORGET TO REGISTER!!z0r!!"
pop-ups gives the end user more wellbeing than the virus checker ever
could.

For any time where I would have use of a virus checker in the past 7
years, the virus checker has been unable to quarantine, among others,
Nimda and Slammer, for which a specialist tool was required. Even
trivial malware these days know how to disable, suspend, or otherwise
thwart the operation of popular virus checkers. For example, certain
products have (at least in the past) waited on a named global event to
allow the uninstaller to signal time to shut down if the user chooses
to uninstall. It is trivial (3 lines of code trivial) with the Windows
API to signal such an event.

For the cases where the virus checker could still run successfully,
the malware was not fully removed because the virus checker was unable
to detect every copy of it (I believe it's possible to lock a file or
process up on Windows such that it becomes effectively inaccessible
except to itself - for example, some software will start a "debugger"
on itself such that no other process can use that API. The filesystem
can apparently be similarly tricked).

For more structured environments, Windows has supported locking down
executed code by md5sum or Authenticode since at least Windows 2000.

As another example, a certain free checker, Clam-AV for Windows, has
no form of mandatory access control or on-demand scanning. It happily
sticks a little system tray applet on your machine that makes it look
like a scanner is in operation. Actually it pretty much does nothing.

Again - virus checkers are often reactionary snake oil that help
nobody. Even the free stuff like Spybot S&D often does a better job of
fixing the kinds of problem most users come across when they catch an
infection. The places where this isn't true are places that are less
affected by the lead-time required for an AV vendor to put out a
useful update - mail servers for example.


David.

"Bruce Adams" <tortoise_74 yeah.who.co.uk> writes:

On Wed, 12 Dec 2007 09:09:07 -0000, Alexander Panek  
<alexander.panek brainsware.org> wrote:

 On Tue, 11 Dec 2007 13:35:47 -0800
 Robert Fraser <fraserofthenight gmail.com> wrote:

 b) Virus scanners are very useful in th modern world; when did they
 ever stop being so?

 Even though it is out of context: I  haven't ever found a need for a
 "virus" scanner (the word virus in this context is hilarious) apart
 from the time where I was searching for cracks for games using IE 5 on
 Windows 98 when I was a kid.

 Point being: don't use malware or software that enables malware by
 default. Then you also don't need resource-sucking software like
 virus/malware scanners.

That is only one method of infection.
There are plenty of viruses (and hackers) that scan for open ports and
exploit bugs like buffer over-runs to get in. The hackers and viruses may
be ahead of your security patches, though M$ are getting better at that.
Once something has got in you need to know about it. Its all very well  
having
skin (firewall) to protect us from bugs in the real world but we need an  
immune
system (malware scanner) as well. Its a belt and braces thing.
Of course, on linux your skin is more like a spacesuit so there's less to  
worry
about. Less virus writers and a less flawed security model.

"David Wilson" <dw botanicus.net> writes:

On 12/11/07, Eric Suen <eric.suen.tech gmail.com> wrote:

 crow over can make D language popular, do you means to using D language
 I have to learn analysis asm first, then do what you so called "had a
 5-byte binary diff to cure the behaviour"? I'm just a Java programmer
 want port my java program to D.

 Anyway, will the next version DMD fix this problem? or I have to learn ASM now?

You could isolate the offending segment in the file by a simple
mutation method, say, changing one byte at a time until the offending
scanner does not detect the virus. This implies downloading the
scanner and running at 150,000+ times (or however many bytes are in
the typical minimal D executable).

You could also take a more random approach, changing small but random
sets of bytes in the file until one iteration doesn't set the scanner
off. At that point, you have a small set of regions in the file to
manually scan. At that point, someone here on the newsgroup might be
able to help provide a simple fix for your problem, if you are willing
to isolate the region of the binary that is causing it.

I currently have no Windows installation at all, but once you have the
hex addresses involved, it should be simple enough to trace it back to
either standard library code, or a small chunk of code that might be
patched to provide similar behaviour without matching the offending
pattern.


David.

 Eric

Walter Bright <newshound1 digitalmars.com> writes:

Eric Suen wrote:
 Anyway, will the next version DMD fix this problem?

I cannot fix a problem DMD doesn't have. It's the virus scanner that has 
a bug.

Walter Bright <newshound1 digitalmars.com> writes:

Eric Suen wrote:
 Then how do you explain it to your client?

I'd tell them that Digital Mars has been distributing dmc for 7 years to 
hundreds of thousands of users without a single incident of shipping 
malware. I'd also tell them that 100% of the source code for dmc 
generated executables is available for anyone to examine (if they buy 
the DMC++ CD).

Walter Bright <newshound1 digitalmars.com> writes:

Eric Suen wrote:
 This is the report of the dmc.zip has the same problem...
 
 http://www.virustotal.com/resultado.html?f20046857b1831dc0d559116ada684d7

"Suspicious archive structure" ?? It's an ordinary, freakin' zip file!

This reminds me of the windows exe file compressor that would generate 
crashing exe files from files linked by optlink. For years, people 
emailed me telling me it was a bug in optlink. Turned out, it was a bug 
in the exe compressor. Optlink exe files worked perfectly in all 
versions of Windows.

0ffh <frank frankhirsch.youknow.what.todo.net> writes:

That topic should be:

"Scanner unable to differentiate between malware and exe generated by dmd."

What do you expect passing an executable to THREE DOZEN different scanners?
Of course you will get some false positives, that's only to be expected!

You'll just have to explain to your "users" that those scanners are not
reliable. I expect you to know better than chime in to such nonsense.

regards, frank

Gregor Richards <Richards codu.org> writes:

0ffh wrote:
 
 That topic should be:
 
 "Scanner unable to differentiate between malware and exe generated by dmd."
 
 What do you expect passing an executable to THREE DOZEN different scanners?
 Of course you will get some false positives, that's only to be expected!
 
 You'll just have to explain to your "users" that those scanners are not
 reliable. I expect you to know better than chime in to such nonsense.
 
 regards, frank
 

You expect random Internet users to know better? Hah!

  - Gregor Richards

0ffh <frank frankhirsch.youknow.what.todo.net> writes:

Gregor Richards wrote:
 You expect random Internet users to know better? Hah!

There you just see what kind of positive and optimistic
person I am, just can't help it! =)

regards, frank