[BUG] Suspicious.Cloud warning from LWJGL3 since Nightly Build #25

Started by SilverTiger, December 06, 2014, 10:50:43

Previous topic - Next topic

SilverTiger

Today I downloaded nightly build #25 and extracted the zip.
Norton Internet Security immediately showed a Suspicious.Cloud warning from native/windows/x86/lwjgl.dll and removed that file.

When I download the stable build this won't happen.
Of course I could tell Norton to ignore that file and I have no problem with that, but it could be bothersome for new users of LWJGL3 or when distributing an application with that file.

spasi

This is a false positive, probably because the dll is unsigned. Thanks for letting us know.

SilverTiger

Just wanted to give an update on this:
In the current release version 3.0.0a and the stable version lwjgl32.dll get blocked and removed by Norton Auto-Protect because it detects Trojan.Gen.SMH.2 in it.
Starting to hate Norton for these false positives...

But for the current nightly release (Nightly #49) this issue seems to be fixed.

SHC

I'm not entirely sure, but sometimes ESET NOD32 removed UPXed executables saying it's a trojan but it is a false positive. I tested the same file with Avast, AVG and also Kaspersky and found nothing.

msx

Hi there, i had some users report the malware alert too. Can you confirm it's a false positive, or were the files really infected i 3.0.0a? What changed in the nightly build that it no longer trigger the alert?

Please let us know asap. I'd rather not get users suspicious of the software :)

spasi

I have scanned the dlls locally and online (virustotal), there's nothing suspicious except generic trojan warnings with Norton and HouseCall; everything else passes. The most likely reason is the binary compression we do with upx. The only thing that has changed in the nightly is the inclusion of stb, which is a lot of additional code. This probably affects whatever shitty heuristics Norton/HouseCall use.

In general, everything in LWJGL is built from source, we don't use pre-built binaries. This is the github account that is used for that. Linux and OS X binaries are built on Travis-CI, Windows binaries on a TeamCity server hosted by us. The only other thing that may affect a Windows binary would be the Visual Studio compiler and UPX, both have been downloaded from official sources.

Please do let us know if the issue persists. Even though this is a false positive (and I personally believe that anti-virus/spyware/whatever software is more malware than actual malware), we'll have to find a solution.