Comments (12)
7zS.sfx is used to create Windows executable that can extract their own contents in a temporary folder: it's used in GDevelop to create single-exe games on Windows. Probably ClamAV considered it to be a trojan because trojans often extract themselves using a similar method... You can delete the file if you want but compilation as a single executable won't work if you're on Windows (for other OS, it is unavailable in all cases).
By the way I was considering removing this feature because it is broken when a custom icon is used, and it is a windows only feature.
from gdevelop.
You mean those self-extracting .exe ? I really don't understand why those even exist, considering compressed archives exist for much the same role. On Linux, I use 7zip to extract those .exe easily, no Windows needed. I don't see much reason to make it an .exe instead of a .zip or, better yet, a .7z (best compression). Many of the major commercial games have plenty of .exe in the game directories, with no problem. I would be more concerned that Kaspersky defined a specific Trojan that somehow shows as being detected in a FOSS project.
Let's just say it's bad publicity, and could keep some from using it. I've heard far too many Windows users/gamers just stereotypically label Linux users in general as "hackers". It's true that I wouldn't want such people (Windows idiots) making a game for anyone, but it may still drive people away from the games competent Windows developers make, especially if their own virus-detection systems find it. That's my advice anyway.
from gdevelop.
Maybe user expectations have now changed, but as the time first versions of GDevelop was released, having a feature to package a game in a single executable was hugely asked by the community. 😄
Maybe at this time it was usual to distribute games, especially small ones, as a single executable without requiring the user to decompress the file somewhere.
A developer shouldn't underestimate how players of his game can be reluctant to even decompress a simple 7z file. ;)
That was the rationale behind this :)
But well, things have changed and now with HTML5 games it's totally different and I guess removing this feature won't be a big deal and will avoid bad publicity as you said.
from gdevelop.
Hey, if it might have some demand, and you think it might be worth keeping, then maybe there are other ways to automatically extract things. On Linux there are bash scripts to do it, and on Windows there are all those equivalent batch files and scripting languages to do it. You can even use one of the more popular (although not universal) scripting languages like Python or Lua to do it. I've even seen some games include a 7zip.exe with a game to extract things, since it's relatively small compared to many of the other game files. I'm sure there are other ways too.
All that matters is that no part of the code or compiled data shows up as malware of any type. It doesn't really matter how it's done. I have many Windows self-extracting .exe and none of them show up as Trojans or any malware.
from gdevelop.
7zS.sfx is the 7-zip module to create auto-extractable applications. ;)
2015-03-16 22:10 GMT+01:00 MajorLunaC [email protected]:
Hey, if it might have some demand, and you think it might be worth
keeping, then maybe there are other ways to automatically extract things.
On Linux there are bash scripts to do it, and on Windows there are all
those equivalent batch files and scripting languages to do it. You can even
use one of the more popular (although not universal) scripting languages
like Python or Lua to do it. I've even seen some games include a 7zip.exe
with a game to extract things, since it's relatively small compared to many
of the other game files. I'm sure there are other ways too.All that matters is that no part of the code or compiled data shows up as
malware of any type. It doesn't really matter how it's done.—
Reply to this email directly or view it on GitHub
#88 (comment).
Victor LEVASSEUR
[email protected]
from gdevelop.
I was wondering about that name. Meaning I have to talk to them to find out why this is happening. I'll report back when I find out about it.
from gdevelop.
Thanks! :)
from gdevelop.
No, there likely IS a Trojan imbedded in your code. That's the only conclusion I can come up with, because the following do NOT contain any malware when scanned:
http://sourceforge.net/projects/sevenzip/files/7-Zip/9.38/
7z938.exe
It includes 7z.sfx and 7zCon.sfx (scanned individually). My question is, where did you even get the code for 7zS.sfx, because I can't seem to find it anywhere on 7zip or p7zip sourceforge except in the Discussion? Can you use the newer versions of 7zip with the slightly different names?
from gdevelop.
Stay calm, there is no trojan here ;)
Probably a false positive: https://www.virustotal.com/en/file/1d01426765735f18f920668ffbfd4047f1fbf216a18691010236166d747a7117/analysis/1426554550/
It's unlikely that the file contains a trojan with all the antivirus but 2 stating it's safe 😃 But it's still an issue I agree :). The 7zS.sfx file comes from the official 7zip, from 7zip extra package precisely. I can't remember the exact version from which I got it when I created the feature, but just check by yourself by downloading the extra package: http://sourceforge.net/projects/sevenzip/files/7-Zip/9.20/7z920_extra.7z/download
There is in this package a 7zS.sfx file. It's a newer version, but it still trigger one false positive by the way: https://www.virustotal.com/en/file/998f55c1b61be2c7e0c5f11673b03c36bd7bb941273fcf956caa1b746c08178f/analysis/
Maybe the file is not distributed anymore with 7zip or/and was replaced by an alternative in the very latest version , but I don't think 7zip guys distributed a trojan at any time. 😃
from gdevelop.
Yeah that virustotal thing is weird. That either means it's a false positive, or that all but 1 or 2 virus scanners suck, lol. I don't really know. All I can recommend is update the 7zip module used sometime. It's not unheard of for open-source repositories to be hacked into, and the older versions are less noticed or reviewed.
It says version 9.20 in that url. It's only 5 years old, and apparently someone linked directly to it by the number of downloads per week.
from gdevelop.
If it's ok for you, you can close the issue and I'll try to update the file in a next release :)
from gdevelop.
Ok with me!
from gdevelop.
Related Issues (20)
- Tiled Sprite Randomization Feature (Randomized Rotation and Offset combined with blending) a la Construct 3's r321 update. HOT 2
- Limitation in Physics Engine Speed HOT 1
- Simpler way to center origin sprite point HOT 3
- Add sorting for assets bin HOT 1
- Snapping objects in editor
- Corrupted value in Scene editor's tooltip right after instance deletion HOT 1
- Fullscreen Detection broken HOT 4
- Adding the ability to specify Cordova and NPM plugin parameters in extension dependencies HOT 1
- Platformer Deacceleration shows the wrong tooltip HOT 1
- High-Speed Collision Detection Limitation HOT 3
- Crash while using an editor
- Toggle switches don't work in 5.3.196 HOT 2
- User Interface Sound Effects
- "Preload as" toggles for audio files in the Resources Panel do not behave the same as the "Preload as" event actions. HOT 1
- Crash while using an editor
- Crash while using an editor
- Electron 18.x.y has reached end-of-support
- Text related actions and conditions suggest objects that are not concerned
- [5-5.3.200 bug] (PLATFORMER OBJECT) is on platform (PLATFORM OBJECT) condition no longer works HOT 1
- Top-down Tanks Redux - Kenney
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gdevelop.