7zS.sfx detected as Trojan by ClamAV about gdevelop HOT 12 CLOSED

7zS.sfx is used to create Windows executable that can extract their own contents in a temporary folder: it's used in GDevelop to create single-exe games on Windows. Probably ClamAV considered it to be a trojan because trojans often extract themselves using a similar method... You can delete the file if you want but compilation as a single executable won't work if you're on Windows (for other OS, it is unavailable in all cases).

By the way I was considering removing this feature because it is broken when a custom icon is used, and it is a windows only feature.

from gdevelop.

You mean those self-extracting .exe ? I really don't understand why those even exist, considering compressed archives exist for much the same role. On Linux, I use 7zip to extract those .exe easily, no Windows needed. I don't see much reason to make it an .exe instead of a .zip or, better yet, a .7z (best compression). Many of the major commercial games have plenty of .exe in the game directories, with no problem. I would be more concerned that Kaspersky defined a specific Trojan that somehow shows as being detected in a FOSS project.

Let's just say it's bad publicity, and could keep some from using it. I've heard far too many Windows users/gamers just stereotypically label Linux users in general as "hackers". It's true that I wouldn't want such people (Windows idiots) making a game for anyone, but it may still drive people away from the games competent Windows developers make, especially if their own virus-detection systems find it. That's my advice anyway.

from gdevelop.

Maybe user expectations have now changed, but as the time first versions of GDevelop was released, having a feature to package a game in a single executable was hugely asked by the community. 😄
Maybe at this time it was usual to distribute games, especially small ones, as a single executable without requiring the user to decompress the file somewhere.
A developer shouldn't underestimate how players of his game can be reluctant to even decompress a simple 7z file. ;)

That was the rationale behind this :)

But well, things have changed and now with HTML5 games it's totally different and I guess removing this feature won't be a big deal and will avoid bad publicity as you said.

from gdevelop.

Hey, if it might have some demand, and you think it might be worth keeping, then maybe there are other ways to automatically extract things. On Linux there are bash scripts to do it, and on Windows there are all those equivalent batch files and scripting languages to do it. You can even use one of the more popular (although not universal) scripting languages like Python or Lua to do it. I've even seen some games include a 7zip.exe with a game to extract things, since it's relatively small compared to many of the other game files. I'm sure there are other ways too.

All that matters is that no part of the code or compiled data shows up as malware of any type. It doesn't really matter how it's done. I have many Windows self-extracting .exe and none of them show up as Trojans or any malware.

from gdevelop.

7zS.sfx is the 7-zip module to create auto-extractable applications. ;)

2015-03-16 22:10 GMT+01:00 MajorLunaC [email protected]:

Hey, if it might have some demand, and you think it might be worth
keeping, then maybe there are other ways to automatically extract things.
On Linux there are bash scripts to do it, and on Windows there are all
those equivalent batch files and scripting languages to do it. You can even
use one of the more popular (although not universal) scripting languages
like Python or Lua to do it. I've even seen some games include a 7zip.exe
with a game to extract things, since it's relatively small compared to many
of the other game files. I'm sure there are other ways too.

All that matters is that no part of the code or compiled data shows up as
malware of any type. It doesn't really matter how it's done.

—
Reply to this email directly or view it on GitHub
#88 (comment).

Victor LEVASSEUR
[email protected]

from gdevelop.

I was wondering about that name. Meaning I have to talk to them to find out why this is happening. I'll report back when I find out about it.

from gdevelop.

Thanks! :)

from gdevelop.

No, there likely IS a Trojan imbedded in your code. That's the only conclusion I can come up with, because the following do NOT contain any malware when scanned:

http://sourceforge.net/projects/sevenzip/files/7-Zip/9.38/
7z938.exe

It includes 7z.sfx and 7zCon.sfx (scanned individually). My question is, where did you even get the code for 7zS.sfx, because I can't seem to find it anywhere on 7zip or p7zip sourceforge except in the Discussion? Can you use the newer versions of 7zip with the slightly different names?

from gdevelop.

Stay calm, there is no trojan here ;)
Probably a false positive: https://www.virustotal.com/en/file/1d01426765735f18f920668ffbfd4047f1fbf216a18691010236166d747a7117/analysis/1426554550/

It's unlikely that the file contains a trojan with all the antivirus but 2 stating it's safe 😃 But it's still an issue I agree :). The 7zS.sfx file comes from the official 7zip, from 7zip extra package precisely. I can't remember the exact version from which I got it when I created the feature, but just check by yourself by downloading the extra package: http://sourceforge.net/projects/sevenzip/files/7-Zip/9.20/7z920_extra.7z/download

There is in this package a 7zS.sfx file. It's a newer version, but it still trigger one false positive by the way: https://www.virustotal.com/en/file/998f55c1b61be2c7e0c5f11673b03c36bd7bb941273fcf956caa1b746c08178f/analysis/

Maybe the file is not distributed anymore with 7zip or/and was replaced by an alternative in the very latest version , but I don't think 7zip guys distributed a trojan at any time. 😃

from gdevelop.

Yeah that virustotal thing is weird. That either means it's a false positive, or that all but 1 or 2 virus scanners suck, lol. I don't really know. All I can recommend is update the 7zip module used sometime. It's not unheard of for open-source repositories to be hacked into, and the older versions are less noticed or reviewed.

It says version 9.20 in that url. It's only 5 years old, and apparently someone linked directly to it by the number of downloads per week.

from gdevelop.

If it's ok for you, you can close the issue and I'll try to update the file in a next release :)

from gdevelop.

Ok with me!

from gdevelop.