Kaspersky is envious, or: Which Weidu version shall we use?

[Kulyok]

http://www.shsforums.net/index.php?showtopic=38877
(and this one http://forums.gibberlings3.net/index.php?showtopic=16687)

- Maybe it's Weidu-related?

I checked Weidu 208, and here's what Virus Total gives:
http://www.virustotal.com/analisis/05ba0c70c5f518a454890cd5287566f1
(14 false positives)

Weidu 210:
http://www.virustotal.com/analisis/6aa08ba91a72d3d2ecf68d09743c579e
(1 false positive = almost nothing)

I think I'll go and replace my Weidu 208's with 210's. Posting this, because obviously there was something in Weidu 208(and it's missing in Weidu 210), something antivirus software is taking for a virus.

[the bigg]

Meh, I don't even have a bullshit dispenser antivirus, because the harm is greater than the gain. Since WeiDU uses upx for compressing the executable (3 MB to 400 kB), it's entirely possible that a random signature is generated in the compressed section.

[Kulyok]

Sigh. I'll do the updates sometime this weekend, then. Here's hoping that evil corporate people won't touch small helpless Weidu again with their wicked software.

[jcompton]

Usually the AV companies are responsive to "hey this is a false positive" report--and I notice in the Studios thread that Kaspersky fessed up but AVG didn't, which is intriguing. I too was getting hits on WeiDU 208 from AVG in the past week, but have been a little too wrapped up in my own hradksik krash problems to deal with the report, I'm afraid.

[GeN1e]

Well, I fully share bigg's opinion - AVs are bad.

[Kulyok]

Hey, folks,

I just got a report from avg.com - yes, it was a false positive. (I sent them our RE_v4.exe file, archived, with a note it's an unofficial expansion for Baldur's Gate - not that it matters).

[jcompton]

I sent out a few false positive reports and got "oops! our mistake!" responses from Avira and Ikarus (although I sent the report to Emsi, so I guess they're the same company, or partners, or some such.)

It had been my idea to go down the entire list, but I admit that I got bored, as well as annoyed by the submission schemes which required you to stick the file in a password-protected archive, so I didn't nail them all. Hopefully the news will filter downstream.

[the bigg]

It had been my idea to go down the entire list, but I admit that I got bored, as well as annoyed by the submission schemes which required you to stick the file in a password-protected archive, so I didn't nail them all. Hopefully the news will filter downstream.

I guess they need the passworded archive to avoid a random antivirus-enabled mail server/client/whatever from detecting and blocking the email.

[jcompton]

I guess they need the passworded archive to avoid a random antivirus-enabled mail server/client/whatever from detecting and blocking the email.

Yeah, I know--but it doesn't speak very well to the flexibility of their product if they can't designate a single inbox as "do not scan." Especially when competitors do precisely that, or have Web-based upload interfaces.

[the bigg]

Yeah, I know--but it doesn't speak very well to the flexibility of their product if they can't designate a single inbox as "do not scan." Especially when competitors do precisely that, or have Web-based upload interfaces.

Heh. There's still the risk that your SMTP server scans for outgoing viruses (especially if you're at University).

[jcompton]

Ah, good point. A lot of consumer AV has outgoing mail scanners, for that matter. Well, anyway, that only further makes the case for a Web interface (or anonymous FTP, or whatever.)

Anyway, I'm glad it all turned out to be a false alarm. There was an instance years and years ago where Wes somehow put out an infected version of one mod. (early version of Tactics? I can't remember.)