News:

Simutrans Tools
Know our tools that can help you to create add-ons, install and customize Simutrans.

Simutrans-Exp 9.12 download detected as probable virus

Started by merry, July 23, 2011, 10:18:06 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

merry

July 23, 2011, 10:18:06 AM Last Edit: July 23, 2011, 10:27:08 AM by merry
Hi guys,

Thought it was high time to try out Simutrans-Experimental.
On downloading 9.12 as a windows binary, my antivirus package trapped it as 'probably unknown NewHeur_PE virus'.

[edit 1125 23/7/11]
Also, the 'complete' combined download is trapped the same by ESET. I will look into the ESET end of things but it seem sto be trapping the executable bit. Hmm.
[/edit]
I'm using ESET, which has not trapped a legitimate download in the last 4 or 5 years that I've used it. It is particularly renowned for detecting virus activity early.
Now, this could be a false positive - they happen, after all - but it would be the first in a long time.
But I'm also wondering if the github source might have been compromised?

Any chance James (or whoever) could check this out?
I will of course see if I can work around it.

I'd rather not self-compile; whilst I could, it's a pain for a non-developer. Have to download no end of stuff to achieve that.



Thanks guys for any help you can give.

vilvoh

#1
July 23, 2011, 09:09:26 PM
It works for me, I'm using Win 7 with ClamAV - Inmunet 3.0 and there's no warning or false positive.

Escala Real...a blog about Simutrans in Spanish...

Junna

#2
July 24, 2011, 08:02:54 AM
I've mentioned this before (and I also have NOD32), and this is indeed a false positive. Temporarily disable the anti-virus as you download and extract, and ignore the random pop-ups from time to time referring to the exe (IIRC it also happens with Simutrans standard, though I might remember wrongly, was a while since I downloaded any standard). This has happened since v. 110 was first introduced.

vilvoh

#3
July 24, 2011, 10:17:20 AM
Maybe it's something related with the new multiplayer features, as antivirus programs usually check that kind of actions.

Escala Real...a blog about Simutrans in Spanish...

prissi

#4
July 24, 2011, 06:54:32 PM
Many programs using IPv6 and Winsock2 are detected as virusses, when they do not use MFC but are rather drawing stuff themselves without DirectX ...

merry

#5
July 25, 2011, 01:47:40 PM
Thanks for confirming my suspicions folks!
Obviously my previous downloads haven't included the relevant 'suspicious' libraries.
Still like NOD32 for the speed & smoothness. Just have to work-around as suggested.
Will let you know if there are any relevant observations when I do.

TTFN
Tom.
Print
Go Up Pages1
User actions