Bug 12187 – VisualD-v0.3.37.exe on DSource falsely reports as virus

Didn't know where to put this, but I thought I'd let you know. Report is below. Note that I do *not* get a report on github.../D-Programming-Language/../VisualD-v0.3.37.exe (although apparently the files are the same according to hash) Also, scanning the exe with 36 scanners at VirScan.org shows nothing. -------------------- WARNING: ProxyAV has detected a virus/PUS in this file! File has been dropped. ProxyAV Administrator: unknown 2014-02-17 01:11:38+00:00UTC Hardware serial number: 2609081007 ProxyAV (Version 3.5.1.1(111017)) - http://www.BlueCoat.com/ Antivirus Vendor: Sophos, Plc. Scan Engine Version: 3.50.1 Pattern File Version: 4.97.6308063.959295994 (Timestamp: 2014/02/16 19:24:00) Machine name: bv08aztmpe Machine IP address: 151.151.108.136 Server: 208.78.103.206 Client: 113.1.19.123 Protocol: ICAP Virus/PUS: "Mal/EncPk-XF" found! URL: hxxp://www.dsource.org/projects/visuald/browser/downloads/VisualD-v0.3.37.exe?format=raw&FixForIE=.exe

The false alarms were raised after I added file monitoring to find linker dependencies. This uses DLL injection, a technique probably also used by viruses. I have tried to disuise this functionality a bit and the installer now passes most checkers. Try it with beta4: https://github.com/D-Programming-Language/visuald/releases/tag/v0.3.38beta4

Even our sketchy web proxy thinks this file is OK =] Note, though; I didn't have issues with .37 on github; only the one linked on DSource. The top search result for 'VisualD' is http://www.dsource.org/projects/visuald That page points to http://www.dsource.org/projects/visuald/browser/downloads/VisualD-v0.3.37.exe?format=raw&FixForIE=.exe That was the only file I had a false report with.

Visual D now built with MS runtime, not the DigitalMars runtime which seems more often falsely flagged. Try https://github.com/dlang/visuald/releases/tag/v0.46.0