← Back to index | Original Bugzilla link

Bug 16405 – Trojan Win32/Ipac.B!cl detected on dmd-2.071.1.exe

Status: RESOLVED
Resolution: WORKSFORME
Severity: critical
Priority: P1
Component: tools
Product: D
Version: D2
Platform: x86_64
OS: Windows
Creation time: 2016-08-20T03:01:49Z
Last change time: 2020-03-21T03:56:35Z
Assigned to: No Owner
Creator: Jonathas

Attachments

ID	Filename	Summary	Content-Type	Size
1609	screenshot.png	Windows defender screenshot	image/png	98245
1610	screenshot2.png	After installing it	image/png	136079

Comments

Comment #0 by jdcbranco — 2016-08-20T03:01:49Z

Created attachment 1609 Windows defender screenshot Downloading the DMD compiler version 2.071.1 for Windows triggered my antivirus system. Please run scans on the offered download version of dmd.

Comment #1 by lodovico — 2016-08-20T08:05:38Z

(In reply to Jonathas from comment #0) > Downloading the DMD compiler version 2.071.1 for Windows triggered my > antivirus system. Please run scans on the offered download version of dmd. It's a false positive. It is safe. You can check Martin Novak's signature on it [1]. So the real problem is finding a way to avoid antiviruses from signalling it, as it's definitely not a virus. [1] https://dlang.org/gpg_keys.html

Comment #2 by greeenify — 2016-08-20T11:21:06Z

This has been reported quite often in the NG too: https://forum.dlang.org/thread/[email protected] Code signing has been suggested as a possible solution: https://forum.dlang.org/thread/[email protected]

Comment #3 by jdcbranco — 2016-08-20T23:00:13Z

Created attachment 1610 After installing it I disabled Windows defender and installed, now the antivirus kicks in again complaining about one of the files that the installer deployed, nsis6-ddemangle.exe. Looks like one of the dependencies is infected. My antivirus is trying to remove that file.

Comment #4 by b2.temp — 2016-08-21T02:07:52Z

(In reply to Jonathas from comment #3) > Created attachment 1610 [details] > After installing it > > I disabled Windows defender and installed, now the antivirus kicks in again > complaining about one of the files that the installer deployed, > nsis6-ddemangle.exe. Looks like one of the dependencies is infected. My > antivirus is trying to remove that file. Waiting for a new setup you can do this instead: remove any previous garbages and download the 7z archive: To complete the setup: - unpack the contained folder where you wished to setup. - add the path of the sub-directory named "bin" (the one that contains dmd.exe, ddemangle.exe, etc) to the system PATH.

Comment #5 by dfj1esp02 — 2016-08-22T13:04:40Z

I uploaded the file at https://www.microsoft.com/en-us/security/portal/submission/submit.aspx for online scan with microsoft antivirus and it tells that the file is not detected.

Comment #6 by code — 2016-09-19T11:24:46Z

(In reply to Sobirari Muhomori from comment #5) > I uploaded the file at > https://www.microsoft.com/en-us/security/portal/submission/submit.aspx for > online scan with microsoft antivirus and it tells that the file is not > detected. How did you manage to upload the installer exe that is bigger than 10MB?

Comment #7 by dfj1esp02 — 2016-09-22T14:38:15Z

I uploaded only ddemangle.exe

Comment #8 by dfj1esp02 — 2017-01-31T10:55:48Z

About signing: http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html >Several times AV software blocked Firefox updates But firefox components are all signed.

Comment #9 by dlang-bugzilla — 2017-07-01T10:08:29Z

Is this still a problem? Generally, false positives need to be reported to the antivirus vendor. Reports from end-users are more effective than reports from the software's authors, so generally (aside from code signing, possibly), there is nothing that could be done from D's side. I'll close this for now as the bug is close to being a year old; please reopen if this false positive (Win32/Ipac.B!cl) still affects current releases of DMD.