VGA Posted March 23, 2020 Malwarebytes detects midiproc and the setup exe as threats. I scanned the 5.7.1 binaries and it was the same. Same with 5.7. In 5.6.4 only midiproc was detected. I am thinking it may not be a change in Crispy, maybe some recent trojan signature (shared between AVs) triggers the smart-ass heuristics detection. 2 Share this post Link to post
seed Posted March 23, 2020 All of them though? That's the questionable part. And according to a previous post, someone actually got infected... 1 Share this post Link to post
Binarynova Posted March 23, 2020 (edited) Hi all. I made a Doomworld forum account just to reply to this thread after searching to see if anyone else was having this problem. I can confirm that Crispy Doom 5.7.2 not only triggered a warning but Windows Security removed the following infections: Wacatac and Occamy. Edited March 23, 2020 by Binarynova : typos 1 Share this post Link to post
VGA Posted March 23, 2020 (edited) These must be false positives. Specifically, I don't see anything suspicious under a debugger/disassembler in that tiny 16kb midiproc executable. Where the fuck is the "trojan"? Some shared signature between AV software started getting triggered, there is no infection on your systems or on my system or anyone's system who has run Crispy these past few months. I tried the last few releases and it is the same false positives for all, more or less. EDIT: Testing with Malwarebytes, everything is fine up until and including 5.6.3. Then in 5.6.4 is detects only crispy-midiproc.exe as Generic.Malware. And then in newer releases it detects one or two more of the other executables, too. Edited March 23, 2020 by VGA 3 Share this post Link to post
drfrag Posted March 23, 2020 (edited) Windows defender only detects crispy-midiproc as a threat in 5.7.2, until you take actions it keeps "detecting" it when you scan other files. So most likely another false positive. 0 Share this post Link to post
ketmar Posted March 23, 2020 12 hours ago, Zodomaniac said: MinGW stands for Minimalist GCC for Windows, so how can it run on a non-Windows system? no problems. this is how i am building windows version of k8vavoom without having windows installed, for example. 0 Share this post Link to post
ketmar Posted March 23, 2020 (edited) 6 hours ago, seed said: All of them though? yeah. those snake oil providers are known to share "threat databases". 0 Share this post Link to post
fabian Posted March 24, 2020 That's what I suspect as well. That some anti-virus genious considered a windows executable compiled with an ancient MinGW version that listens on non-std file descriptors *must* be a thread - and all the others followed suit. 0 Share this post Link to post
seed Posted March 24, 2020 Uh... but why an ancient version though, lol. And if it is a false-positive, we should be able to report it somehow. 0 Share this post Link to post
drfrag Posted March 24, 2020 Are you sure? I compile with TDM-GCC 5.1 (comes with CodeBlocks IDE) and i had to fix compilation, Crispy and Choco don't compile with such an old gcc version. 0 Share this post Link to post
fabian Posted March 24, 2020 (edited) I am not sure what distro @fraggle has running on his build server, but even Debian oldstable has gcc-6.3.0, which was released December 21, 2016. What did you have to fix, btw? 0 Share this post Link to post
drfrag Posted March 24, 2020 Missing includes for standard C libraries, i could do a PR someday. 1 Share this post Link to post
Kizoky Posted March 24, 2020 imho, I think there's some way to report if there are false positives, atleast back in the days you could do it to Kaspersky 0 Share this post Link to post
seed Posted March 24, 2020 There should be, but I'm unaware of them. Something easier must be in place than sending reports to each AV developer separately... 0 Share this post Link to post
SoDOOManiac Posted March 25, 2020 Is anyone eager to help with introducing PrBoom+like status bar in widescreen mode? I am, but my skills are insufficient... Feel free to commit to the branch https://github.com/fabiangreffrath/crispy-doom/tree/prboom%2Bwidescreen_stbar Issue link where I explain why PrBoom's approach is the only one valid. https://github.com/fabiangreffrath/crispy-doom/issues/553 0 Share this post Link to post
SoDOOManiac Posted March 27, 2020 (edited) I'm almost done, the status bar updates and changes to and from correctly, but filling the buffer with the flat doesn't work for some reason, can anybody help? 0 Share this post Link to post
Lila Feuer Posted March 27, 2020 Windows defender flipped out for me too, even when I bypassed it to download the zip, trying to run the EXE once by itself was fine but upon trying to load or re-add it to ZDL defender flipped out again and deleted the crispy-doom.exe from my computer. So is there an infection or not? It'd be nice if the zip would be updated to fix this if it's a false positive. Otherwise guess I'm not using Crispy Doom in the meantime. 0 Share this post Link to post
drfrag Posted March 27, 2020 Now i get the defender positive with crispy-setup from 5.7.1 and 5.7.2 too, weird. 0 Share this post Link to post
Spowmtom Posted March 28, 2020 (edited) I downloaded the "dangerous" binaries from the autobuilds, which are on an unsecured page. Some shenanigans may have taken place here. Sadly, your binaries probably aren't signed, since I can't seem to find your public GPG signature anywhere. Maybe if you signed them and made your public key public, we could know if some ill intended intermission is the cause of this. Edited March 28, 2020 by Spowmtom 0 Share this post Link to post
seed Posted March 28, 2020 They aren't, and no malicious intent is hiding behind this, but likely a technical error. As for signing the files, that's easier said than done, since signing them is not free (or cheap, for that matter). 0 Share this post Link to post
drfrag Posted March 28, 2020 (edited) I still think it's a false positive but after updating the definitions it's even worse as now i get a positive with setup as well and defender reports a different trojan. IMO @fabian should recompile a release himself manually until this is solved, or @Zodomaniac Personally i use CodeBlocks and TDM-GCC instead of MSYS2 with RUDE. 2 Share this post Link to post
seed Posted March 28, 2020 (edited) I agree with that too, at least for the time being. Curious what exactly triggers antiviruses though... 0 Share this post Link to post
Spowmtom Posted March 28, 2020 4 hours ago, seed said: As for signing the files, that's easier said than done, since signing them is not free (or cheap, for that matter). GPG is entirely free, you might be confusing it with PGP. There are also checksums, like SHA1 MD5 or SHA256, and those hashes can even be signed. 0 Share this post Link to post
cardboard42 Posted March 28, 2020 (edited) One way to help with the false positive is to go to the virustotal reports for the files crispy-setup https://www.virustotal.com/gui/file/0d04ea528114e9b0349b2acaff497c3fd95855562b401eecce4dba42c1f89bdc/detection crispy-doom https://www.virustotal.com/gui/file/c6fdc7d5fdc4f20cdc0057815872cf5e045da2c7d7ab286567f382fe74726573/detection sign up and vote them harmless by clicking the checkmark in the top left. I think the more responsible antivirus vendors do use VT voting to improve their engines. You might check other crispy files (I don't have midiproc) by uploading them. 0 Share this post Link to post
SoDOOManiac Posted March 29, 2020 20 hours ago, drfrag said: I still think it's a false positive but after updating the definitions it's even worse as now i get a positive with setup as well and defender reports a different trojan. IMO @fabian should recompile a release himself manually until this is solved, or @Zodomaniac Personally i use CodeBlocks and TDM-GCC instead of MSYS2 with RUDE. I compiled the fresh git version of Crispy with MSYS2 and it shows 9 detections. So Doom 5.7.4 built with MSYS2 as well shows ony one, surprisingly. 0 Share this post Link to post
drfrag Posted March 29, 2020 As long as they are not flagged by defender it's fine i think. BTW now i can't post from Firefox aka Mozillo. 0 Share this post Link to post
SoDOOManiac Posted March 29, 2020 (edited) 7 hours ago, drfrag said: As long as they are not flagged by defender it's fine i think. BTW now i can't post from Firefox aka Mozillo. Then I'm uploading my homebrew Crispy Doom 5.7.2 with some post-release improvements: SPECHITS limit, the last persisting static limit, has been removed. Fix for segmentation fault when running on rgb565 screen has been pulled from Chocolate Doom, contributed by Wells Lu. crispy-doom-5.7.2-win32.zip Edited March 29, 2020 by Zodomaniac : Updated download 0 Share this post Link to post
fabian Posted March 29, 2020 You may also replace the official release Zip on the project page if you like. 1 Share this post Link to post
SoDOOManiac Posted March 29, 2020 (edited) 4 hours ago, fabian said: You may also replace the official release Zip on the project page if you like. Done :) Many more changes have been made recently to Crispy Heretic which I'm also posting here. The Heretic EXEs can be used with the same DLLs as Crispy Doom. Crispy settings have been prevented from resetting in setup by Ryan Krafnick. Secret message has been implemented by Jeff Green. Always Run toggle key and Always Run + Run = Walk behavior has been introduced by Ryan Krafnick. Mouse inventory buttons have been added by Ryan Krafnick to Chocolate Heretic and then merged from there. The INTERCEPTS and SPECHITS limits have been removed entirely. Vertical mouse movement (novert) toggle has been added by Ryan Krafnick. crispy-heretic.zip Edited March 29, 2020 by Zodomaniac : Minor correction 1 Share this post Link to post
VGA Posted March 29, 2020 3 hours ago, drfrag said: As long as they are not flagged by defender it's fine i think. BTW now i can't post from Firefox aka Mozillo. How does Firefox fit into this? 0 Share this post Link to post