Boost :

Date view	Thread view	Subject view	Author view

Subject: Re: [boost] Windows quarantines boost_1_68_0.7z
From: AsbjÃ¸rn (lordcrc_at_[hidden])
Date: 2018-12-15 16:09:45

Next message: Miguel Ojeda: "Re: [boost] Windows quarantines boost_1_68_0.7z"
Previous message: degski: "Re: [boost] Windows quarantines boost_1_68_0.7z"
In reply to: degski: "Re: [boost] Windows quarantines boost_1_68_0.7z"
Next in thread: Miguel Ojeda: "Re: [boost] Windows quarantines boost_1_68_0.7z"

On 15.12.2018 11:54, degski via Boost wrote:
>
> If you have a better explanation, please do put that forward. The fact
> that this particular file get's flagged at all indicates that same
> broken logic.

It wouldn't surprise me if part of the 7z header plus some of the (essentially)
random bytes of data after triggers it.

We experience something like this rather frequently with the programming
language at work, Delphi, which is also used by a lot of malware writers for the
same reason we do: RAD. What happens is parts of the compiled standard library
gets used as a signature, causing a lot of false positives.

- AsbjÃ¸rn

Next message: Miguel Ojeda: "Re: [boost] Windows quarantines boost_1_68_0.7z"
Previous message: degski: "Re: [boost] Windows quarantines boost_1_68_0.7z"
In reply to: degski: "Re: [boost] Windows quarantines boost_1_68_0.7z"
Next in thread: Miguel Ojeda: "Re: [boost] Windows quarantines boost_1_68_0.7z"

Date view	Thread view	Subject view	Author view

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk