Subject: Re: [boost] TROJAN INFECTION boost 1.67 binaries for Windows x64 MSVC 14.1
From: degski (degski_at_[hidden])
Date: 2018-07-28 03:09:24
On 27 July 2018 at 16:14, Zipper Fish via Boost <boost_at_[hidden]>
> Paul, I already feel good and am not panicking, but thank you for your
> concern :-)
As you could have seen in the archive, quite a lot of people have looked at
it, and found it to be not a problem.
I am interested in the Windows 3rd party binaries because I try to avoid
> building boost manually on Windows if at all possible. As you know, the
> Windows Zip file does not contain binaries for the non-header-only parts of
You could use vcpkg and build boost (and many other libraries) without any
I already gathered your strategy about using a separate partition to beat
> the virus checkers from the archive link that Mateusz shared.
You can add excluded paths to Defender (and other AV's), add the build
directories as well, it will speed up you build.
As I wrote in my response to Mateusz, I am simply curious why a virus
> checker would flag a false positive in compiled boost libraries.
It's an unsigned executable, the self extractor (tagged on at the end of
the file) is possibly itself compressed. If that is done with upx, it will
be flagged as a virus. There's an optimising exe compressor doing both 32-
and 64-bit exe/dll's called mpress
<https://autohotkey.com/mpress/mpress_web.htm>, this one will not get
flagged (by my experience) ever.
Is it because viruses use boost libraries? I've used quite a number of
> over the years and none that I can recall had this issue. (If this is off
> topic, my apologies.)
Before doing anything, check the suspicious file with malwarebytes
<https://www.malwarebytes.com/premium/> (just use the free version), if it
is a problem, mb is very likely to find it. If you dare (and are allowed,
i.e. you don't work for the potus), use kaspersky
*will* find it (and remove).
-- *"If something cannot go on forever, it will stop" - Herbert Stein*