Boost logo

Boost :

Subject: Re: [boost] Windows quarantines boost_1_68_0.7z
From: Asbjørn (lordcrc_at_[hidden])
Date: 2018-12-15 16:09:45


On 15.12.2018 11:54, degski via Boost wrote:
>
> If you have a better explanation, please do put that forward. The fact
> that this particular file get's flagged at all indicates that same
> broken logic.

It wouldn't surprise me if part of the 7z header plus some of the (essentially)
random bytes of data after triggers it.

We experience something like this rather frequently with the programming
language at work, Delphi, which is also used by a lot of malware writers for the
same reason we do: RAD. What happens is parts of the compiled standard library
gets used as a signature, causing a lot of false positives.

- Asbjørn


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk