Anti-Virus vendors & warnings

Christian Lohmaier lohmaier at googlemail.com
Wed Oct 1 04:15:41 PDT 2014


On Wed, Oct 1, 2014 at 11:55 AM, Michael Meeks
<michael.meeks at collabora.com> wrote:
> Dear Nicholas,
>
> On Tue, 2014-09-30 at 17:19 -0400, nicholas ferguson wrote:
>> I duplicated their directory structure.  And my build still failed.
>
>         Grief; we should certainly document turning off AV more prominently.

Listed quite prominently in the windows build instructions. And *any*
AV-solution that blocks access should popup a corresponding
message/indicator that it did so.

> Ideally we could find a reproducer that we could check during configure
> and print out:

Nope, that won't help. If the user is ignoring the system's messages,
why should he read ours?

And checking whether virus solution xy is running probably is a
surefire way to get detected as malicious beforehand so you won't be
able to show that message :-)

>         It'd be great to isolate exactly what is causing the problem, so we can
> save other people this suffering; I'd love to invest in that.

BitDefender/Security Essentials blocks some of the CVE test-files. I
assume that to be no difference here. And there's no way to have
av-vendors whitelist those files, as after all they can exploit
vulnerabilities in other/older software.

If it needs forensics to find out what was blocked, then the
av-solution is crap, or the user unwilling to look at the software's
logs.

> On Tue, 2014-09-30 at 17:50 -0400, nicholas ferguson wrote:
>> I think that is a bad idea.  A good idea is to turn on anti virus
>> where work is done.  you can't tell developers to turn off their
>> anti virus when working on windows.  That’s  crazy talk

Either you disable monitoring for the build-directories, or you
whitelist stuff in another way. Or use a different AV-solution.

Of course false-detection in the result is another story - Symantec
(Norton AV) offers a whitelisting form that I use for the official
builds, so regular users don't get warning when downloading/installing
the finished product. But building is a different story.

I see no way to have the build free of AV-detection unless we remove
all of the CVE testdocuments.
In fact any AV-solution that doesn't block/break the build in a way is
not tightly monitoring the system..

So only way is to do as already written in the buildinstructions and
common sense when actually looking at the AV-solutions' reports:
Disable monitoring for the build. Not only will that not break the
build, but also save some cycles for actually compiling stuff instead
of checking lots of intermediate files.

Your build-account surely is not an administrative account, and not
even the one you do your office work with (as the tests pop up lots of
windows that would otherwise be very distracting) - so I absolutely
don't see this as a huge problem.

ciao
Christian


More information about the LibreOffice mailing list