[x3d-public] virus checker results, FYI

Tue Apr 27 13:25:11 PDT 2021

Good point, our Windows DLLs of OpenSSL were actually a bit out of date. I
just upgraded them (1.0.2n -> 1.0.2u).

The next view3dscene snapshot from https://castle-engine.io/view3dscene.php
will contain new DLLs.

( This concerns only Windows. On other platforms, like Linux, we rely on
system-installed OpenSSL version. )

Regards,
Michalis

wt., 27 kwi 2021 o 01:21 John Carlson <yottzumm at gmail.com> napisał(a):

> I know that OpenSSL libraries are often targeted for intense scrutiny and
> it’s pretty much a good idea to stay up-to-date.   If you have a dependency
> on them in the apt package, that should be sufficient, but be sure to track
> latest OpenSSL in your dependencies.
>
> On Mon, Apr 26, 2021 at 6:02 AM Michalis Kamburelis <
> michalis.kambi at gmail.com> wrote:
>
>> CGE OpenSSL libraries are from https://indy.fulgan.com/SSL/ which is
>> linked to by https://wiki.openssl.org/index.php/Binaries . So I would
>> surely hope that they are virus-free, they are used by many projects
>> independent of CGE. If a virus scanner detects them, please test on DLLs
>> directly from https://indy.fulgan.com/SSL/ . Consider submitting a
>> "wrong detection" to virus software, as far as I know they should be
>> "clean" (though I never tried to compile them myself from code).
>>
>> Please submit CGE issues to the CGE bugtracker -- it is easy for me to
>> miss some CGE-specific report otherwise.
>>
>> Regards,
>> Michalis
>>
>> czw., 15 kwi 2021 o 00:39 John Carlson <yottzumm at gmail.com> napisał(a):
>>
>>> The one found in the
>>> https://github.com/castle-engine/castle-engine/releases/tag/v6.4 -
>>> castle_game_engine-6.4-src.zip
>>>
>>> <https://github.com/castle-engine/castle-engine/releases/download/v6.4/castle_game_engine-6.4-src.zip>
>>>
>>> This one also reports in clamTk.
>>>
>>> I don't think the one in the PPA has anything wrong with it, that I know
>>> of.   These are files I downloaded from github releases.  It's most likely
>>> the ones deployed with the OS packages are okay, as I didn't get reports on
>>> those.
>>>
>>>
>>> John
>>>
>>>
>>> On 4/14/21 5:21 PM, John Carlson wrote:
>>>
>>>
>>> On 4/14/21 5:02 PM, John Carlson wrote:
>>>
>>>
>>> Here's a snapshot of ClamTk virus checker results on my Groovy Gorilla
>>> Kubuntu system.
>>>
>>> Michalis, you might want to double check your OpenSSL dll
>>> (libeay32.dll).  I will try to download a new copy of castle game engine
>>> and retest, but I've done an update recently (but it may have crashed). I
>>> will remove/reinstall
>>>
>>> Okay, apparently the libeay32.dll in question came from
>>> castle-engine-7.0-alpha.snapshot-linux-x86_64.zip (now in the
>>> castle_game_engine folder).  I scanned the zip too, and there was no
>>> threats.  Perhaps something on my system is inserting when unpacking?
>>>
>>> I will download a production release of castle-game-engine from github.
>>>
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20210427/bc52c123/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: difijadgnjcgnlli.png
Type: image/png
Size: 228298 bytes
Desc: not available
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20210427/bc52c123/attachment-0001.png>