Page 1 of 1
Which Wolfmame stop giving false malicious program alarm
Posted: Thu Apr 06, 2017 2:55 pm
by francoisadt1
Hi
Question1:
My PC do give false alarm on Wolfmam EXE v.106, unfortunately there are no .ZIP versions for older Wolfmame versions, why not?
Question2:
What was the cause of the false alarm?
Question3:
What need to change in the code or compilation to make the false alarm go away? Please give example or link to code to fix it.
Question4:
At which version of Wolfmame these false alarm do stop?
Question5:
Does the false alarm only occur on certain windows versions - which ones?
Question6:
Does the false alarm ever occur on certain Linux compiled based versions?
Regards
Francois du Toit
Re: Which Wolfmame stop giving false malicious program alarm
Posted: Thu Apr 06, 2017 6:52 pm
by mahlemiut
Downloading anything from
http://wolfmame.marpirc.net/ will trip the warning, or at least it does in Firefox and Chrome. You can choose to ignore it if you wish, there shouldn't be anything malicious, the EXEs are just self-extractors. Run it through a virus scanner or something first to be sure, though.
Exactly what triggered this flag in the first place is unknown.
Re: Which Wolfmame stop giving false malicious program alarm
Posted: Thu Apr 06, 2017 8:03 pm
by francoisadt1
Hi Barry
All the files on the
http://wolfmame.marpirc.net/ are without virus. So you misunderstood my question.
It have to do with some code regards the security because when I copy the .EXE of wolfmame 101 (already extracted) from an
external HDD to my PC - the McAfee anitivirus program does not allow the .EXE to be saved/copied. Same as from the browser.
but with the new Wolfmame .EXEs like the one you ahve done on github- it is no problem.
I reckon you fix and change some security source code - to let this not occur anymore?
Re: Which Wolfmame stop giving false malicious program alarm
Posted: Thu Apr 06, 2017 9:14 pm
by mahlemiut
Some of the old EXEs were compressed via UPX, and sometimes that can return a false positive, although I forget exactly when I stopped using it. If you have UPX handy, you should be able to see if it is compressed, and then decompress it. I think I stopped using it around 0.93, and I think I only compressed the DLL. The smaller EXEs just provide the interface to run MAME (either commandline or GUI), they should be more or less the same as standard MAME Plus.
Otherwise, there shouldn't be anything causing this.
Trying to rebuild it would be difficult, I don't think I have the source diff anymore, and finding the source for a 12 year old version of MAME Plus isn't likely to be easy either.