I am trying to build kMyMoney locally in Linux and also in Windows 11. For Windows, I am using the procedure shown on the Office > kMyMoney > Wiki > Build Environment page. I am using the vcpkg.json file referenced on that page and a CMake command appropriate to my system. The procedure has now stopped twice, on two different packages, when both Kaspersky and Windows Defender detect the malware Trojan.Win32.sdun.gen. This is very serious software that can put both my machine and my identity at risk. I can’t proceed unless someone can verify whether this is a false positive (unlikely) or a real threat in which case it needs to be disinfected.
The first instance arose May 22 in GMP and I believe it is in one of the packages referenced in the following. I looked at repo.msys2.org and can’t find any contact information. Maybe someone here can. I also contacted MSRC but they refused to do anything.
– Downloading https://repo.msys2.org/mingw/i686/mingw-w64-i686-libwinpthread-git-22.214.171.12473.5be8fcd83-1-any.pkg.tar.zst;https://www2.futureware.at/~nickoe/msys2-mirror/mingw/i686/mingw-w64-i686-libwinpthread-git-126.96.36.19973.5be8fcd83-1-any.pkg.tar.zst;https://mirror.yandex.ru/mirrors/msys2/mingw/i686/mingw-w64-i686-libwinpthread-git-188.8.131.5273.5be8fcd83-1-any.pkg.tar.zst;https://mirrors.tuna.tsinghua.edu.cn/msys2/mingw/i686/mingw-w64-i686-libwinpthread-git-184.108.40.20673.5be8fcd83-1-any.pkg.tar.zst;https://mirrors.ustc.edu.cn/msys2/mingw/i686/mingw-w64-i686-libwinpthread-git-220.127.116.1173.5be8fcd83-1-any.pkg.tar.zst;https://mirror.bit.edu.cn/msys2/mingw/i686/mingw-w64-i686-libwinpthread-git-18.104.22.16873.5be8fcd83-1-any.pkg.tar.zst;https://mirror.selfnet.de/msys2/mingw/i686/mingw-w64-i686-libwinpthread-git-22.214.171.12473.5be8fcd83-1-any.pkg.tar.zst;https://mirrors.sjtug.sjtu.edu.cn/msys2/mingw/i686/mingw-w64-i686-libwinpthread-git-126.96.36.19973.5be8fcd83-1-any.pkg.tar.zst → msys-mingw-w64-i686-libwinpthread-git-188.8.131.5273.5be8fcd83-1-any.pkg.tar.zst…
In response, I deleted the reference to GMP in the .json file and tried again this morning when the second incident happened with the package “installed = libiconv-1.16-2-x86_64.” The second process completes Configuring both x86-windows-static-dbg and x86-windows-static-rel but then is interrupted by virus detection software trying to build x86-windows-static-dbg.
I was actually getting this to work so I’m very disappointed I can’t proceed until this is resolved.