Seriously, so many posts I've never seen before suddenly new for me. Yes, you are right, that is the absolute worse place to put it and that will be resolved with the new version. And also,
viewtopic.php?f=37&t=591#p3072 as long as someone can help remind me to do it. My memory sucks and I'll probably forget when I get home tonight otherwise.
Trojan is definitely false positive. TR/Dropper.Gen is very simply, any executable that downloads files remotely to your PC. Since the Odyssey executable is unsigned/unverified this will continue to be a false positive with the VB6 version of Odyssey. I have contacted Anti-Virus companies in the past to have them remove false positives, but they typically either don't respond, or refuse to dig through your sourcecode to ensure it's safe. I'm still waiting for a response from eset that I submitted over 3 years ago on my multi regsvr32 utility. However, the updater is very blatant about what it downloads to your PC. You can see for yourself here:
http://odyssey.burningstormstudios.com/upd/ or
http://odyssey.burningstormstudios.com/upd/upd.dat (open in notepad). You can compare that file to your version.dat.
Run any kind of program that watches remote connections and you'll see it only downloads from this site, the server you play on, and the server registry (which is currently offline).
Hopefully this will be resolved with the rewrite, but no guarantees. When in doubt, run it against
http://www.virustotal.com, I'll start adding a report for downloads in the future, but for now, judge for yourself. As long as you are getting it from this site or odyonline.com (pointer to odyssey.burningstormstudios.com), you are safe.