* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

One of my apps is getting false virus detection... what can I do

Hi Guys,

My app it shwing some generic virus / malware detections in some antivurs software.

I know my software is clean, because I wrote it :)

Something in the code is triggering a false positive.  Probably in the byte order of the exe file.

I've tried to recompile,  change, add features, and recompile, but nothing seems to make a difference.

How can i fix this issue?
Customers are complaining that their virus scanner has started to detect virus fingerprints in the software and they have to add exceptions to the antivurus software so it does not delete my app from their pc.

only 3 out of about 20 scanners I tested with trigger a generic trojan/malwave notice. (UnclassifiedMalware  or VIRUS_UNKNOWN  or HEUR:Trojan.Win32.Generic )

Any ideas on how to resolve this?
NewGuyOnTheBlock Send private email
Monday, October 14, 2013
 
 
Probably you are using a component that has been used before in genuine viruses.  Maybe your program is trying to connect to the Internet or is using a keyboard hook to listen to the users keyboard.
See if you can recompile those components.

Other solution may be to pack your exe file with an executable packer such as UPX:
http://upx.sourceforge.net/
alexandar Send private email
Tuesday, October 15, 2013
 
 
Is it only one antivirus software or all of them?
I recently have similar problems with BitDefender, that seems to report false positives for software and web sites. I used the their forum to report the false positive. The virustotal.com can give you the idea of what antivirus software thinks you program is infected.
RossR Send private email
Tuesday, October 15, 2013
 
 
>> "Other solution may be to pack your exe file with an executable packer such as UPX."

That's bad advice. Many virus scanners flag files compressed with things like UPX as "suspicious".


>> "How can i fix this issue?"

Code sign your executables & dlls.
Wyatt O'Day Send private email
Tuesday, October 15, 2013
 
 
False positives happen. I suggest you contact the anti-virus companies in question and assure them that it is a false positive. IIRC I did this once and they fixed it within a few days.

virustotal.com will let you know who you need to approach.
Andy Brice Send private email
Tuesday, October 15, 2013
 
 
@ Wyatt "That's bad advice. Many virus scanners flag files compressed with things like UPX as "suspicious"."

How do you know that?
alexandar Send private email
Tuesday, October 15, 2013
 
 
Experience.
Wyatt O'Day Send private email
Tuesday, October 15, 2013
 
 
My exes have always been UPX'ed and never flagged.  Virus scanners are smart enough to unpack them before scanning anyway.
PSB136 Send private email
Tuesday, October 15, 2013
 
 
Also from experience, I +1 Wyatt: don't upx (or otherwise compress) you executables and code sign them.

There are about 20 different anti-virus programs (see virustotal). When I was upx'ing binaries and not signing them, at least one or two anti-virus programs would show false positives.
Krzysztof Kowalczyk Send private email
Tuesday, October 15, 2013
 
 
Norton's 'sonar' seems to be particularly aggressive.
It will go ahead and delete a file the user downloads without offering a choice, just giving a message along the lines of 'threat deleted' and the user needs to be quite persistent to figure out how to get past it.
Drummer Send private email
Tuesday, October 15, 2013
 
 
Hello NewGuy,

This has happened to me also. First thing is to make sure you have a CodeSigning. This will prevent SmartScreen Filter on Windows 8, Chrome, and few other tools.

If you are still having problems, the BEST thing you can do right now is to go to every Anti-Virus forum that is flagging your program and post on their "Report False Alert" section.

I had my software flagged in 2 Anti-Virus (Norton, BitDefender), for who knows what reason. I've submitted the false report alert explaining why my program is legit, and within a week or two, it was on their "Safe" list.

Hope this helps, lmk if you need more help.
John Senar Send private email
Tuesday, October 15, 2013
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz