Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

delphi - Antivirus False positive in my executable

I just ran into an annoying problem. Suddenly Avira AntiVir started to flag one executable from my software as being a virus.

As the default action from almost any user is to click OK and Avira suggests to put the virus in quarantine, most of my users are deleting this executable.

Well, let's not be arrogant and check if I'm not infected indeed. I posted the file to http://www.virustotal.com and from all anti virus only Avira flags it as infected. Furthermore I scanned my computer with two different anti viruses and it is clean.

I already posted a mail to my users explaining what is happening but this is an overhead to my support that I really don't want.

OK, the question is: Is there a way to avoid this kind of behavior? I can't think any way else than signing the files, (don't really know if it would solve) but let's see if you have any creative idea.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

It is surprisingly common that Delphi applications are reported as (potentially) harmful by AV applications. It happened to me a while ago, using Delphi 2009, see http://en.wikipedia.org/wiki/Wikipedia:Reference_desk/Archives/Computing/2010_March_20#Delphi.2FAVG_Issue.

At SO, we also have

and many more.

It might be the actual Induc Virus. But most likely, it is a false positive.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...