意外造成病毒？ [英] Accidentally created a virus?

问题描述

我已经看到它经常发生：我在Delphi中编写一个应用程序，当我编译它时，病毒扫描器告诉我，我已经创建了一个病毒，然后立即再次删除可执行文件。这是令人讨厌但合理容易修复通过完全重建，首先删除* .dcu文件，有时通过简单的等待。

它发生在Delphi 6，7，2005和2007年，据我所知。而赛门铁克，卡巴斯基，迈克菲和诺基亚二十一世纪都已经犯了这些误报。我知道这是因为Delphi为其DCU文件添加了时间戳，而这些时间戳最终在最终的可执行文件中，显然似乎是某些随机病毒签名的一部分。

想要禁用病毒扫描程序，甚至不需要单个文件夹或文件。而我并不是一个解决方案，但是我想知道以下几点：

• 这些错误是否与其他编译器一起发生？ / li>
  
• 它是否也发生在.NET可执行文件？


• 其他人也注意到与Delphi类似的问题？

解决方案

这些假阳性也会与其他编译器一起发生
？

是的，过去一直是 AutoIt 在本论坛发布的文章我的AutoIt EXE真的感染了？。在大多数情况下，包括 AutoIt ，这源自差的启发式做法。由于 AutoIt 使用免费且开放的 UPX 压缩器，它通常被误认为也使用 UPX 的恶意代码。

您可以做的最好的事情就是报告这些错误，所以他们可以改进他们的启发式，或至少白名单你的应用程序。

以下是一些流行的反病毒公司的联系信息列表。他们都声称欣赏提交，因为它有助于使他们的产品更好。

• AntiVir - 联系人


• A2（A-Squared） - 联系人（电子邮件地址）


• Avast！ - 联系人


• AVG - 联系人


• BitDefender - 联系人


• BullGuard - 联系人


• CA Anti-Virus - 联系人


• ClamAV - 联系人


• ClamWin - 联系人


• Comodo - 联系人


• ESET的Nod32 - 联系人


• < a href =http://www.ealaddin.com/ =noreferrer> eSafe - 联系人（需要登录）


• Fortinet - 联系人


• F-PROT - 联系


• F-Secure - 联系人


• G-Data - 联系人


• 卡巴斯基 - < a href =http://usa.kaspersky.com/about-us/contact-info/ =noreferrer>联系人


• McAfee - 联系（em ail地址）


• Norman - 联系人（电子邮件地址）


• 熊猫反病毒 - 联系


• Sophos - 联系人


• Symantec（Norton） - 联系


• Vipre - 联系人


• Windows Live OneCare - 联系人


• ZoneLabs - 联系人

维基百科的AV软件，称为防病毒软件列表。它比我上面的列表更完整。

自动论坛的成员一个伟大的脚本，将错误的电子邮件发送到一个巨大的列表AV供应商将自动化此过程。

I've seen it happen reasonably often: I write an application in Delphi and when I compile it, the virus-scanner tells me that I've created a virus and then immediately deletes the executable again. It's annoying but reasonable easy to fix by doing a full rebuild, deleting the *.dcu files first and sometimes by simply waiting.

It happens with Delphi 6, 7, 2005 and 2007, as far as I know. And Symantec, Kaspersky, McAfee and NOD32 have all been guilty of reporting these false positives. I know it's because Delphi adds timestamps to its DCU files and these timestamps end up in the final executable and apparently appear to be part of some random virus signature.

I don't want to disable the virus-scanner, not even for a single folder or file. And I'm not really for a solution, but am wondering about the following:

• Do these false positives also occur with other compilers?
• Does it also happen with .NET executables?
• Do others also notice similar problems with Delphi?

解决方案

Do these false positives also occur with other compilers?

Yes, this is has been a common problem in the past for AutoIt as addressed in this forum post "Are my AutoIt EXEs really infected?". In most cases including AutoIt it stems from poor heuristic practices. Since AutoIt uses the free and open UPX compressor, it is often mistaken for malicious code that also uses UPX.

The best (and possibly only) thing you can do is report these mistakes, so they can refine their heuristics or at least white list your app.

Below is a list of contact information for some popular anti-virus companies. They all claim to appreciate submissions as it helps them make their product better.

• AntiVir - Contact
• A2 (A-Squared) - Contact (email address)
• Avast! - Contact
• AVG - Contact
• BitDefender - Contact
• BullGuard - Contact
• CA Anti-Virus - Contact
• ClamAV - Contact
• ClamWin - Contact
• Comodo - Contact
• ESET's Nod32 - Contact
• eSafe - Contact (login required)
• Fortinet - Contact
• F-PROT - Contact
• F-Secure - Contact
• G-Data - Contact
• Kaspersky - Contact
• McAfee - Contact (email address)
• Norman - Contact (email address)
• Panda Anti-Virus - Contact
• Sophos - Contact
• Symantec (Norton) - Contact
• Vipre - Contact
• Windows Live OneCare - Contact
• ZoneLabs - Contact

Turns out there is a great list of AV software on wikipedia, called 'List of antivirus software'. It is more complete than my list above.

A member of the Autoit Forums made a great script to e-mail a false positive to a huge list of AV vendors to automate this process a bit.

这篇关于意外造成病毒？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！