如何防止我的软件发生错误的阳性病毒警报? [英] How to prevent false positive virus alarm on my software?
问题描述
Possible Duplicate:
Antivirus False positive in my executable
,我的程序有超过15个虚假病毒警报。他们中的大多数来自卡巴斯基,他们总是告诉同样的病毒:Trojan-GameThief.Win32.Lmir.pcd。
有三个问题:
Until now, I had over 15 false virus alarms for my programs. Most of them were from Kaspersky, which reports ALWAYS the same virus: Trojan-GameThief.Win32.Lmir.pcd. There are 3 questions:
- 为什么会出现?
- 如何防止?
- 如何检测?
对于第一个问题,因为它总是检测到相同的病毒,我想这是因为我在我的所有程序中使用的一个例程。但是哪一个呢,我不知道。
对于第二个问题,我正在考虑修改程序,并重新编译它,只需要更改其代码,以便防病毒软件无法识别它,并发布新版本。
第三个问题是最困难的一个。如何检查所有我的程序对所有防病毒程序在世界上?
For the first question, because it detects always the same virus, I guess it is because one of my routines that I use in all my programs. But which one exactly, I don't know. For the second question I was thinking about modifying the program just a bit and recompiling it, just enough to change its code so the antivirus will not recognize it anymore and release the new version. The third question is the most difficult one. How to check ALL my programs against ALL antivirus programs in the world?
更新:
有关如何合法处理此问题的知识吗?似乎很多Delphi开发人员都有同样的问题。鲁莽的防毒软件公司通过展示大量虚假的警报来赚钱,让客户在实际上没有危险时认为自己是安全的。当我们失去客户 - 他们正在制造客户。
我通知了防病毒公司的问题,但他们修复它仅针对该特定版本。下次我发布更新时,再次出现虚警。他们只是不在乎。
Update:
Has anybody knowledge about how this issue can be handled legally? There seems that many Delphi developers have the same problem. The reckless antivirus companies make money on our back by showing lots of false positive alarms, making their customers to think they are safe when there was actually no danger. While we are losing customers - they are making customers.
I informed the antivirus company about the problem but they fix it only for that specific version. Next time I release an update, the false alarm appears again. They just don't care.
由于粗心的防病毒软件,许多诚实的开发人员都有问题。
另请参见:如何防止错误对我的软件有积极的病毒警报?
Many honest developers have problems because of careless antivirus software. See this also: How to prevent false positive virus alarm on my software?
也许我们可以联合这种防病毒产品,并强迫他们更加小心虚假的警报,甚至获得一些收入回报为我们输掉的销售额。
我们应该签署某种请愿,让他们知道我们不再接受了。
Maybe we can unite against such antivirus products and force them to be more careful about false positive alarms, even to get some revenue back for the sales we lose because of them. We should sign some kind of petition to let them know that we don't accept this anymore.
推荐答案
,请确保您没有Win32.Induc delphi病毒,这会更改SysConst.dcu,以便您编译的应用程序将被感染。
First, make sure that you do not have the Win32.Induc delphi virus, which changes SysConst.dcu so that applications you compile will be infected.
-
使用#3缩小代码中导致假阳性的内容。更改进程内存的API调用将触发启发式扫描程序。甚至包括一些API函数的名称(例如WriteProcessMemory)将触发扫描器。更改测试应用程序并提交到#3,直到您缩小问题。如果您使用封隔器,则AV软件可能会打开包装,但是无需打包即可测试。
Use #3 to narrow down what in your code is causing the false positive. API calls which change process memory will trigger heuristic scanners. Even including the names of some of the API functions (such as WriteProcessMemory) will trigger a scanner. Make changes to a test application and submit to #3 until you narrow the problem down. If you use a packer, then the AV software will probably unpack it anyway, but test with and without packing.
将取决于#1。
病毒开发人员使用Virustotal来检查病毒是否被检测到,因此Virustotal会将任何测试文件发送给防病毒人员进行分析。以前有一个选项来关闭它,但几年前被删除了。如果您多次提交申请,这可能会使您的问题变得更糟,所以我建议您使用 http://virusscan.jotti .org / 进行初步测试。
Virustotal is used by virus developers to check their virus is not detected, so Virustotal will send any test file to the anti-virus people for analysis. There used to be an option to switch this off, but it was removed several years ago. This can make the problem worse for you if you submit an application multiple times, so I would recommend using http://virusscan.jotti.org/ for your initial testing.
这篇关于如何防止我的软件发生错误的阳性病毒警报?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
