防毒软件在我的可执行文件中为false [英] Antivirus False positive in my executable
问题描述
由于几乎任何用户的默认操作都是单击确定,Avira建议将隔离中的病毒放在我的大部分用户正在删除这个可执行文件。
嗯,让我们不要傲慢,检查我是否没有感染。我将该文件发布到 http://www.virustotal.com ,并且所有防病毒只有Avira将其标记为感染。此外,我扫描了我的电脑与两种不同的反病毒,它是干净的。
我已经发布了一个邮件给我的用户解释发生了什么,但这是我的支持的开销我真的不想要好的,问题是:有没有办法来避免这种行为?
我不能以任何方式去签名文件,(不知道是否会解决),但让我们看看你是否有任何创意。
很明显,Delphi应用程序被AV应用程序报告为(潜在的)有害的。之前我使用的是Delphi 2009,见 http://en.wikipedia.org/wiki/Wikipedia:Reference_desk/Archives/Computing/2010_March_20#Delphi.2FAVG_Issue 。
在这个时候,我们也有
等等。
这可能是实际的 Induc Virus 。但很有可能这是一个假阳性。
I just ran into an annoying problem. Suddenly Avira AntiVir started to flag one executable from my software as being a virus.
As the default action from almost any user is to click OK and Avira suggests to put the virus in quarantine, most of my users are deleting this executable.
Well, let's not be arrogant and check if I'm not infected indeed. I posted the file to http://www.virustotal.com and from all anti virus only Avira flags it as infected. Furthermore I scanned my computer with two different anti viruses and it is clean.
I already posted a mail to my users explaining what is happening but this is an overhead to my support that I really don't want.
OK, the question is: Is there a way to avoid this kind of behavior? I can't think any way else than signing the files, (don't really know if it would solve) but let's see if you have any creative idea.
It is surprisingly common that Delphi applications are reported as (potentially) harmful by AV applications. It happened to me a while ago, using Delphi 2009, see http://en.wikipedia.org/wiki/Wikipedia:Reference_desk/Archives/Computing/2010_March_20#Delphi.2FAVG_Issue.
At SO, we also have
and many more.
It might be the actual Induc Virus. But most likely, it is a false positive.
这篇关于防毒软件在我的可执行文件中为false的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!