Watch, Follow, &
Connect with Us

Welcome, Guest
Guest Settings
Help

Thread: Avast flagging everything XE8 related as infected?



Permlink Replies: 5 - Last Post: Sep 17, 2015 7:39 AM Last Post By: Arnaud Bouchez
steven chesser

Posts: 84
Registered: 7/27/00
Avast flagging everything XE8 related as infected?
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 16, 2015 1:40 PM
As of today, it seems like avast virus scanner flags XE8 compiled programs with a Win32:Banker variant...

But appears no other scanners have yet?

None of my D7 programs are flagging anything.

Even XE8's own files, BPL files, ect are getting flagged.

Edited by: steven chesser on Sep 16, 2015 1:41 PM
Jeff Overcash (...

Posts: 1,400
Registered: 9/23/99
Re: Avast flagging everything XE8 related as infected? [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 16, 2015 1:54 PM   in response to: steven chesser in response to: steven chesser
steven chesser wrote:
As of today, it seems like avast virus scanner flags XE8 compiled programs with a Win32:Banker variant...

But appears no other scanners have yet?

None of my D7 programs are flagging anything.

Even XE8's own files, BPL files, ect are getting flagged.

Edited by: steven chesser on Sep 16, 2015 1:41 PM

I use Avast, but they are very bad about false positives for Delphi apps. They
introduce a false positive for Delphi apps 1-2 times a year. Just report the
false positives. I've long since told Avast to not scan the directories I put
binaries into.

--
Jeff Overcash (TeamB)
(Please do not email me directly unless asked. Thank You)
Learning is finding out what you already know. Doing is demonstrating that you
know it. Teaching is reminding others that they know it as well as you. We are
all leaners, doers, teachers. (R Bach)
Alexandre Machado

Posts: 1,623
Registered: 8/10/13
Re: Avast flagging everything XE8 related as infected?
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 16, 2015 2:22 PM   in response to: steven chesser in response to: steven chesser
steven chesser wrote:
As of today, it seems like avast virus scanner flags XE8 compiled programs with a Win32:Banker variant...

But appears no other scanners have yet?

None of my D7 programs are flagging anything.

Even XE8's own files, BPL files, ect are getting flagged.

The same with Avira and Delphi XE8 and 10 Seattle... You have to report the false positive and probably they fix in the next signature update/full update.

Best regards
Arnaud Bouchez

Posts: 133
Registered: 8/2/15
Re: Avast flagging everything XE8 related as infected?
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 17, 2015 6:54 AM   in response to: steven chesser in response to: steven chesser
It is a "false positive" of AVAST heuristic engine.
Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild".

AVAST "experts" introduced some detection rules which identified all Delphi executables as potentially dangerous.

If you make a small Delphi program without any link to the VCL, with some access to the Internet, a lot of "cheap" AV programs would identify this program as a danger.
This is the symptom of poorly maintained heuristic rules.
AFAIK it is the first time their "rules" have been defined so poorly that even ANY Delphi program is detected as dangerous.

AVAST team should not be proud.
A simple test with a fixed void Delphi application would be enough to detect such regressions.

At least, they reacted promptly.
There are still a lot of Delphi programs in the wild!
;)

They claimed this has been fixed by now.
See https://forum.avast.com/index.php?topic=176583.msg1252118#msg1252118
steven chesser

Posts: 84
Registered: 7/27/00
Re: Avast flagging everything XE8 related as infected?
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 17, 2015 7:23 AM   in response to: Arnaud Bouchez in response to: Arnaud Bouchez
Arnaud Bouchez wrote:
It is a "false positive" of AVAST heuristic engine.
Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild".

AVAST "experts" introduced some detection rules which identified all Delphi executables as potentially dangerous.

If you make a small Delphi program without any link to the VCL, with some access to the Internet, a lot of "cheap" AV programs would identify this program as a danger.
This is the symptom of poorly maintained heuristic rules.
AFAIK it is the first time their "rules" have been defined so poorly that even ANY Delphi program is detected as dangerous.

AVAST team should not be proud.
A simple test with a fixed void Delphi application would be enough to detect such regressions.

At least, they reacted promptly.
There are still a lot of Delphi programs in the wild!
;)

They claimed this has been fixed by now.
See https://forum.avast.com/index.php?topic=176583.msg1252118#msg1252118

It is what I figured, but I got swarmed at my desk about it as everyone was in a panic.

Its not the first time AVAST has bit us... When I was able to use www.virustotal.com to scan the file and show them out of 56 scanners, only AVAST flagged.
Arnaud Bouchez

Posts: 133
Registered: 8/2/15
Re: Avast flagging everything XE8 related as infected?
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 17, 2015 7:39 AM   in response to: steven chesser in response to: steven chesser
steven chesser wrote:
It is what I figured, but I got swarmed at my desk about it as everyone was in a panic.

Its not the first time AVAST has bit us... When I was able to use www.virustotal.com to scan the file and show them out of 56 scanners, only AVAST flagged.

Indeed.
Virustotal is a need, in such case.

See http://blog.synopse.info/post/2015/09/17/AVAST-did-detect-ALL-Delphi-programs-as-dangerous
and https://www.virustotal.com/en/file/4d94146d1a50a24c32e6158c414f3f7078912b7f0f46c63e94426d1ede9a9303/analysis/1442480149/
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02