[Lazarus] virus in lazarus-1.2.6-fpc-2.6.4-win32.exe?

Frederic Da Vitoria davitofrg at gmail.com
Mon Dec 15 16:59:06 CET 2014


2014-12-12 14:25 GMT+01:00 Kostas Michalopoulos <badsectoracula at gmail.com>:

> I've found that virustotal quite often marks programs made with FPC as
> having viruses. Usually one or two of the checkers there (and avast
> sometimes is one of them). Messing with compiler flags (like how DLLs are
> being used) tends to make them go away.
>
> You can download an ISO with Windows directly from Microsoft, put it on a
> VM like VirtualBox, install FPC, make a small program, upload it to
> virustotal and have some of the antiviruses there tell you that there are
> viruses on the program :-P
>
>
> On Fri, Dec 12, 2014 at 10:08 AM, Frederic Da Vitoria <davitofrg at gmail.com
> > wrote:
>
>> 2014-12-12 9:47 GMT+01:00 Dr Engelbert Buxbaum <engelbert_buxbaum at web.de>
>> :
>>>
>>>
>>> Hi,
>>>
>>> Avast  reports  that  several files from the win executable of Lazarus
>>> are  infected with "win64 evo-gen". Is this a problem of Lazarus or of
>>> Avast?
>>>
>>> Sincerely
>>>
>>> Engelbert
>>>
>>
>> Do you mean the IDE lazarus.exe file or an executable compiled by
>> Lazarus/fpc? When did the Avast message appear? When you installed
>> /upgraded Lazarus or after Avast upgraded it's virus database (which
>> happens quite frequently IIRC)?
>>
>> I have downloaded and installed Lazarus 1.2.6, and my AVG didn't say
>> anything. Still doesn't say anything now, actually.
>>
>> You could have a mutating virus on your system which Avast could not
>> detect before but has later infected your Lazarus executable, but I guess
>> this is a false positive. You could check with
>> https://www.virustotal.com/
>>
>
Yes, that's the price to pay for heuristics and less-than-exact virus
signature determination. VirusTotal exists because no antivirus is
completely reliable, all of them think sometimes there are virus where
there is none and of course all antivirus miss other viruses. One of the
things VirusTotal can help you for is deciding whether your antivirus is
right or has detected a false positive.

This is usually what I do when my AVG tells it has found a virus: I check
on VirusTotal and if VirusTotal leads me to believe it is a false positive,
I send a message to AVG asking them to check. I don't know about Avast, but
with AVG a get an answer in a few days, and usually the answer is that it
was indeed a false positive and that they upgraded their signature files.
It seems Avast has a similar procedure:
http://www.avast.com/contact-form.php?subject=VIRUS-FILE . I suggest you
send false positives to them.

-- 
Frederic Da Vitoria
(davitof)

Membre de l'April - « promouvoir et défendre le logiciel libre » -
http://www.april.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lazarus-ide.org/pipermail/lazarus/attachments/20141215/48a83f43/attachment-0003.html>


More information about the Lazarus mailing list