delphidelphi-7executableantivirusfalse-positive

Antivirus False positive in my executable


I just ran into an annoying problem. Suddenly Avira AntiVir started to flag one executable from my software as being a virus.

As the default action from almost any user is to click OK and Avira suggests to put the virus in quarantine, most of my users are deleting this executable.

Well, let's not be arrogant and check if I'm not infected indeed. I posted the file to http://www.virustotal.com and from all anti virus only Avira flags it as infected. Furthermore I scanned my computer with two different anti viruses and it is clean.

I already posted a mail to my users explaining what is happening but this is an overhead to my support that I really don't want.

OK, the question is: Is there a way to avoid this kind of behavior? I can't think any way else than signing the files, (don't really know if it would solve) but let's see if you have any creative idea.


Solution

  • It is surprisingly common that Delphi applications are reported as (potentially) harmful by AV applications. It happened to me a while ago, using Delphi 2009, see http://en.wikipedia.org/wiki/Wikipedia:Reference_desk/Archives/Computing/2010_March_20#Delphi.2FAVG_Issue.

    At SO, we also have

    and many more.

    It might be the actual Induc Virus. But most likely, it is a false positive.