Search code examples
c#antivirusfalse-positive

How do you deal with false positives from antivirus companies (Avast and ClamAV)?

Possible Duplicate:
Antivirus False positive in my executable

One application is currently getting detected by a false positive for virus by Avast and ClamAV (never heard of the latter).

I have contacted both and waiting for reply from them, but I guess that takes it time (24 hours ++ now). So what I'm looking for a resource to check if for part of my code is being falsely detected, I personally assume ME and the person who write a virus at one point simply have commen sample code?

I dont have the technical ablities so i could disable the AV and find what signture is triggering ( And i assume companies protect this information). So my question boils down to, is there any resource i can use to check part of my code is being detected?

Extra information:

  • Link to VirusTotals:
  • My application is digitaly signed, and "my" signature has a postive rating at least with MS and never heard anyone complain that its blacklisted.
  • My application does have background update checking and error reporting ( update check is done via http)
  • I have off course scanned my computer used for compiling for viruses ( Both MS and NOD32 )
  • Application gets detected as a false positive detection even when its just zipped and not in a installer.
  • Link to information about what my app is being falsely detected as (Thx to Flanfl )

The people voting to close, please actual read the topic https://stackoverflow.com/questions/3339136/antivirus-false-positive-in-my-executable, one is about Delphi coding. Mine is generic and has a 2 actual replies that helpful to my case.

Solution

  • Possible solution for workaround, I'm using hstart in the automatic update system, removing this should fix my problem.

    EDIT: This "fixed" my problem, they where detecting hstart.exe...

    Solution for others may be the following:

    • Take backups. Install the Anti virus program doing false detections (ClamAV and Avast in my case).
    • Scan you source code. If you're lucky it will show you what file contains the false detection (in my case it was a resource), REMEMBER IF IT FINDS THE FAULT IN THESE WAY ITS LIKELY TO DELETE THE "PROBLEM"