I discovered that every executable made by SWF Studio 3.7 has problems with two A/V products - DrWeb and Sunbelt. ( http://www.virustotal.com)
DrWeb 22.214.171.12482 2009.07.01 BACKDOOR.Trojan
Sunbelt 3.2.1858.2 2009.07.01 Trojan-Dropper.Win32.VB.Botmap!cobra (v)
If your software should be provided to any user, compatability issues take place.
Concerning DrWeb, I've submitted file with description ( http://vms.drweb.com/sendvirus/), so they should update their bases and we just need to wait their turn around.
However Sunbelt does not provide easy service to upload a false detected file if you're not a client. Only forum available. And I don't even know what's the name of their a/v product. May be someone in northcode interested in solving this problem?
I've had a similar false warning from messagelabs.com when sending a zipped exe to a client for testing
and they have been notified that they have sent a potential virus.
The message title was RE:
The message date was Tue, 30 Jun 2009 10:02:17 +0100
The virus or unauthorised code identified in the email is
>>> Possible MalWare 'W32/HackedPacker-MoleBox-v2.x-0611-8cf4' found in '5931323_7X_AZ-D_PA6__HWI=5Fsrv5.exe'. Heuristics score: 690
>>> Possible MalWare 'W32/Generic' found in '5931323_19X_AK_PA7__HWI=3d5Fsrv5.exe'. Heuristics score: 488
a friend of mine has reported that comodo is reporting a similar threat.. more info to follow
with all my Standalone Exe's created with SWF Studio 3.8 I still get a Comodo Virus Warning:
I know that this is a false positive, but has it already been reported to Comodo? Seems like a very old thread so I guess not.
The problem is, that many Win7 users have comodo installed since it is the only free security suite available. ( At least that I know of )
What can be done to fix this issue?
We're going to start contacting all the antivirus software makers we can find and supplying them with samples of our EXE files for their tests. We've been hoping that they'll do their jobs and improve their heuristic scanners but I honestly don't believe they have any incentive to do this. They look good when the find viruses, regardless of whether they're actually viruses or not. We'lll definitely use batch scanners like virustotal.com to find out who we need to start talking to, but if you know of any other AV software that isn't "SWF Studio friendly" we'd love to hear from you.
I ran into the same problems yesterday with Antivir. It blocks all 3.8 built EXEs.
Scaringly virustotal.com says that 11 out of 41 scanners report my EXEs to be trojans. This is not good :-(
I've attached the report pdf...
attachments: VirusTotal - Kostenloser on..2.pdf
They all report it as a "generic" trojan, which means they think it's a virus because it uses the same packing technique as some viruses they've seen, but they don't really know. That's why it gets a "score". They're guessing it's a virus, just to be safe. As I mentioned before, we go through this every time a new version is released, until the A/V software vendors update their databases. We're taking steps to avoid this in the future by contacting them directly before we release a new version. I'm not sure how successful we'll be in getting them to listen, but we're going to try.
QUOTE: from northcode;50632
I guess you'll not be very successful with this, because these efforts will cost them some money ;-)
And by the way I can totally understand that this is not your fault after reading some topics about this... so I am looking forward for their database updates!
You're right about that, it's cheap to do things the easy way. They also don't have a lot of motivation to report fewer warnings, their users feel safer if they generate more warnings about viruses, even if they aren't real. It's like security at the airport. It's a big show, but it really doesn't make you any safer.