{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 甜甜的少女心 的问题《Accidentally created a virus?》','https://www.manongdao.com/q-87145.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've seen it happen reasonably often: I write an application in Delphi and when I compile it, the virus-scanner tells me that I've created a virus and then immediately deletes the executable again. It's annoying but reasonable easy to fix by doing a full rebuild, deleting the *.dcu files first and sometimes by simply waiting.
It happens with Delphi 6, 7, 2005 and 2007, as far as I know. And Symantec, Kaspersky, McAfee and NOD32 have all been guilty of reporting these false positives. I know it's because Delphi adds timestamps to its DCU files and these timestamps end up in the final executable and apparently appear to be part of some random virus signature.
I don't want to disable the virus-scanner, not even for a single folder or file. And I'm not really for a solution, but am wondering about the following:
- Do these false positives also occur with other compilers?
- Does it also happen with .NET executables?
- Do others also notice similar problems with Delphi?
A couple of years back, everytime we updated the GNU Linker from mingw sources and started distributing it with our compiler, we got some reports that virusscanners classified ld.exe as virus. (.exes writing .exes ...)
If you have problems with false positives, there is VirusTotal online service that can help you check your file against number of antivirus engines.
It's free service and currently it can run antivirus check with almost 40 antivirus engines.
In some apps, if I use RtlVclOptimize.pas, the Avira antivirus tell that I have created a virus.
Some antivirus programs even flag a batch file as a virus and can't be convinced that it isn't. Quite annoying, if that file is part of a third party library and the virus warning is triggered every time TortoiseSVN checks it out. I ended up disabling the virus scanner, deleting the file and doing a commit. (Without disabling the scanner, I could not even do that :-( )
VS Platform toolset 2010 renders my simple program to be detected as virus. Changing the toolset to VS 2013 solves it.
It just creates a HttpWebRequest and writes the result to a file.
Yes, my team has experienced this maybe half a dozen times in 2-3 years with Sophos in a corporate environment. So, very rarely, but it does happen.
Our IT cretin started off demanding I review all the 1.5M lines of code in our app to "make it go away", but he didn't get too far pursuing that line...
To be fair, he was initially concerned that our clients might also receive such a warning, but we've only ever seen it triggered when building an exe from the IDE on a developer's PC, never on a release build exe on a test box or elsewhere.
Personally, it happens so rarely we don't worry about it.