我的应用程序的自动更新实用程序正在触发防病毒

发布于 2024-08-20 16:38:45 字数 361 浏览 10 评论 0原文

我创建了一个自动更新应用程序,分发给数百名用户。

virustotal 上 55% 的防病毒软件已标记自动更新实用程序(链接)。

我的应用程序是在 Delphi 7 中创建的。大多数标志都说这是通用木马/恶意软件,显然该软件实际上并不是恶意软件(我是唯一一个可以访问源代码并可以访问托管它的服务器的人)但这导致很多用户

有谁知道我如何才能阻止它被错误标记?

I've created an auto-updating application which is distributed to 100s of users.

The auto-update utility is being flagged by 55% of antiviruses on virustotal ( link ).

My application was created in Delphi 7. Most of the flags are saying that this is Generic trojan/malware, obviously the software isn't actually malware (I'm the only one with source code access and access to the server which hosts it) but it's causing a lot of users to be

Does anyone have any idea how I can stop this being wrongly flagged?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(9

離人涙 2024-08-27 16:38:45

正如您所说,如果空表单应用程序被评为病毒,您很可能会被 Delphi 病毒感染。有关此事件的更多信息:

另外,您使用Delphi 7,它是该病毒的目标(据我所知)所有 Delphi 版本都是)。

If, as you stated, empty form applications get rated as virus, you might very well be infected by the Delphi virus. More info about this... thing:

In addition, you use Delphi 7, which is a target for this virus (as far as I know not all Delphi versions are).

千と千尋 2024-08-27 16:38:45

Delphi 2007:新的 VCL 应用程序

无需任何更改即可编译,某些防病毒软件包会将生成的 EXE 报告为潜在的病毒/特洛伊木马。更改主窗体的名称或向项目添加第二个窗体等,防病毒警告就会消失。撤消更改,它们就会恢复(因此它不是“Delphi 升级激励病毒”的 D2007 端口)。

我的猜测是,很久以前,某个地方的某个人用 Delphi 编写了一个病毒/木马/恶意软件,而与之相关的签名/启发式方法现在有时会不幸地与其他 Delphi 应用程序发生冲突。

Delphi 2007: New VCL Application

Compile without changing anything and some antivirus packages will report the resulting EXE as a potential virus/trojan. Change the name of the main form or add a second form to the project etc and antivirus warnings disappear. Undo the changes and they come back (so it's not a D2007 port of the "Delphi Upgrade Incentive Virus").

My guess is that someone, somewhere once upon a time wrote a virus/trojan/malware with Delphi and the signature/heuristics associated with that now sometimes unfortunately collides with other Delphi apps.

瞳孔里扚悲伤 2024-08-27 16:38:45

我认为您有两种选择:

a)将您的自动更新程序作为误报提交给所有这些公司(并对检测到的任何新版本执行此操作)。确保您的元数据正确并可能进行签名,让他们更轻松。

b) 拆分功能,这样您就不需要从 Internet 下载文件、覆盖文件和修补文件的单个 Delphi 程序。

I think you have two choices:

a) Submit your auto-update program as a false positive to all those companies, (and do so for any new versions that are detected). Make it easier for them by ensuring your meta-data is correct and signing perhaps.

b) Split up the functionality so you don't have a single Delphi program that downloads files from the internet, overwrites files and patches files.

南巷近海 2024-08-27 16:38:45

这取决于 - 如果数百个用户位于公司网络上,使用由组策略管理的同一企业防病毒软件,一种解决方案可能是将您的软件指定为防病毒程序包中的例外。

It depends - if the 100s of users are on a corporate network, using the same enterprise antivirus software administered by group policy, one solution could be to specify your software as an exception in your antivirus package.

╰つ倒转 2024-08-27 16:38:45

我会尝试重构程序,更改名称,更改过程和方法的顺序,一些程序结构,删除、替换和添加代码。

将每个更改提交到 VirusTotal。

您最终可能会发现导致问题的原因。

I would try to refactor the program, changing names, changing the order of the procedures and methods, some program structures, removing, replacing, and adding code.

Submit each change to VirusTotal.

You might eventually detect what is causing the problem.

七色彩虹 2024-08-27 16:38:45

如果你的程序“修改”了一个可执行文件,它就会被很多反病毒程序获取。
我什至见过 Borland 的补丁程序,它是与 Delphi 7 一起发布的,当从 CD 上重新安装时,该程序被标记为普通病毒。

我不确定您对此能做些什么,除非您可以在 AV 程序中关闭该“功能”或有权为其添加例外。就我个人而言,我认为这只是 AV 软件编写者创造的一种懒惰的“包罗万象”。

If your program "modifies" an executable, it will be picked up by a lot of AV programs.
I've even seen Borland's patch program that was distributed with Delphi 7 flagged as a generic virus when installed fresh off the CD.

I'm not sure there is much you can do about it, unless you can turn that "feature" off in the AV program or have the rights to add an exception for it. Personally, I think it's just a lazy "catch-all" created by the AV software writers.

忱杏 2024-08-27 16:38:45

反病毒软件还会检查导入表中是否有病毒中使用的常见 API,尽管我在扫描报告中没有看到任何会触发反病毒软件的 API。

AV software also check the Import Table for common API used in viruses, though I don't see any API that will trigger the AV software in the scan report.

巨坚强 2024-08-27 16:38:45

请参阅我的帖子 任何遇到 delphi 2010 问题的人和诺顿互联网安全。最近,我在使用 Delphi 7 编译的程序(以及使用其他编译器编译的程序)时也遇到了 SONAR 错误。

我将此问题报告给诺顿,另请参阅 hot诺顿董事会的问题

当然这只是诺顿,你没有指定你遇到了哪些病毒检查程序。

See my post at anyone having problems with delphi 2010 and norton internet security. Lately I have been getting SONAR errors too with Delphi 7 compiled programs (and by programs compiled with other compilers).

I reported this to Norton, look also at hot issues at Norton board.

Of course this is only Norton, you don't specify which virus checkers you encountered.

乜一 2024-08-27 16:38:45

我们这里也遇到同样的问题...
防病毒软件也会检测到我们软件的某些行为。
反病毒公司并没有确切说明他们观看的内容(当然,安全问题)。
例如,当我开始使用管道时,我遇到了这个问题。

我们做了什么?我们打电话给安全公司,他们分析了我们的.exe,现在我们对他们提出了“白旗”。

...不,这不是那么快的过程。

We got the same problem here...
Ant-virus detect some behaviors of our software too.
The ant-virus company doesn't say exactly what they watch (sure, security issue).
Here for example I got this problem when I started using pipelines.

What we did ? We call the security companies, they analysed our .exe, and now we have "white flag" on them.

...No, it isn't so fast process.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文