我尝试通过电子邮件发送使用 Delphi 构建的 DLL 文件,但收到一封拒绝电子邮件报告:
“您的电子邮件被拒绝,因为它包含 Trojan.Delf-9364”,
因此我将文件上传到 http://scanner.novirusthanks.org 果然,其中一台病毒扫描程序报告呈阳性:
“F-PROT6 20100630 4.5.1.85 W32/Swizzor- based.2!Maximus”
然后我构建了一个空的 exe 文件(文件 - 新建 - VCL 表单应用程序)并再次上传,这次我得到另一个肯定信息:
“VBA32 01/07/2010 3.12.12.2 Trojan.Win32.Swisyn。 acyl"
更多详细信息请参见:http://scanner.novirusthanks.org/analysis/e59033c40f1a6e37c210cb1c 4f40f059/UHJvamVjdDEuZXhl /
所以我不知道如何解释这些结果。以上都是误报,是我的计算机感染了感染所有二进制文件的病毒,还是我的 Delphi 副本感染了 Delphi 特定病毒?我使用 AVG 防病毒软件,它报告我的计算机没有任何问题。也许使用 Delphi 2010 的其他人可以尝试上传 project1.exe 并看看他们是否收到不同的结果?
I tried to email a DLL-file built with Delphi but received an rejection email reporting:
"Your email was rejected because it contains the Trojan.Delf-9364"
So I uploaded the file to http://scanner.novirusthanks.org and sure enough it reports a positive in one of the virus scanners:
"F-PROT6 20100630 4.5.1.85 W32/Swizzor-based.2!Maximus"
I then built a empty exe-file (File - New - VCL Forms Application) and uploaded again, this time I get another positive:
"VBA32 01/07/2010 3.12.12.2 Trojan.Win32.Swisyn.acyl"
More details here: http://scanner.novirusthanks.org/analysis/e59033c40f1a6e37c210cb1c4f40f059/UHJvamVjdDEuZXhl/
So I'm not sure how to interpret these results. Are all the above false positives, are my computer infected with a virus that infects all binaries, or is my copy of Delphi infected with a Delphi-specific virus? I use AVG antivirus and it reports no problems on my computer. Perhaps someone else with Delphi 2010 can try uploading a project1.exe and see if they receive different results?
发布评论
评论(3)
我认为这是误报。这里还有更多关于 Delphi 应用程序被检测为病毒的问题,但这些都是误报。
将此报告为误报。
有一种病毒通过修改 SysConst.pas 并编译它来感染您的 Delphi 安装 (4,5,6,7),并在您的 lib 目录中留下 SysConst.bak。你可以检查一下。请点击此链接了解更多信息:http://www.securelist.com/en/weblog ?weblogid=208187826
但是您使用的是 Delphi 2010,因此您不会受到该病毒的影响。
I think it is a false positive. There have been more questions here about Delphi applications detected as virus, but those were all false positives.
Report this as a false positive.
There is a virus that infects your Delphi installation (4,5,6,7) by modifying SysConst.pas and compiling it, leaving a SysConst.bak in your lib directory. You can check for this. Follow this link for more information: http://www.securelist.com/en/weblog?weblogid=208187826
But you are on Delphi 2010, so you are not affected by that virus.
是的,我刚刚从 D2010 上传了一个空白项目,也得到了“VBA32 01/07/2010 3.12.12.2 Trojan.Win32.Swisyn.acyl”。对我来说看起来像是误报。
这种情况过去已经发生过几次。 Delphi 非常擅长创建运行良好且快速的软件。但不幸的是,即使所讨论的“软件”是邪恶的,情况也是如此。它被如此广泛地用于邪恶目的,以至于发生了一些反病毒制造商在其定义中插入实际上是 VCL 或 RTL 一部分的“病毒签名”的事件。看来类似的事情又发生了。您应该将此报告为误报。
Yeah, I just uploaded a blank project from D2010 and got "VBA32 01/07/2010 3.12.12.2 Trojan.Win32.Swisyn.acyl" too. Looks like a false positive to me.
This has happened a few times in the past. Delphi's very good at creating software that works well very quickly. But unfortunately, that holds true even when the "software" in question is evil. It's been so widely used for nefarious purposes that there have been a few incidents of antivirus makers inserting a "virus signature" in their definitions that was actually part of the VCL or RTL. Looks like something similar's happened again. You ought to report this as a false positive.
@VilleK尝试将程序集信息提供给Delphi项目,例如名称,版本等。我有时也遇到过类似的情况。
检查 Delphi 7、MCafee 和病毒 了解更多的 。我觉得这也适用于 Delphi 2010。
@VilleK try giving the Assembly information to the Delphi Project like Name , Version etc . I too faced the similar situation sometimes back .
Check Delphi 7 , MCafee and Virus to know more . I feel this applies to Delphi 2010 too .