Virus

Anything beyond the basics in using the LiveCode language. Share your handlers, functions and magic here.

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

Post Reply
teacherguy
Posts: 379
Joined: Thu Dec 08, 2011 2:43 am

Virus

Post by teacherguy » Thu Mar 24, 2016 12:06 am

[indent][/indent]Anyone had issues with a virus being reported, specially with Avast protection software? One of my clients reports my .exe contained: Win32:xpaj.gen

I do all coding on Macs...I've scanned my files and am not finding anything.

False positive?

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Virus

Post by FourthWorld » Thu Mar 24, 2016 5:07 am

Probably a false positive. There was a rash of false positives for LC standalones several years ago with AVG, and after some of us contacted AVG they were able to refine their detection patterns. You may want to contact Avast and see what can be done.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

thatkeith
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 346
Joined: Mon Mar 01, 2010 7:13 pm
Location: London, UK
Contact:

Re: Virus

Post by thatkeith » Mon Sep 05, 2016 3:36 pm

I had a message from someone on Friday (Sept 2nd 2016) with exactly the same question: they use Avast and they were warned about Win32:Xpaj-gen being in the zip of the app I'd just made (on a Mac; no Windows-specific infection possible). They say they are using the latest updates. It looks like Avast is a bit rubbish at keeping track of things like this. :shock: :x
Technical Writer, Meta
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Virus

Post by FourthWorld » Mon Sep 05, 2016 3:51 pm

It's not so much that Avast is "rubbish"; indeed we see false positives from most AV vendors from time to time.

It boils down to the nature of the task, the need to find a very wide range of patterns among a very large number of files in relatively small time and space constraints.

One of the more popular data structures for this sort of task is the Bloom filter:
https://en.wikipedia.org/wiki/Bloom_filter

Marvelously compact, by its design it's well known to have one key weakness: it's very good about determining negative matches with high confidence, but positives risk being false.

So good AV packages will include other patterns for secondary checking if their Bloom filter appears to find a match. In most cases this seems to work out rather well, but once every few years we see an AV package miss an update to LiveCode and incorrectly report infection.

I contacted Avast shortly after the original post in this thread, and found them very responsive and helpful. At the time they ran some tests to verify that the LC engine was indeed virus-free, and then added some patterns to their white list to exclude it from false positives.

If you find a false positive reported by any AV vendor, just write to their support staff with a link to the program in question and they'll investigate. Once they confirm it's clean, they'll usually white list it.

Fortunately this doesn't need to be done often. Since I started using the LC engine back in '98, I believe I've seen only two or maybe three cases of AV products claiming false positives. Rare as it is, it's very easy to address by working with the AV vendor.

As for Avast specifically, being primarily a Linux user I have no firsthand experience with their AV product. But I do feel obliged to report that their support staff is wonderfully responsive and astute, able and willing to take action immediately when a false positive was brought to their attention.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

thatkeith
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 346
Joined: Mon Mar 01, 2010 7:13 pm
Location: London, UK
Contact:

Re: Virus

Post by thatkeith » Mon Sep 05, 2016 4:17 pm

FourthWorld wrote:It's not so much that Avast is "rubbish"
I wasn't clear enough, I'm sorry! I didn't mean that the product was rubbish, just that the company seemed to have not kept on top of this specific detection hiccup that they had dealt with in the past. I have just posted the report on Avast's forums – thanks for the nudge. :)

k
Technical Writer, Meta
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist

thatkeith
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 346
Joined: Mon Mar 01, 2010 7:13 pm
Location: London, UK
Contact:

Re: Virus

Post by thatkeith » Tue Sep 27, 2016 1:01 pm

Belated follow-up: Avast updated the descriptions very quickly; a couple of days after reporting this I was told by someone that my app no longer triggered the warning.
Technical Writer, Meta
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist

KimD
Posts: 223
Joined: Wed Jul 08, 2015 5:51 am
Location: Wellington, New Zealand

Re: Virus WIN32:Xpaj-Gen

Post by KimD » Thu Jul 05, 2018 12:37 am

Seems to be a problem again. I'm currently developing a LC app, and my local Avast software just told me that it had quarantined my app because it contained the WIN32:Xpaj-Gen virus. This wasn't happening yesterday. Avast must have updated something.

LC9, Windows 10, Avast 18.5.2342

Post Reply

Return to “Talking LiveCode”