Virus
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
-
- Posts: 379
- Joined: Thu Dec 08, 2011 2:43 am
Virus
[indent][/indent]Anyone had issues with a virus being reported, specially with Avast protection software? One of my clients reports my .exe contained: Win32:xpaj.gen
I do all coding on Macs...I've scanned my files and am not finding anything.
False positive?
I do all coding on Macs...I've scanned my files and am not finding anything.
False positive?
-
- VIP Livecode Opensource Backer
- Posts: 9823
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: Virus
Probably a false positive. There was a rash of false positives for LC standalones several years ago with AVG, and after some of us contacted AVG they were able to refine their detection patterns. You may want to contact Avast and see what can be done.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- VIP Livecode Opensource Backer
- Posts: 346
- Joined: Mon Mar 01, 2010 7:13 pm
- Location: London, UK
- Contact:
Re: Virus
I had a message from someone on Friday (Sept 2nd 2016) with exactly the same question: they use Avast and they were warned about Win32:Xpaj-gen being in the zip of the app I'd just made (on a Mac; no Windows-specific infection possible). They say they are using the latest updates. It looks like Avast is a bit rubbish at keeping track of things like this.
Technical Writer, Meta
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist
-
- VIP Livecode Opensource Backer
- Posts: 9823
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: Virus
It's not so much that Avast is "rubbish"; indeed we see false positives from most AV vendors from time to time.
It boils down to the nature of the task, the need to find a very wide range of patterns among a very large number of files in relatively small time and space constraints.
One of the more popular data structures for this sort of task is the Bloom filter:
https://en.wikipedia.org/wiki/Bloom_filter
Marvelously compact, by its design it's well known to have one key weakness: it's very good about determining negative matches with high confidence, but positives risk being false.
So good AV packages will include other patterns for secondary checking if their Bloom filter appears to find a match. In most cases this seems to work out rather well, but once every few years we see an AV package miss an update to LiveCode and incorrectly report infection.
I contacted Avast shortly after the original post in this thread, and found them very responsive and helpful. At the time they ran some tests to verify that the LC engine was indeed virus-free, and then added some patterns to their white list to exclude it from false positives.
If you find a false positive reported by any AV vendor, just write to their support staff with a link to the program in question and they'll investigate. Once they confirm it's clean, they'll usually white list it.
Fortunately this doesn't need to be done often. Since I started using the LC engine back in '98, I believe I've seen only two or maybe three cases of AV products claiming false positives. Rare as it is, it's very easy to address by working with the AV vendor.
As for Avast specifically, being primarily a Linux user I have no firsthand experience with their AV product. But I do feel obliged to report that their support staff is wonderfully responsive and astute, able and willing to take action immediately when a false positive was brought to their attention.
It boils down to the nature of the task, the need to find a very wide range of patterns among a very large number of files in relatively small time and space constraints.
One of the more popular data structures for this sort of task is the Bloom filter:
https://en.wikipedia.org/wiki/Bloom_filter
Marvelously compact, by its design it's well known to have one key weakness: it's very good about determining negative matches with high confidence, but positives risk being false.
So good AV packages will include other patterns for secondary checking if their Bloom filter appears to find a match. In most cases this seems to work out rather well, but once every few years we see an AV package miss an update to LiveCode and incorrectly report infection.
I contacted Avast shortly after the original post in this thread, and found them very responsive and helpful. At the time they ran some tests to verify that the LC engine was indeed virus-free, and then added some patterns to their white list to exclude it from false positives.
If you find a false positive reported by any AV vendor, just write to their support staff with a link to the program in question and they'll investigate. Once they confirm it's clean, they'll usually white list it.
Fortunately this doesn't need to be done often. Since I started using the LC engine back in '98, I believe I've seen only two or maybe three cases of AV products claiming false positives. Rare as it is, it's very easy to address by working with the AV vendor.
As for Avast specifically, being primarily a Linux user I have no firsthand experience with their AV product. But I do feel obliged to report that their support staff is wonderfully responsive and astute, able and willing to take action immediately when a false positive was brought to their attention.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- VIP Livecode Opensource Backer
- Posts: 346
- Joined: Mon Mar 01, 2010 7:13 pm
- Location: London, UK
- Contact:
Re: Virus
I wasn't clear enough, I'm sorry! I didn't mean that the product was rubbish, just that the company seemed to have not kept on top of this specific detection hiccup that they had dealt with in the past. I have just posted the report on Avast's forums – thanks for the nudge.FourthWorld wrote:It's not so much that Avast is "rubbish"
k
Technical Writer, Meta
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist
-
- VIP Livecode Opensource Backer
- Posts: 346
- Joined: Mon Mar 01, 2010 7:13 pm
- Location: London, UK
- Contact:
Re: Virus
Belated follow-up: Avast updated the descriptions very quickly; a couple of days after reporting this I was told by someone that my app no longer triggered the warning.
Technical Writer, Meta
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist
University Lecturer
Technical Editor, MacUser (1996-2015)
360 VR media specialist
Re: Virus WIN32:Xpaj-Gen
Seems to be a problem again. I'm currently developing a LC app, and my local Avast software just told me that it had quarantined my app because it contained the WIN32:Xpaj-Gen virus. This wasn't happening yesterday. Avast must have updated something.
LC9, Windows 10, Avast 18.5.2342
LC9, Windows 10, Avast 18.5.2342