Page 1 of 1

Virus

Posted: Thu Mar 24, 2016 12:06 am
by teacherguy
[indent][/indent]Anyone had issues with a virus being reported, specially with Avast protection software? One of my clients reports my .exe contained: Win32:xpaj.gen

I do all coding on Macs...I've scanned my files and am not finding anything.

False positive?

Re: Virus

Posted: Thu Mar 24, 2016 5:07 am
by FourthWorld
Probably a false positive. There was a rash of false positives for LC standalones several years ago with AVG, and after some of us contacted AVG they were able to refine their detection patterns. You may want to contact Avast and see what can be done.

Re: Virus

Posted: Mon Sep 05, 2016 3:36 pm
by thatkeith
I had a message from someone on Friday (Sept 2nd 2016) with exactly the same question: they use Avast and they were warned about Win32:Xpaj-gen being in the zip of the app I'd just made (on a Mac; no Windows-specific infection possible). They say they are using the latest updates. It looks like Avast is a bit rubbish at keeping track of things like this. :shock: :x

Re: Virus

Posted: Mon Sep 05, 2016 3:51 pm
by FourthWorld
It's not so much that Avast is "rubbish"; indeed we see false positives from most AV vendors from time to time.

It boils down to the nature of the task, the need to find a very wide range of patterns among a very large number of files in relatively small time and space constraints.

One of the more popular data structures for this sort of task is the Bloom filter:
https://en.wikipedia.org/wiki/Bloom_filter

Marvelously compact, by its design it's well known to have one key weakness: it's very good about determining negative matches with high confidence, but positives risk being false.

So good AV packages will include other patterns for secondary checking if their Bloom filter appears to find a match. In most cases this seems to work out rather well, but once every few years we see an AV package miss an update to LiveCode and incorrectly report infection.

I contacted Avast shortly after the original post in this thread, and found them very responsive and helpful. At the time they ran some tests to verify that the LC engine was indeed virus-free, and then added some patterns to their white list to exclude it from false positives.

If you find a false positive reported by any AV vendor, just write to their support staff with a link to the program in question and they'll investigate. Once they confirm it's clean, they'll usually white list it.

Fortunately this doesn't need to be done often. Since I started using the LC engine back in '98, I believe I've seen only two or maybe three cases of AV products claiming false positives. Rare as it is, it's very easy to address by working with the AV vendor.

As for Avast specifically, being primarily a Linux user I have no firsthand experience with their AV product. But I do feel obliged to report that their support staff is wonderfully responsive and astute, able and willing to take action immediately when a false positive was brought to their attention.

Re: Virus

Posted: Mon Sep 05, 2016 4:17 pm
by thatkeith
FourthWorld wrote:It's not so much that Avast is "rubbish"
I wasn't clear enough, I'm sorry! I didn't mean that the product was rubbish, just that the company seemed to have not kept on top of this specific detection hiccup that they had dealt with in the past. I have just posted the report on Avast's forums – thanks for the nudge. :)

k

Re: Virus

Posted: Tue Sep 27, 2016 1:01 pm
by thatkeith
Belated follow-up: Avast updated the descriptions very quickly; a couple of days after reporting this I was told by someone that my app no longer triggered the warning.

Re: Virus WIN32:Xpaj-Gen

Posted: Thu Jul 05, 2018 12:37 am
by KimD
Seems to be a problem again. I'm currently developing a LC app, and my local Avast software just told me that it had quarantined my app because it contained the WIN32:Xpaj-Gen virus. This wasn't happening yesterday. Avast must have updated something.

LC9, Windows 10, Avast 18.5.2342