Lazarus

Programming => General => Topic started by: Mando on June 19, 2017, 10:32:53 am

Title: Lazarus.exe v.1.8RC2 VIRUS ALERT
Post by: Mando on June 19, 2017, 10:32:53 am

Hi, all:

I had a virus scan with 360Total security and It found that Lazarus.exe had a virus.

It's a false positive? Can i trust in lazarus?

How can relsolve this?


Regards.

Title: Re: Lazarus.exe v.1.8RC2 VIRUS ALERT
Post by: wp on June 19, 2017, 10:46:42 am

If you have the exe from the official site (See "Lazarus downloads (Laz+FPC)" on the left panel) I would say: false positive. I checked both 32 and 64 bit windows versions with VirusTotal: 0 positives out of 65

Title: Re: Lazarus.exe v.1.8RC2 VIRUS ALERT
Post by: Handoko on June 19, 2017, 10:51:59 am

@Mando

Did the checksum of the installer change? If yes then your computer may already infected by virus. If no, it could be false alarm. It is not uncommon, the best thing to do is to test it using more antiviruses.

http://www.lazarus-ide.org/index.php?page=checksums#1_8_0RC2

https://en.wikipedia.org/wiki/Antivirus_software#Problems_caused_by_false_positives

Title: Re: Lazarus.exe v.1.8RC2 VIRUS ALERT
Post by: Ñuño_Martínez on June 19, 2017, 11:53:59 am

It is sadly common that Pascal applications (both Lazarus /FPC and Delphi ones) generate false positives in some antivirus. It is an old issue and I had some interesting e-mail interchange with Panda and AVG staff back in the days I used Delphi 6 because I wasn't able to install my applications to my customer computers because that.

Title: Re: Lazarus.exe v.1.8RC2 VIRUS ALERT
Post by: sam707 on June 19, 2017, 02:21:08 pm

an interesting and clever point of view from gulyone is on the following link  8-)
http://www.pilotlogic.com/sitejoom/index.php/forum/forums-general/3827-ct-files-infected-by-viruses (http://www.pilotlogic.com/sitejoom/index.php/forum/forums-general/3827-ct-files-infected-by-viruses)

Title: Re: Lazarus.exe v.1.8RC2 VIRUS ALERT
Post by: RAW on June 19, 2017, 02:43:50 pm

Quote

an interesting and clever point of view from gulyone is on the following link  8-)

THUMBS UP !!!

A very similar topic is certificates...  :)

Title: Re: Lazarus.exe v.1.8RC2 VIRUS ALERT
Post by: Martin_fr on June 19, 2017, 03:02:45 pm

There are various steps you can do:

As mentioned, ensure the checksum of the installer.
Microsoft provides some tools
1) fciv.exe  Afaik at https://www.microsoft.com/en-gb/download/details.aspx?id=11533
2) a power shell script for sha256 / google

The files at sourceforge are checked against viruses.
- installers are checked by sourceforge itself
- installers that are within the permitted size limit are uploaded to either https://www.metadefender.com/ or https://virustotal.com/
- random files from the installation are uploaded to the above sites.


You can upload files yourself, to the above sites.
In case of alerts, it may help to use the "strip" utility (fpc/bin folder) to remove debug info. Debug info can also trigger false alerts.


Check/google what the detection message from your AV means.
Often you get "heuristic" alerts.
"heuristic" means that the AV does not actually know. It has not found a known virus. It simply have found code, that may also be used by viruses. But this code can also be used by normal applications.