Recent

Author Topic: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe  (Read 1449 times)

fyh

  • Newbie
  • Posts: 1
virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« on: December 04, 2023, 12:01:32 pm »
I have downloaded the installer lazarus-3.0RC2-fpc-3.2.2-win32.exe. When I run it, I saw red Virus Windows pop up. What's Wrong?  Really?
My computer is WIN7 Windows PC 64bit.  And for 32bit Twain Scanner Driver  my project need,I think I should use 32bit installer.

rvk

  • Hero Member
  • *****
  • Posts: 5961
Re: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« Reply #1 on: December 04, 2023, 12:10:15 pm »
Those are all heuristic detections. Those are NOT (by any means) certain to be actual virus detections.

(These are almost certain faulty, defective and invalid detections by your virusscanner.)

You should contact your virusscanner software maker and supply them with these executable to be scanned more intensively.

For example:
https://support.avira.com/hc/en-us/articles/360000819265-What-is-a-HEUR-virus-warning-
Quote
Heuristic refers to a "preliminary detection" feature that can also detect unknown viruses. It involves a complex analysis of the affected code and scanning for virus-specific functions. If the analyzed code does meet such characteristics, it is reported as suspect.

This does not mean, however, that the code is a virus for sure; false positives may occur. Please send us the files that were heuristically detected for further analysis.

You can also put the executables in https://www.virustotal.com/ to see if they contain actual viruses.


wp

  • Hero Member
  • *****
  • Posts: 11770
Re: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« Reply #2 on: December 04, 2023, 12:31:23 pm »
It is my impression that antivirus software nowadays is more annoying for developers than the virusses themselves...

I always white-list the Lazarus folder and my project root folder in the AV scanner (including subfolders, of course).

Uploaded lazarus-3.0RC2-fpc-3.2.2-win32.exe to virustotal, and it reported that "no security vendors and no sandboxes flagged this file as malicious" (59 AV engines were used).

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9682
  • Debugger - SynEdit - and more
    • wiki
Re: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« Reply #3 on: December 04, 2023, 12:54:14 pm »
For the installer itself we provide checksums https://www.lazarus-ide.org/index.php?page=checksums

They can be verified (on Windows) using powershell or Microsoft fciv.exe (should be available from Microsoft website).

The installers have been tested on virustotal:
win64 installer E512089EC5ECAC42E2AA41E28DA4288B3DDB6AD3  lazarus-3.0RC2-fpc-3.2.2-win64.exe
https://www.virustotal.com/gui/file/57dfcf38682ebcc624e98b14a9ce9eb87e837f75c4edb280b0bbc0501d868229

And yes, sometimes there are 1 or 2 heuristics.

If you have an AV tool, the manufacturer may offer an upload for reported files, that you think are false positive. Then they will check it out, and update their signatures

rvk

  • Hero Member
  • *****
  • Posts: 5961
Re: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« Reply #4 on: December 04, 2023, 12:55:43 pm »
Uploaded lazarus-3.0RC2-fpc-3.2.2-win32.exe to virustotal, and it reported that "no security vendors and no sandboxes flagged this file as malicious" (59 AV engines were used).
And TrendMicro (maker of Antivirus One, the one in the images) is one of those 59 AV engines ;)
But the companies themselves determine the settings in virustotal

When there are a lot of false heuristic detections you probably want to disable the heuristic scan-part (which you should be able to do) or change to a better antivirusscanner.

Whitelisting the Lazarus and project folder is advised too because a antivirusscanner can really slow down things.

Thaddy

  • Hero Member
  • *****
  • Posts: 13987
  • Probably until I exterminate Putin.
Re: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« Reply #5 on: December 04, 2023, 01:18:01 pm »
The big anti virus companies usually correct such issues when alerted,
On modern Windows it is a bit silly to run an extra anti virus product over Windows Defender btw. And that one knows about FreePascal binaries....

It is better and much cheaper as in FREE and usually much better. Yes it is better than third party bloatware.

I really do not understand why one should use a third party scanner on Windows because
a. leads to such issues
b. not necesary
c. waste your and my time

Don´ t use a third party virus scanner on Windows. Their reason to exist has been taken out many moons ago already..

BTW FACT, not opinion.

The bloatware and adware should stop at least for consumer anti virus products.
After that rant, though, such companies do have products that focus on serverside protection, and Microsoft lacks there a bit unless you use their cloud products.

IOW for client side consumers third party solutions are a trap, not a solution. Get rid of those and activate defender instead.

But make sure everything is up to date.

FYI the most common mistale by third parties is the compiler finger printing, which I  and others solved with Microsoft and AVK.
Both were very helpful and fixed it in days, not weeks.

As a last point, always provide the compiler, its source, its version and the binary and source that causes the issue. A reasonable professional at such a company will always check that as Microsoft and AVR did.....

Yes, Microsoft uses FreePascal ;D O:-) :D

Note you will still get a warning as with any other compiler if the software is not signed, but that is a minor issue and I agreed with that.
« Last Edit: December 04, 2023, 01:54:13 pm by Thaddy »
Specialize a type, not a var.

Thaddy

  • Hero Member
  • *****
  • Posts: 13987
  • Probably until I exterminate Putin.
Re: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« Reply #6 on: December 04, 2023, 09:37:30 pm »
You can also put the executables in https://www.virustotal.com/ to see if they contain actual viruses.
Which puts you in the same mess.. Not good advice.
Specialize a type, not a var.

ASerge

  • Hero Member
  • *****
  • Posts: 2199
Re: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« Reply #7 on: December 04, 2023, 09:43:36 pm »
They can be verified (on Windows) using powershell or Microsoft fciv.exe (should be available from Microsoft website).
Don't need to download it. An internal utility can calculate:
Code: Text  [Select][+][-]
  1. certutil.exe -hashfile lazarus-3.0RC2-fpc-3.2.2-win64.exe SHA1
Supports MD2, MD4, MD5, SHA1, SHA256, SHA384, SHA512.

rvk

  • Hero Member
  • *****
  • Posts: 5961
Re: virus with lazarus-3.0RC2-fpc-3.2.2-win32.exe
« Reply #8 on: December 04, 2023, 11:11:01 pm »
You can also put the executables in https://www.virustotal.com/ to see if they contain actual viruses.
Which puts you in the same mess.. Not good advice.
No, because virustotal doesn't show any viruses for those executables.

And if it does for one or two, it's probably a false positive.
A real virus will show up there for a lot more engines.

 

TinyPortal © 2005-2018