Recent

Author Topic: Virus Win.Virus.Sality  (Read 3000 times)

motaz

  • Hero Member
  • *****
  • Posts: 508
    • http://code.sd
Virus Win.Virus.Sality
« on: January 20, 2019, 02:24:49 pm »
Hello
I have uploaded Win32 application in site using CPanel, after upload it tells me that the file has affected by: Win.Virus.Sality-6820981 Virus.
Updated Microsoft Essential anti-virus couldn't detect it, while Clam AV for Linux and Windows has detected the virus and it could remove the infected files only.
Lazarus.exe and fpc bin directory were clean, but whenever I build my application and scans it, it detects that virus.
For new GUI application there is no virus detection on that exe file.
Is that real virus threat? or false alarm!, what can I do

My environment:
Windows 7 32 bit in VirtualBOX, host is Ubuntu 16.04
Lazarus 1.8.0


Thaddy

  • Hero Member
  • *****
  • Posts: 9183
Re: Virus Win.Virus.Sality
« Reply #1 on: January 20, 2019, 02:32:29 pm »
Clam has a wrong signature (again). Trust the Microsoft detection. And complain and file a bug report to ClamAv.
If possible include the sourcecode, the FPC compiler version and the specific windows version in your report.
« Last Edit: January 20, 2019, 02:34:47 pm by Thaddy »
also related to equus asinus.

motaz

  • Hero Member
  • *****
  • Posts: 508
    • http://code.sd
Re: Virus Win.Virus.Sality
« Reply #2 on: January 20, 2019, 02:43:55 pm »
Thanks for prompt response.
It seems that my virtual host is using Clam engine, so that it prevents me to upload the executable

motaz

  • Hero Member
  • *****
  • Posts: 508
    • http://code.sd
Re: Virus Win.Virus.Sality
« Reply #3 on: January 20, 2019, 03:03:59 pm »
I'll try to change linker options to produce different executable, it might distract Antivirus engine  :)

motaz

  • Hero Member
  • *****
  • Posts: 508
    • http://code.sd
Re: Virus Win.Virus.Sality
« Reply #4 on: January 20, 2019, 03:23:25 pm »
After I enabled (Generate Debugging info) and the executable becomes 88 mega instead of 7 mega, the Antivirus couldn't detect the virus, but when I compressed it using .zip format it detects the virus in compressed file