Hi folks,
I wrote a small socket client program,
always when I use the connect function the AVIRA anti virus software detects a TR/Spy.Gen virus,
(http://www.avira.com/de/index)
also a indrect call via function pointer doesn't help,
I use the 6.50 compiler version, 6.00 didn't work either,
Any chance to solve the problem ?
Thanks and regards,
Micha
We can probably help you fix it but, unfortunately none of us are mind readers. :D
We're gonna need to see your code.
Please zip up your project and attach it to your next message. If it's too big to upload (256k limit) reduce your project to the smallest amount of code that demonstrates the problem and upload that...
In general always report false positives to the security software provider.
There is no way around it in many cases.
Quote from: Stefan Pendl on July 08, 2012, 10:10:35 PM
In general always report false positives to the security software provider.
There is no way around it in many cases.
Hi Stephan... It was really fun the day EMSI decided POIDE was a virus...
Yes I know it is sometimes hard to get this pushed forward, but how would they know if you never tell them?
Some software vendors are faster and some slower to fix their bugs.
Quote from: Stefan Pendl on July 08, 2012, 10:53:58 PM
Yes I know it is sometimes hard to get this pushed forward, but how would they know if you never tell them?
Some software vendors are faster and some slower to fix their bugs.
The good news is that EMSI supports a "White list" where POIDE now proudly resides...
Unfortunately, some AV softwares have a high percentage of false-positives.
grooves, you can check Jotti's site :
http://virusscan.jotti.org/en
Vortex:
Thanks for the link, I have never thought how many viruses can be in my small program, :-),
i.e. :
PUA.Win32.Packer.PellesC400450Ex-1
Backdoor.Win32.Poison!IK
probably all socket functions are potential dangerous for anti virus scanner.
I have now splitted the client and server in two separate programs, at least AVIRA doesn't recognize
a virus now, but it is really weird.
Thanks for all comments,
Regards,
Micha
Hi Micha,
Some AV companies are not commenting correctly the MS COFF file specification and this why they have a higher rate of false-positives.
Avira is one of the badest with false positive messages.
All network activity form unknown programs are blocked...
But... you can send your coded piece of software to avira to review.
That works fine and the answer is fast that Avira is fixed for this program with the next update.