ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
False Positive detection of my software.
ShlomiKalfa


Joined: 16 Mar 2008
Posts: 1
Location: Moldova
Reply with quote
Hello,

My name is Mr. Shlomi Kalfa. I am the developer of a program, named (E)Lephant, which is an Internet Download Manager. It has been downloaded 67,423 times and has 62,321 registered members at the moment. On occasion, it has been falsely identified as containing a virus. I assure you it is not a Virus, Trojan, etc., and performs no malicious activities.

(E)Lephant is written in the AutoIt version 3 scripting language. I am sure you are aware that AutoIt has been a valuable tool since 1999, and is used world wide in commercial and non-commercial arenas. Unfortunately, because of it's power, it has been abused by unscrupulous individuals, and on a regular basis innocent programs, like (E)Lephant, are being falsely identified as infected by one virus detection engine or another.

I am writing to learn if there is anything I can do to eliminate, or at least reduce, false positives on my products from your detection engine. Do you have a program in which I may enroll whereby I can submit my programs to aid your efforts in providing quality viral defenses with fewer false positives?

Do you have any advice specific to AutoIt, such as the use, or non-use, of the UPX compressor, etc? Some suggest this is the major cause of false positives as it is used by many programs, not only AutoIt.

I would appreciate your clearing (E)Lephant of this current false positive condition. Please let me know if you require anything else from me.


AutoIt v3 References:

AutoIt v3 Web Site: http://www.autoitscript.com/autoit3/
AutoIt v3 forum discussions on A/V issues: http://www.autoitscript.com/forum/index.php?showtopic=34658&hl=


Sincerely,

Shlomi Kalfa

Email: shlomikalfa@yahoo.com
ICQ: 169461989
WWW: http://sk.online7casino.com/
Download: http://japan-casino.us/sk/E-lephant.0.0.1.1B_04.03_2.rar (RAR password = "elephant")
Forum: http://e-forum.online7casino.com/
View user's profileSend private message
budtse


Joined: 14 Jan 2006
Posts: 372
Location: Belgium
Reply with quote
Hello,

ClamWin only provides a GUI to the ClamAV scanning engine. The antivirus database is maintained by the ClamAV project.

Please contact the ClamAV project (http://www.clamav.org/contacts/ http://www.clamav.org/contacts/), they will be able to help you avoid these false positive warnings.

Regards,
Peter
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 898
Location: Italy
Reply with quote
unfortunately autoit is often used to make malware, perhaps you can submit it as false positive
http://cgi.clamav.net/sendvirus.cgi http://cgi.clamav.net/sendvirus.cgi
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4359
Location: USA
Reply with quote
I don't think that the UPX packer is the problem. A lot of legitimate software is packed with UPX, so any antivirus flagging UPX by itself is really using a too-cheap heuristic. I think the problem is when you include AutoIT in with the distribution of your program--it probably looks like a runtime packer, and ClamAV/ClamWin doesn't do well with them, so they are taking the safe approach. If possible, you might leave it out and see if that cures the problem. I assume your program already has the components of a valid software program--copyright notice, user menu, and help files and a good PE header.

Regards,
View user's profileSend private message
False Positive detection of my software.
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic