-3

My Delphi XE2 programs are always detected as containing a virus on Jotti by ClamAV, while other virus scanners do not detect anything:

enter image description here

AFAIK, ClamAV is often used with mail servers. So do I have to fear that end-users will get a virus warning when sending my program by e-mail (even when zipped)?

How can this be avoided?

user1580348
  • 5,721
  • 4
  • 43
  • 105
  • 2
    Submit your program to the av company – David Heffernan Jun 29 '14 at 19:14
  • Maybe they're still having [`problems with PUA detection`](http://forums.clamwin.com/viewtopic.php?p=15587#15587). – TLama Jun 29 '14 at 19:20
  • Please try to send your own Delphi programs to Jotti. Are they also detected as false-positive? – user1580348 Jun 29 '14 at 19:28
  • Er no. You can send your own program to the av vendor. Why would we do that? – David Heffernan Jun 29 '14 at 19:30
  • To get information also for other people whether Delphi programs GENERALLY are detected as false-positive by ClamAV. PS: Maybe this is a misunderstanding: I meant to send them to Jotti for TESTING! Jotti is a TESTING service! – user1580348 Jun 29 '14 at 19:32
  • 1
    Many malware makers like Delphi. Idiot AV vendors sometimes use part of the runtime library as a signature. – Loren Pechtel Jun 29 '14 at 20:15
  • 1
    -1 this question does not belong on SO. – Peter Jun 29 '14 at 20:39
  • 1
    Do you use a packer like UPX? This increase the number of false positive by an big ratio, [without any real benefit](http://stackoverflow.com/questions/353634). It is preferred to zip the exe before running it. – Arnaud Bouchez Jun 29 '14 at 21:18
  • @ArnaudBouchez No, I don't use the UPX packer for this exact reason. The programs are just normally compiled by Delphi XE2. (Default Release build) – user1580348 Jun 29 '14 at 22:04
  • @user1580348, If you google the title of your question : `Delphi programs are detected as false-positive` you have a 100% chance of finding an answer to your question in the top 5 search result links. I hope you understand now why this question shouldn't be asked in the first place. – Peter Jun 29 '14 at 22:43
  • @user1580348, It's not illogical when you actually read the guidelines. That would be the logical thing to do, just as it is logical to first research your problem before posting another useless question. Your question is a duplicate at best and I'm sorry if my opinion upsets you, I would suggest that you next time properly research on your problem prior to posting. – Peter Jun 30 '14 at 17:15

1 Answers1

2

This is a Possibly Unwanted Applications according to them and you can't report PUAs on their false positive upload form.

Their contacts page shows two possible avenues you can follow: subscribe and post to their ClamAV mailing-list, or file a bug report in Bugzilla.

A strong argument when reporting is that no one else flags your programs.

Did you also try Virustotal?

Jan Doggen
  • 8,799
  • 13
  • 70
  • 144
  • Strange: When scanned on VirusTotal, ClamAV does not report a false-positive with the **SAME** program! (While on Jotti it is reported, see the above screenshot). – user1580348 Jun 29 '14 at 19:52
  • It may be that Virustotal has PUA detection off, while Jotti has it on. See the notes in TLamas's link. – Jan Doggen Jun 29 '14 at 20:26