"unsafe"

[rejetto]

i've just sent this message to bitdefender

Dear sirs, it is unfortunate that your product is reporting mine as being "unsafe".
You can check at https://sourceforge.net/projects/hfs/malware

and see that the files are reported as "a variant of Win32/Server-Web.HFS.A potentially unsafe application"

my software is called HFS and is a web server, the original one not a variant, and it's perfectly safe.
I would appreciate to be informed on the reasons that led you to mark it as "unsafe".
Best regards,

[Mars]

Nothing really worrying if we refer to the majority of detections 

result of online scan at https://virusscan.jotti.org/en-US

Name:   hfs rejetto.zip
Size:     1.03MB (1,078,385 bytes)
Type:   Zip archive
First seen:     May 26, 2016 at 6:35:25 PM GMT+2
MD5:   9798035fc1ecd1114a4100438837b021
SHA1:   0e615c489988900581b4ea6738e173e698957485
Status:   Scan finished. 2/19 scanners reported malware.
Scan taken on:   May 26, 2016 at 6:35:27 PM GMT+2

Lavasoft Ad-Aware May 26, 2016 Found nothing
Arcabit AntiVirus May 26, 2016 Found nothing
Avast! Antivirus May 26, 2016 Found nothing
AVG May 26, 2016 Found nothing
Avira AntiVir May 26, 2016 Found nothing
BitDefender Antivirus May 26, 2016 Found nothing
ClamAV May 26, 2016 Found nothing
Dr. Web May 26, 2016 Found nothing
MicroWorld eScan May 26, 2016 Found nothing
ESET May 26, 2016 Win32/Server-Web.HFS.A
Fortinet May 26, 2016 Found nothing
F-PROT Antivirus May 26, 2016 Found nothing
F-Secure Anti-Virus May 26, 2016 Found nothing
Ikarus May 26, 2016 Found nothing
Kaspersky Anti-Virus May 26, 2016 Found nothing
Quick Heal May 25, 2016 RiskTool.HFSServerWeb.A10
Sophos May 26, 2016 Found nothing
Trend Micro Antivirus May 25, 2016 Found nothing
VBA32 May 25, 2016 Found nothing

result of online scan at  http://www.virscan.org/scan

Scanner    Engine Ver    Sig Ver    Sig Date    Scan result    Time
ahnlab    9.9.9    9.9.9    2013-05-28    Found nothing    4
antivir    1.9.2.0    1.9.159.0    7.12.93.198    Found nothing    16
antiy    AVL SDK 2.0       1970-01-01    Found nothing    30
arcavir    1.0    2011    2014-05-30    Found nothing    8
asquared    9.0.0.4799    9.0.0.4799    2015-03-08    Found nothing    1
avast    160525-0    4.7.4    2016-05-25    Found nothing    37
avg    2109/11781    10.0.1405    2016-05-23    Found nothing    1
baidu    2.0.1.0    4.1.3.52192    2.0.1.0    Found nothing    4
baidusd    1.0    1.0    2014-04-02    Found nothing    1
bitdefender    7.58879    7.90123    2015-01-16    Found nothing    1
clamav    21604    0.97.5    2016-05-25    Found nothing    2
comodo    15023    5.1    2016-05-25    Found nothing    3
ctch    4.6.5    5.3.14    2013-12-01    Found nothing    1
drweb    5.0.2.3300    5.0.1.1    2016-05-24    Found nothing    53
fortinet    34.915, 34.915, 34.915, 34.915    5.4.233    2016-05-26    Found nothing    1
fprot    4.6.2.117    6.5.1.5418    2016-02-05    W32/Felix:CO:Delphi!Eldorado    1
fsecure    2015-08-01-02    9.13    2015-08-01    Found nothing    6
gdata    25.6707    25.6707    2016-05-25    Found nothing    8
hauri    2.73    2.73    2015-01-30    Found nothing    1
ikarus    1.06.01    V1.32.31.0    2016-05-25    Found nothing    13
jiangmin    16.0.100    1.0.0.0    2016-05-25    Found nothing    1
kaspersky    5.5.33    5.5.33    2014-04-01    Found nothing    19
kingsoft    2.1    2.1    2013-09-22    Found nothing    3
mcafee    7879    5400.1158    2015-07-31    Found nothing    8
nod32    1777    3.0.21    2015-06-12    Found nothing    1
panda    9.05.01    9.05.01    2016-05-25    Found nothing    4
pcc    12.548.07    9.500-1005    2016-05-25    Found nothing    1
qh360    1.0.1    1.0.1    1.0.1    Found nothing    6
qqphone    1.0.0.0    1.0.0.0    2015-12-30    Found nothing    1
quickheal    14.00    14.00    2016-05-24    RiskTool.HFSServerWeb.A10    2
rising    26.20.01.02    26.20.01.02    2016-05-24    Found nothing    4
sophos    5.17    3.60.0    2015-08-01    Found nothing    7
sunbelt    3.9.2671.2    3.9.2671.2    2016-05-23    Found nothing    2
symantec       1.3.0.24       Found nothing    1
tachyon    9.9.9    9.9.9    2013-12-27    Found nothing    3
thehacker    6.8.0.5    6.8.0.5    2016-05-23    Found nothing    1
tws    17.47.17308    1.0.2.2108    2016-05-25    Found nothing    6
vba    3.12.26.4    3.12.26.4    2016-05-25    Found nothing    4
virusbuster    15.0.985.0    5.5.2.13    2014-12-05    Found nothing    15

[LeoNeeson]

@Rejetto: Oh, don't worry, like Mars said, those false positive are just a minority.

Just thinking loud: maybe if you "sign" your .exe, all the Antivirus false positive could be gone, since "they" would know for sure that's "your release" and not a "variant" released by someone else.

Normally this is not free, but searching on Google "Signing EXE files for free", I did get this, this, and this info.

[rejetto]

strange, in your scans bitdefender is not reporting risks.
sourceforge claims is using it.

i don't think "variant" is the key word here, just some security tools stating that HFS is "risky" stuff, and i don't see why.
It's neither about the scripting capability, as it was introduced in 2.3 and this story started before it.

[bmartino1]

most "high business end company" like defended / macfee / norton / karspaky will flag a  program due to the fact of its ability to open a socket and run a  server.

in this case, bit defend saw that it was opening a web server for http, there a rule in the programs virus search definitions to detect that, and so the program was flaged.

it bad virus scan defention that caused it to be flaged, nothing to due with HFS it self...

[LeoNeeson]

I guess antivirus companies are not very friendly with open source programs. And they see every server as a potential risk, and even more if it's open source, since anyone can build your own copy. If you can sign your .exe easily, go ahead, since you will gain the trust from Antivirus companies, and they can't come with that 'variant' excuse anymore. But like I've said, I don't see the point to be worried for just 2 or 3 false positives.

[rejetto]

do you mean they flag every bloody server out there?
i don't think so.
the false positives worry me when it's a very common antivirus doing it.

[LeoNeeson]

They mainly automate his antivirus engines, so, IMHO if you digitally sign your .exe, they can easily add permanently an exception on your program (since they will check your signature in future versions, and if it match yours, they can be sure it's safe). If they find an 'unsigned' exe, they can safely mark it as 'variant'. It has logic, since it adds trust. I think the signature is important for them (especially on open source apps). Ask them if signing the program will change things or not.

> More info on how to digitally sign executables, here, here, here & here. The hard part is to find a free certificate authority (CA) that issues code signing certificates (most of them are only for SSL/TLS server authentication). Certum.eu has Open Source Code Signing for €14. I really don't know if it's worth all the trouble of digitally signing the program, but the decision is yours.

[Mars]

It is unlikely that adding a security certificate makes the antivirus as mildest, once a opensource software is subject to change in bad intensions, viral suspicion is perhaps hfs.exe be due to be a signature corresponding to code from a library used to run the program, so that no information on the detection method will be clarified, there will always be alerts from antivirus

[LeoNeeson]

Well, it was just an idea. If digitally signing doesn't change things, then, I think there is nothing that can be done to change this situation. My suggestion is don't start 'playing their game' (about 'fear'). If they want to say HFS is a virus, then is a virus for them. For the users, having access to the source code and disabling or adding an exception is enough (at least for me).

There is even a movie about this...
(click on the image to enlarge)


Talking seriously, this should not happen, but it's their fault. On old versions, you were using UPX to compress the file, and then you stopped using it because the antivirus were giving false positives on its use. Then antivirus were happy for a while. And now some antivirus are unhappy again. Who can understand them?...

WARNING: All the text written here is a parody of life. Any similarity with reality is purely coincidental. "I've lost my trust on antivirus long time ago. And I'm 100% sure if HFS had a good backdoor from 'you know who', then it will be clean for every antivirus out there. Look Win10, it's a spyware in all of his glory, and you will not find a single antivirus saying "your system is infected", right after being installed. Antivirus are out there for profit, and not always to protect your computer. It piss me off all this situation. There are three kind of things I hate in the computer industry: hackers, antivirus, and virus makers (life would be a dream without all them). If you start playing the game with any of them, you'll loose for sure. I'm glad ReactOS is coming for saving us all (at least they are trying). And if ReactOS fails, then is Linux."

[Mars]

probably because uncompressed, the size of the executable is four times larger
it gives them more work, suddenly they are not happy


they must necessarily take revenge in one way or another 

[bmartino1]

I guess antivirus companies are not very friendly with open source programs. And they see every server as a potential risk, and even more if it's open source, since anyone can build your own copy. If you can sign your .exe easily, go ahead, since you will gain the trust from Antivirus companies, and they can't come with that 'variant' excuse anymore. But like I've said, I don't see the point to be worried for just 2 or 3 false positives.

i recommend ditalg signing, but that won't stop AV from detecting it as a "virus / risk ware" ... i know many site and bad programs that are digitaly signed, but they are still  bad progrmas and scammers... digtal signing just means you took the time to give the program your "contact" information...

in the long run it not necsay....

[LeoNeeson]

probably because uncompressed, the size of the executable is four times larger
it gives them more work, suddenly they are not happy


they must necessarily take revenge in one way or another 

LOL, that surely was the problem!

i recommend ditalg signing, but that won't stop AV from detecting it as a "virus / risk ware" ... i know many site and bad programs that are digitaly signed, but they are still  bad progrmas and scammers... digtal signing just means you took the time to give the program your "contact" information...

in the long run it not necsay....

Thanks for the info, so Digital Signing is useless for this problem.


I've found two articles explaining this 'old' big problem with antivirus:
- Antivirus companies cause a big headache to small developers.
- An open letter for Antiviral software companies.

[rejetto]

14€ (+tax) /year would be ok, but it takes time.
i will consider it when i have some time.
thanks

[lorgarth]

I am seeing this also with Windows 10 defender and Malwarebytes.

Trojan:Win32/Spallowz.A!cl
Alert level: Severe