How to report false positive

[JEfromCanada]

I write software using the 'C' language.  Today, one of my own programs that was written and compiled a few years ago triggered an alert from Avast  (Win32:Small-DDW [Trj])

I'd like to know whether I have unwittingly used a coding technique that is now considered a Trojan, or whether there is an error (or false positive) in the Avast program.

How do I go about investigating this?

[oldman]

Submit the file to virustotal

http://www.virustotal.com/xhtml/index_en.html

or jotti

http://virusscan.jotti.org/

both are online scanners

If they are clean, submit them to Avast. You can do that from the chest or zip them, with a password. Include the password in the body of the e-mail along with a brief discription of why you think it is a false positive and mabe a link to this thread. Sent it to virus @avast.com  without the space.

If you feel it is clean add it to the exclution lists in both on access and on demand modules.

No quarentee when they would be added.

HTH

[JEfromCanada]

Submit the file to virustotal

http://www.virustotal.com/xhtml/index_en.html

[snip]

I submitted the file to the online service, and all but two of the services found it clean (ironically, Avast found it clean as well!)

[igor]

Why ironically? It has already been fixed.

[JEfromCanada]

What's going on?  Avast found another this morning, and when I went through the online scanner, three services considered the file sub-normal (and again, Avast had no problem).

The files I create (for my own use) could, I suppose, be classified as web spiders, although they are highly targeted.  Both programs are pointed at known starting points and are programmed to retrieve HTML pages, parse them for specific links (these are drill-down data links, not email addresses or anything like that), and follow those links, parsing the data in them.

The "baseball.exe" file is intended to read baseball game box-scores and accumulate performance data on the players involved in the game, while the "dailyupdates.exe" file is intended to find information about players who have been traded or placed on the disabled list.

The "baseball.exe" file was written/compiled in August 2002, and "dailyupdates.exe" was last modified/compiled in July 2005.  I don't understand why, all of a sudden, they are considered trojans.

[JEfromCanada]

Why ironically? It has already been fixed.

I said "ironically" because I hadn't technically reported it as a false positive - I was only trying to test whether I should report it as false positive.

Thank you very much for such incredibly fast response!

[igor]

I saw your message and told the virus guys to change the detection; if avast! detects some C-runtime (or whatever was it), it might have quite a significant effect.
Anyway, can you please submit the file anyway (e.g. that program of yours), as already mentioned here? I think it would be useful to include it into our "cleanset" - so that the problem doesn't occur again in the future. Thanks!