Author Topic: AVAST 's FASLE POSITIVES on our product!!!!!!!!!!!!! Please fix it ASAP  (Read 4270 times)

0 Members and 1 Guest are viewing this topic.

avastfalse

  • Guest
Helloļ¼

We are a security software provider in china,and we have an anti-trojan product,

Recently many users told us AVAST 4.7 Pro has false posistives on our software,

you can download it from http://www.lofocus.com/BTSetup2008.exe ,Please check it carefully,Our product is

not the virus which detected "Win32:Delf-EZM [trj],Win32:WOW-IT [trj]" by AVAST,

we hope you can resolve this false posistives as fast as you can,thanks...


BTW,I sent email to support@avast.com and virus@avast.com four days agoto report this false posistives,but still no response today.

Jahn

  • Guest
Re: AVAST 's FASLE POSITIVES on our product!!!!!!!!!!!!! Please fix it ASAP
« Reply #1 on: December 10, 2007, 09:04:53 AM »

Hmmm... Dr. Web also reports this d/l as infected...  ???

galooma

  • Guest
Re: AVAST 's FASLE POSITIVES on our product!!!!!!!!!!!!! Please fix it ASAP
« Reply #2 on: December 10, 2007, 10:05:22 AM »
have you locked or encrypted your signature files?  ;)

Nod 32 thought it was ok if thats any compensation

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: AVAST 's FASLE POSITIVES on our product!!!!!!!!!!!!! Please fix it ASAP
« Reply #3 on: December 10, 2007, 10:13:58 AM »
Your files indeed seem to contain uncrypted virus samples. In that case, we can't do anything about it - please scramble your virus database properly.

[It's possible that they are actually XORred by something - but if even the original malware file was XORred, you get the pure plaintext by using this "encryption"; so, something a bit stronger is needed.]

avastfalse

  • Guest
Re: AVAST 's FASLE POSITIVES on our product!!!!!!!!!!!!! Please fix it ASAP
« Reply #4 on: December 11, 2007, 10:29:17 AM »
Our signature files are encrypted with our special algorithms,Notice:AVAST detected our virus database infected by trojan,

but our virus database are not PE format files,so it can not do anything harmful in user systems.


This fps is  definitely made by avast,and our product's signature files definitely aren't malicious programs,

so i think this mistake should be fixed by avast,I sent mail to avast to virus@avast.com and support@avast.com again

but still has any response.


I just want to know anyone in avast can resolve this  mistake,we are very depressed for avast's services now.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: AVAST 's FASLE POSITIVES on our product!!!!!!!!!!!!! Please fix it ASAP
« Reply #5 on: December 11, 2007, 10:43:47 AM »
I know that the files are not PE files - but they still contain plaintext samples of malicious files.
I don't know what "special algorithm" you mean, but the pieces detected by avast! don't seem encrypted at all to me.
« Last Edit: December 11, 2007, 10:50:18 AM by igor »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AVAST 's FASLE POSITIVES on our product!!!!!!!!!!!!! Please fix it ASAP
« Reply #6 on: December 11, 2007, 11:42:40 AM »
Seems the same (or similar) as Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Read: http://www.avast.com/eng/virus_detection_and.html#idt_1554

Unfortunatelly, a well-known problem of Panda not encrypting its signatures  :P
Quote
Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).
The best things in life are free.