Sign in to follow this  
Followers 0
Jango

Avast report AutoIT script as virus

7 posts in this topic

#1 ·  Posted (edited)

Hello,

I know that many post have been already done on the subject but it's sometime necessary to insist. Today our Avast 4.7 reported many of our script as virus.

This is totaly false. To reproduce it's really very easy. Write this simple script and compile:

Run("notepad.exe")

avast! [XXXXXX] : Fichier "C:\test.exe" est infecté par "Win32:Sohanad-AS [Wrm]" virus.

"Client-Scan Local Disks" tâche utilisée

La version actuelle du fichier VPS est 071219-0, 19/12/2007

It's really a shame that a company like Avast do such thing without worriyng about consequence. AutoIT conceptors must complain about such methods.

Edited by Jango

Share this post


Link to post
Share on other sites



Hello,

I know that many post have been already done on the subject but it's sometime necessary to insist. Today our Avast 4.7 reported many of our script as virus.

Insist for what ?

Other then reporting it to the AV company as false positive, there's not much you can do.


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Insist for what ?

Other then reporting it to the AV company as false positive, there's not much you can do.

AutoIT is a great and very used scripting language so many ppl will have problems.

From Avast (the company) It's not a professional approach to exclude like that ALL AutoIT script just because someone used it to do some malware.

Just writing Run("...") can't be considered as a virus ... it's a big error from Avast ... it's like consider .bat containing a .exe command as a virus.

I wrote an email to Avast to protest.

With this post i just want to inform you about this.

Share this post


Link to post
Share on other sites

AutoIT is a great and very used scripting language so many ppl will have problems.

From Avast (the company) It's not a professional approach to exclude like that ALL AutoIT script just because someone used it to do some malware.

Just writing Run("...") can't be considered as a virus ... it's a big error from Avast ... it's like consider .bat containing a .exe command as a virus.

I wrote an email to Avast to protest.

With this post i just want to inform you about this.

Just making sure here that you understand that there isn't much we can do :)

To inform people about it is fine but it would then be useful to also specify the AutoIt3 version you are using since its very likely the False positive is only for one specific version of AutoIt3.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Just making sure here that you understand that there isn't much we can do :)

To inform people about it is fine but it would then be useful to also specify the AutoIt3 version you are using since its very likely the False positive is only for one specific version of AutoIt3.

Jos

Thank you Jos, i just upgraded to 3.2.10.0 from 3.2.8.1 and it solved this problem. I will report this information to Avast too.

Share this post


Link to post
Share on other sites

I would like to let you know the answer from avast:

Monsieur,

on est desole pour avoir cause un tel probleme - ce que vous observez est une fausse detection par avast!, probleme que sera resolu par la prochaine mise a jour (ce soir ou demain j´espere).

On s´excuse sincerement pour tout inconveniant.

And translated with google:

Sir,

We are sorry to have such a problem because-what you see is a false detection by avast!, That problem will be resolved by the next update (tonight or tomorrow j).

We sincerely apologizes for any inconveniant.

Thanks to AutoIT dev team but also to avast for the fast and good answer to the problem.

Share this post


Link to post
Share on other sites

I would like to let you know the answer from avast:

And translated with google:

Sir,

We are sorry to have such a problem because-what you see is a false detection by avast!, That problem will be resolved by the next update (tonight or tomorrow j).

We sincerely apologizes for any inconveniant.

Thanks to AutoIT dev team but also to avast for the fast and good answer to the problem.

Thanks for reporting that directly to the AV vendor, and for posting their response. This is the important part. That the vendors get the reports of false positives, and that the forum logs the responses by the vendors.

Thanks to Avast again, for the prompt response (assuming, of course, the corrected definitions actually appear).

Be sure to test with the updated definitions and post confirmation that it's fixed.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0