Follow

My virus program detects a virus in your software

Oct 2012

Davton's MailChimp add-in has recently been falling foul of various anti-virus programs - which have been deleting or quarantining the addin files.

This can be very worrying for users, but all is not quite what it seems. Many anti-virus programs now quarantine any files they DO NOT RECOGNISE - even if they find no virus issues when checking the file. If the file is legitimate but has not been seen by enough Norton systems, it gets flagged as suspicious because it is not in wide circulation. This is a problem for add-ins with a specialist customer base as they are not as widely circulated as other software.

So for example with Norton anti-virus, the threat shown by Norton is WS.Reputation.1 

That is effectively a threat that Norton have not encountered this file enough times to be sure that it is valid. I.e. they don't have enough data to tell one way or the other. It does not mean they have detected a problem with the content of the file.

There is no way for us (to our knowledge) to submit files to Norton. Macafee, AVG or any other for approval, so we have to wait until we get more subscribers.

We use commercial strength Anti-virus internally and regularly scan our systems for viruses. We sign our software using commercial strength signing tools,so we know they are not tampered with. No one has reported finding a real virus in our software. Just false positives due to the reasons given above. You can be confident that you can tell Norton or whichever anti-virus software you use to allow the file to be installed and used.

Update: January 2013

Norton seems to have learned that our files do not contain a virus, but now AVG has now started flagging a MailChimp addin file as having a Trojan Horse - 'MSIL.UJ'.   AVG has no details on their site of what this trojan is, so we assume it is detected using heuristics (looking for things that might be a problem) rather than an actual Trojan they know of. Since the main task of the add-in is to copy files from Outlook to a web site (mailchimp), it may not be that surprising that it looks suspicious to a trojan horse detector which is looking for systems which do just that covertly. We have tested the file with other anti-virus and trojan detection software including Norton, and it checked it against the original we created, and as far as we can tell there is no Trojan in this file.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk