False alarms of antiviruses when checking a website and programs
Sometimes it is required to check the site for viruses, for this many use various means in this area. But they are often ineffective, and can even be harmful. As practice shows, antiviruses can falsely work on completely safe site scripts.
In addition to ordinary antiviruses, a service for checking all antiviruses at once - virustotal.com/ru , is quite popular today. It is used by many users, often before downloading a file they check it in this service. It checks links and directly files. A common situation is if any antivirus of this service nevertheless designates the file being scanned as unsafe, although other antiviruses will not find anything suspiciously. Even one trigger can make the user refuse to download or visit the site.
Why is antivirus malfunctioning ? While antiviruses deal with conventional software quite efficiently, problems arise with web scripts. The anti-virus can work falsely due to minor suspicions that a certain sequence of function calls is found in the script. A simple example, you just need to use a code like the one below, which will show the operation of some antiviruses:
Web antiviruses do not particularly understand this harmful code or not, they just need to see a certain sequence of data, as in the antivirus signature database. Therefore, if you need to completely get rid of false alarms of antiviruses , you need to rewrite the code, get rid of such code constructs in your project and check until the alarms stop.
Only a specialist who will decipher the logic of the script will be able to tell exactly whether the script is harmful or harmless in such cases. Unfortunately, web antiviruses often discourage visitors from downloading safe files due to the fact that they are falsely triggered. In this case, it is better to check the file with different antiviruses - if only one or two or three antiviruses have triggered, and the rest show it to be safe - most likely the file is really safe and you can download it. You need to pay attention to which antiviruses show detection, in this case, more trust should be given to popular antiviruses.
The same problem occurs with desktop and mobile programs. As soon as the antivirus detects various actions of the program, it may consider it malicious. For example, a program actively transmits data over the network, has access to data on a disk, etc. In this case, you can try to sign the program with the signature of a trusted publisher, but it is quite expensive and not all developers can afford it.
Thus, there may be false positives of antiviruses , especially when scanning web files and scripts. Therefore, if in doubt, but the file needs to be downloaded and run on your hosting or PC, it is better send it for review to a familiar IT specialist, and not abandon useful developments because of one operation of an unknown or little-known antivirus.
- 09.11.23IT / Database Errors when migrating from MySQL 5.6 to 5.7 and how to fix them - database dump import failed with an error or INSERT does not work. Disabling STRICT_TRANS_TABLES strict mode or using IGNORE
- 09.07.22IT / Misc Convert office files DOC, DOCX, DOCM, RTF to DOCX, DOCM, DOC, RTF, PDF, HTML, XML, TXT formats without loss and markup changes
- 07.07.22IT / Safety How to protect PHP, JS, HTML, CSS source code - obfuscation, minification, compression and encryption
- 06.07.22IT / Safety Connection not secure, problem with Lets Encrypt - how to fix expired 09/30/2021 DST Root CA X3, remove it manually and install ISRG Root X1. Example on MS Windows 7
- 08.07.21IT / Misc How to make a free translation for a website without an API, translate documents in Google Translate