I downloaded Midlet Pascal 3 Alpha 4 in another environment and get message:
"ProxyAV has detected a virus in this file! File has been dropped. Virus: "Troj/Redbrow-A" found!
Not happened in Alpha 3 or below.
Furthermore, since Midlet Pascal 2.x, the generated JAR files has been reported to have virus. From other forum, seems someone has use Midlet to develop a virus program so anti-virus program use midlet as a signature.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This 'virus detection' has been seen for quite a long time now. The problem comes from the fact that the virus signature used by anti-virus programmes is part of the Midlet Pascal library, rather than the signature of the virus itself. So the fault lies with the anti-virus manufacturers, rather than Midlet Pascal.
The problem did not occur in earlier versions of the IDE, as the libraries which contain the signature were not included. Javier, who is designing the IDE, is aware of this problem, but we do not have a quick solution.
As you say above, the problem occurred when Midlet Pascal was used to write a trojan, usually called 'Red Browser'. It does not affect Windows systems but, when loaded into a mobile phone, it dials premium rate phone lines.
I can only suggest that you disable your anti-virus detection of , or make exceptions of, the S.class and SM.class files in the stubs
subdirectory of your Midlet Pascal programme directory.
It has also been suggested that using a Java obfuscator (Proguard seems to be the most commonly recommended) on your midlet will prevent many incorrect 'virus' detections.
We are aware of this problem, and will attempt to solve it in the future.
best wishes … wes williams (site admin)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In some instance, the anti-virus program is not installed by me. I use Yahoo email which has built-in anti-virus program to check attachment. I am not able to send JAR via Yahoo email.
To solve the problem, inform a few anti-virus manufacturers (e.g. Norton & McAFee) about false alarm.
A workaround solution is to change the signature in MidletPascal libraries so anti-virus does not able to detect it. Remember, it is now MidletPascal 3.0 and under open source, not the same as MidletPascal 2.x.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok, i got some free time to spend on this problem and seems now its fixed. It's difficult to say since we should test it with every AV software available. At least I can say that the Symantec software that Yahoo uses to scan its attachments is not raising any false alarm anymore.
About informing AV manufacturers about this false alarm… well, i think its a waste of time, it wont have any kind of effect, they win a lot of money by scaring people with false alarms heh, I had deal with them many times about wrong information they provide with no success at all, the last one was with SOPHOS about the Win32/Induc.A crap infecting old Delphi versions a few months ago… could not find a single individual in there to talk about the misinformation they was providing… they know nothing but to steal people's money, but thats only my opinion, so if you think they will hear you, go ahead and good luck ;D
Resuming, it seems to be fixed now, and will be included in the next release. Thanks for you report!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It would be a good thing to write some words in the documentation and installation notes about these false virus alerts.
I've got alerts from AVG about 'Java/RedBrowser.B' infection in 3 files: SM.class S.class FS.class
So i went to search on the net to get some info about the threat and to find the solution: to add exceptions to antivirus software.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Seems the vast majority of the AV scanners are not false detecting MP classes anymore (since the modification of the M.class file), but also seems AVG had in its DB all the other .class files inside the JAR of that damn crappy trojan (that shows AVG as many other AV companies, does not analyze things really).
I will be touching that .class files to avoid the AVG detection.
Thanks for your report!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok, after a couple of hours modifying the .java stub classes affected by the false alarms (SM, S, FS and FW) of many different AV scanners (specially AVG and NOD32) I can announce to the community that finally they seem to be all removed. I've tested against the jotti.org multi-AV mechanism.
But, this changes means MORE and HARD testing for all of you, since the modifications involved changing the code of the stubs distributed in the MIDlets and they MUST be tested in every kind of scenario available again. In some cases some AV software was detecting a Thread start() call as malicious code, so I had to workaround that kind of stuff here and there.
Hopefully in a couple of days I can publish a new BETA for this.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I downloaded Midlet Pascal 3 Alpha 4 in another environment and get message:
"ProxyAV has detected a virus in this file! File has been dropped. Virus: "Troj/Redbrow-A" found!
Not happened in Alpha 3 or below.
Furthermore, since Midlet Pascal 2.x, the generated JAR files has been reported to have virus. From other forum, seems someone has use Midlet to develop a virus program so anti-virus program use midlet as a signature.
This 'virus detection' has been seen for quite a long time now. The problem comes from the fact that the virus signature used by anti-virus programmes is part of the Midlet Pascal library, rather than the signature of the virus itself. So the fault lies with the anti-virus manufacturers, rather than Midlet Pascal.
The problem did not occur in earlier versions of the IDE, as the libraries which contain the signature were not included. Javier, who is designing the IDE, is aware of this problem, but we do not have a quick solution.
As you say above, the problem occurred when Midlet Pascal was used to write a trojan, usually called 'Red Browser'. It does not affect Windows systems but, when loaded into a mobile phone, it dials premium rate phone lines.
I can only suggest that you disable your anti-virus detection of , or make exceptions of, the S.class and SM.class files in the stubs
subdirectory of your Midlet Pascal programme directory.
It has also been suggested that using a Java obfuscator (Proguard seems to be the most commonly recommended) on your midlet will prevent many incorrect 'virus' detections.
We are aware of this problem, and will attempt to solve it in the future.
best wishes … wes williams (site admin)
In some instance, the anti-virus program is not installed by me. I use Yahoo email which has built-in anti-virus program to check attachment. I am not able to send JAR via Yahoo email.
To solve the problem, inform a few anti-virus manufacturers (e.g. Norton & McAFee) about false alarm.
A workaround solution is to change the signature in MidletPascal libraries so anti-virus does not able to detect it. Remember, it is now MidletPascal 3.0 and under open source, not the same as MidletPascal 2.x.
Ok, i got some free time to spend on this problem and seems now its fixed. It's difficult to say since we should test it with every AV software available. At least I can say that the Symantec software that Yahoo uses to scan its attachments is not raising any false alarm anymore.
About informing AV manufacturers about this false alarm… well, i think its a waste of time, it wont have any kind of effect, they win a lot of money by scaring people with false alarms heh, I had deal with them many times about wrong information they provide with no success at all, the last one was with SOPHOS about the Win32/Induc.A crap infecting old Delphi versions a few months ago… could not find a single individual in there to talk about the misinformation they was providing… they know nothing but to steal people's money, but thats only my opinion, so if you think they will hear you, go ahead and good luck ;D
Resuming, it seems to be fixed now, and will be included in the next release. Thanks for you report!
Hi!
It would be a good thing to write some words in the documentation and installation notes about these false virus alerts.
I've got alerts from AVG about 'Java/RedBrowser.B' infection in 3 files: SM.class S.class FS.class
So i went to search on the net to get some info about the threat and to find the solution: to add exceptions to antivirus software.
Seems the vast majority of the AV scanners are not false detecting MP classes anymore (since the modification of the M.class file), but also seems AVG had in its DB all the other .class files inside the JAR of that damn crappy trojan (that shows AVG as many other AV companies, does not analyze things really).
I will be touching that .class files to avoid the AVG detection.
Thanks for your report!
Ok, after a couple of hours modifying the .java stub classes affected by the false alarms (SM, S, FS and FW) of many different AV scanners (specially AVG and NOD32) I can announce to the community that finally they seem to be all removed. I've tested against the jotti.org multi-AV mechanism.
But, this changes means MORE and HARD testing for all of you, since the modifications involved changing the code of the stubs distributed in the MIDlets and they MUST be tested in every kind of scenario available again. In some cases some AV software was detecting a Thread start() call as malicious code, so I had to workaround that kind of stuff here and there.
Hopefully in a couple of days I can publish a new BETA for this.