Check VSIDE with antivirus software

Installing and using VSIDE tools for VLSI Solution's devices that contain a VSDSP signal processor.
Post Reply
Arek
Senior User
Posts: 36
Joined: Thu 2016-09-01 10:58

Check VSIDE with antivirus software

Post by Arek » Thu 2016-09-01 11:49

Hallo

I start my adventure with VS1005.
Before install new software I have to check the files with antivirus software.
I use:
https://virustotal.com

This time I get following message: found three

I'd like to ask you to verify this.


Message from "VirusTotal.com":

SHA256: 0ac60a1ce3efa719c24e00560878192a9c67fca9bb609402a16dbd39c96a1016
Dateiname: vside_win32_v240.exe
Erkennungsrate: 3 / 54
Analyse-Datum: 2016-09-01 09:32:37 UTC ( vor 3 Minuten )

Antivirus Ergebnis Aktualisierung
Ikarus Trojan-Spy.Win32.Pophot 20160901
Jiangmin Trojan/Generic.apcuw 20160901
McAfee-GW-Edition BehavesLike.Win32.Sytro.tc 20160901

User avatar
Henrik
VLSI Staff
Posts: 1103
Joined: Tue 2010-06-22 14:10

Re: Check VSIDE with antivirus software

Post by Henrik » Thu 2016-09-01 12:11

Hello!

I just run the same check, and yes, it seems that three anti-virus software of 51 thought there were something that looks suspicious.

VSIDE is compiled on a computer that has no Internet access, and we never run external binaries on it. As only 3 of 51 antivirus programs think there might be an issue (and even they disagree on what the issue would be), I'd tend to believe that these are false positives.

E.g. Ikarus thinks it sees Trojan-Spy.Win32.Pophot, but Microsoft's scanner (that does know about that virus) doesn't think there are any issues.

Kind regards,
- Henrik
Good signatures never die. They just fade away.

User avatar
Panu
VLSI Staff
Posts: 2534
Joined: Tue 2010-06-22 13:43

Re: Check VSIDE with antivirus software

Post by Panu » Thu 2016-09-01 12:44

Hi and welcome to the Forum!

I also checked and came to the same conclusion as Henrik. The detections are heuristic and seem to come from the executables that are compiled using quite old compilers. Heuristic scanning can show a file to resemble a virus just because it was compiled with the same compiler as some old viruses.

Furthermore, the analysis seems quite old; I took further look at one included file, vssym.exe, which showed an infection at:
https://virustotal.com/fi/file/c32c57cd ... /analysis/
Analysis date: 2014-02-19 13:13:24 UTC
Emsisoft Win32.Almanahe.D (B) 20140219
But noticed that the detection was 2.5 years old. Rescanning today shows the same file by the same scanner to be clean:
Analysis date: 2016-09-01 10:33:55 UTC
Emsisoft Clean 20160901
So there shouldn't be much to worry about. These things come and go! I also updated my virus scanner and scanned my laptop, seems clean.

Oh, and by the way, welcome to the world of VSDSP! We're looking forward to helping you!

-Panu
Info: Line In and Line Out, VS1000 User interface, Overlay howto, Latest VSIDE, MCU Howto, Youtube
Panu-Kristian Poiksalo, VLSI Solution Oy

User avatar
Panu
VLSI Staff
Posts: 2534
Joined: Tue 2010-06-22 13:43

Re: Check VSIDE with antivirus software

Post by Panu » Thu 2016-09-01 12:54

I think most of the false detections come from the file packing of NullSoft's installer. Many viruses use similar data packing for their code so naturally the packed files resemble each other and there are similar patterns. This may be emphasized by the fact the VSIDE is quite large package and it contains numerous PE executables. Superficially scanning these packages generates false positives such as these and it seems they cannot be completely avoided. Virus scanners also do their best to try to notice these kinds of files as viruses customarily try to disguise themselves as common installer packages.

For more info, please see: http://nsis.sourceforge.net/NSIS_False_Positives
Info: Line In and Line Out, VS1000 User interface, Overlay howto, Latest VSIDE, MCU Howto, Youtube
Panu-Kristian Poiksalo, VLSI Solution Oy

Arek
Senior User
Posts: 36
Joined: Thu 2016-09-01 10:58

Re: Check VSIDE with antivirus software

Post by Arek » Thu 2016-09-01 13:34

Hallo Henrik and Panu,

many thanks for promt reply.
I've asked my IT Department in my company and get OK to install it.

with best regards

Arek

Post Reply