Personal tools

Antivirus notes

From AC3Filter
Jump to: navigation, search

Sometimes antiviruses may trigger an alert when scanning AC3Filter distributive. Why?

[edit] ClamAV

May detect PUA.Win32.Packer.BorlandDelphi-9 or PUA.Win32.Packer.InnoSetup-6. It is not a virus! AC3Filter uses InnoSetup installer and it obviously uses compression (that is considered as suspicious behavior). Official explanation from ClamAV (see 'What is PUA? I get a lot of false positives named PUA'). Note, that PUA detection is not recommended because of false positives. Cite from the link above:

At this point we DON’T recommend using it in production environments, because the detection may be too aggressive and lead to false positives.

[edit] NOD32

May detect Win32/OpenCandy. Yes, AC3Filter installer uses OpenCandy (what is it?). It is not a virus and was removed from the list potentially unwanted applications, but still may trigger an alert (see official explanation from ESET).