Antiy-AVL detects false positive Trojan/Win32.SGeneric in PHP 5.5.8 binaries #122
Description
See virustotal results for PHP Desktop Chrome with PHP 5.5.8:
https://www.virustotal.com/en/file/d6e1fe7492a8c2d4c5c77373191187a0d25d7a2faeb89
18b63cf2affe15d908b/analysis/
Scanning PHP Desktop Chrome with PHP 5.4.24 is OK, no trojan detected by
Antiy-AVL:
https://www.virustotal.com/en/file/a8ae6bea7e0b6e6b683731e2f32541f3302c401abfff1
caac655591352a31aa1/analysis/1412325034/
The OpenSSL shared library libeay32.dll (version 1.0.1.5) that is shipped with
PHP 5.5.8 is detected as trojan by Antiy-AVL:
https://www.virustotal.com/en/file/5bdec91545de2ced4b3d8822ff8420170bb9aa24a978b
e23b01f0d6cb5a2baed/analysis/1412325917/
Also when scanning files individually, Bkav antivirus is detecting
VEX2819.Webshell false positive virus in "php.ini-development" and
"php.ini-production" files:
https://www.virustotal.com/en/file/67e7bb161d400b688b11e39f63ce003442237afe2c5b2
7330121099834a27f4f/analysis/1412326051/
https://www.virustotal.com/en/file/7affa08c031da13014d5b81c60d6f74e3a28fd0e5037f
c5165853c4e5d8f934b/analysis/1412326059/
-- --
We may try to use UPX compressor on the libeay32.dll to get rid of this false
positive, a solution found here:
https://groups.google.com/d/topic/virustotal/auT8zwyBIqY/discussion
Or maybe upgrading to a newer version of PHP 5.5 will get rid of the problem.
We may also want to delete the php.ini-development and php.ini-production files
to get rid of the Bkav false positive. It's probably a false positive because
of the unusual extension.
Original issue reported on code.google.com by [email protected] on 3 Oct 2014 at 8:58