Menu
Basically, my program runs along side another jar file. Here is the code for the download function:
public void saveUrl(final String filename, final String urlString) throws MalformedURLException, IOException { BufferedInputStream in = null; FileOutputStream fout = null; try { in = new BufferedInputStream(new URL(urlString).openStream()); fout = new FileOutputStream(filename); final byte data[] = new byte[1024]; int count; while ((count = in.read(data, 0, 1024)) != -1) { fout.write(data, 0, count); } } catch (Exception e) { return; } finally { if (in != null) { in.close(); } if (fout != null) { fout.close(); } } } And the to start the new process
public void runUpdate() throws IOException{ String folder = fileLocation; ProcessBuilder p = new ProcessBuilder(); p.command(folder); p.start(); } However, even with user prompts and having to approve the download, when I tested it outside of the eclipse environment, my anti-virus picked it up right away.
It was detected as a "trojan.downloader". I'm thinking it has something to do with the download function? I'm not really trying to beat an anti-virus program. I'm not attempting to do any illegitimate.
Perhaps some obfuscation would do the trick?
223
The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.
Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Virus Detection Methods Top There are four major methods of virus detection in use today: scanning, integrity checking, interception, and heuristic detection. Of these, scanning and interception are very common, with the other two only common in less widely-used anti-virus packages.
The bytecode generated by your compiler matches some specific code pattern/signature the AV is looking for, meaning some malware they had found/reversed in the past had code similar to this that they could reliably find.
The best option would be to identify and rewrite whichever method is triggering the detection until it no longer matches whatever the AV is looking for, obfuscation would not be a good idea (but can be done, if the obfuscator does control flow obfuscation) for fixing this problem as there's no guarantee it would produce bytecode different enough from the original (some obfuscators, like ProGuard, also do not even do control flow obfuscation).
53
You can try to sign your JAR with a code signing certificate, e.g. from Digicert.
This adds your company name to the JAR in a trusted way and thus could also be trusted by the Antivirus program. However, there's no guarantee that every Antivirus program will do so.
Note that there is also some impact of doing so:
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
