How does an Antivirus knows not to detect non malicious code?

Question

Let's say I created a file compression library, and this library was used in 1000 (non malicious) programs. But now a malware developer has decided to create a malware and use my library to compress some files.

Based on my little knowledge on how an Antivirus works, it selects a group of strings of bytes from the malware and store it in its database. Now when the Antivirus scans a program that has these strings of bytes, it alerts the user that this is a malware.

But what if the Antivirus selected a string of bytes that corresponds to a portion of my library's code, wouldn't this mean that my library is now detected as a malware (and hence the 1000 non malicious programs are now detected as a malware)?

Answer 1

There are two kinds of techniques to detect malwares, The first is by the file signature, for example Kaspersky receive every day a huge ammount of malicious code that will be analysed by its experts and then generate a signature for each one of them. So, when a file is analysed by an antivirus, it compare signature with all the signatures in its database. and then return the result to the user. The second way to determin is a software is malicious, is by using data mining techniques. which is take as an input the static & dynamic analysis results of the software, and then return a result. In this case, it can return a false positive result, depending on the antivirus.