15 Dec
2018
15 Dec
'18
4:09 p.m.
On 15.12.2018 11:54, degski via Boost wrote:
If you have a better explanation, please do put that forward. The fact that this particular file get's flagged at all indicates that same broken logic.
It wouldn't surprise me if part of the 7z header plus some of the (essentially) random bytes of data after triggers it. We experience something like this rather frequently with the programming language at work, Delphi, which is also used by a lot of malware writers for the same reason we do: RAD. What happens is parts of the compiled standard library gets used as a signature, causing a lot of false positives. - Asbjørn