Reputation: 490
Why is this trivial C program detected as a Virus?
I wrote this program:
#include <stdio.h>
main()
{
int n;
n=1;
while (n>0)
{
puts("Write a number: ");
scanf(" %d",&n);
printf("This is the number you wrote: %d\n", n);
}
}
Apparently there are absolutely no syntax errors, nor any compilation error. It compiled and built perfectly.
Now, if I switch this line:
puts("Write a number: ");
with this one:
printf("Write a number: ");
it compiles with no errors but when the compiled object launches, it immediately stops and an anti-virus warning pops up saying it identified a trojan horse. Before taking any conclusions, I built it several times and after getting the same message I scanned it in virustotal.com and this was the result.
Well I know puts is actually more correct than printf given the objective, but still it should work just fine.
What's wrong here?
I'm using AVG anti-virus, and Pelles C to compile.
Upvotes: 20
Views: 5792
Answers (3)
Reputation: 127593
Anti virus software work on signatures which are basically known patterns in executable code used by virus software.
Some virus in the wild has a similar pattern to the printf version of code you wrote (I searched all of the people who did flag you as a virus, unfortunately none of them publish what their signature files are checking for). Due to the fact you should never call printf with one argument it is likely many anti-virus software providers may use that as part of their signature process.
The two options you have are don't call printf with a single argument (which you shouldn't anyway) or submit your program as a false positive to the antivirus vendors that said your program was a virus and they may update their signatures to rule out your program as a false positive.
Upvotes: 5
Reputation: 51890
It's a false positive, obviously. The generated machine code just happens to resemble code that is in the malware database. This has nothing to do with the use of puts().
Upvotes: 6
Reputation: 5204
printf() has a Uncontrolled format string security risk
you should use puts()
also found this:
see the comments in What is the difference between printf() and puts() in C?
Just a note on using printf instead of puts: never, ever do a printf(variable) to print a string. Use puts(variable) or printf("%s', variable). There's a security risk in using a variable format string: if the variable can be written by an attacker they can attack the program by using format strings. – Zan Lynx Dec 1 '12 at 9:05
Upvotes: 1
Related Questions
- Compiled C executable is detected as a virus by windows defender
- Why does AVG(antivirus) detect an executable produced from Dev-C++ as a virus?
- Can't run this C code: no errors or warnings but the program just crashes
- Program I just made is apparently a virus? C++
- What could be causing VirusTotal to flag an empty program as a trojan?
- C language program is detected as a virus
- C program Accidental Making Virus..?Why
- Simple C program labelled as virus
- simple C program crashes when run
- Could program classified as a virus have a security flaw?