New tool, Jotti says: 3 scanners found malware

[radarlove]

Hi,

I’m currently working on a new third party tool, and am almost ready to publish it.
I ran it through Jotti’s Malware scan (Jotti's malware scan) and got three warnings:
- Dr.Web says: BackDoor.Siggen.32606
- Ikarus says: Trojan-Downloader.Win32.Delf
- Panda says: Generic

The rest of the virusscanners (like: avast, antivir, f-secure, kasperski, trendmicro, etc) says there is no malware detected.

The programme I created is a pretty straight forward HTTP server that retrieves chat messages from WoW and presents it through a webpage.
I didn’t put any malware in the executable, but why do these three virusscanners say there are Trojan inside?

Thx for replies,
RL

[zaeBOOST]

"Ikarus says: Trojan-Downloader.Win32.Delf"
"Panda says: Generic"

Because of the "connect to the HTTP server and retrieve files" behavior.

What are you coding in?

[Eryx]

Anti malware/spypware/virus software uses code recognition to identify threats, and some times similar code can be found in "legit" software and then the security software can believe it is a threat even if it isn't.

If it is a tool that reads memory/reading and interacting with other processes and uses low level code to do so, I guess its your "Jotti" that is a bit paranoid.

[radarlove]

"Ikarus says: Trojan-Downloader.Win32.Delf"
"Panda says: Generic"

Because of the "connect to the HTTP server and retrieve files" behavior.

What are you coding in?

Coding in oldskool Delphi/Pascal
I just looked into a few other published tools and I noticed there's also red flags in those virusscans. Guess some scanners are just freaking paranoid...

Im also making another tool, tcp client/server which makes it possible to char over the internet... Probably also will get a lot of warnings..

[Nikentic]

Delphi actually gives a lot of "false positives", just by having code that handles HTTP. Been experiencing it a few times, don't remember what to do about it though.