McAfee False Positiveby SavannahLion (Pilgrim)
|on Apr 08, 2010 at 06:28 UTC
SavannahLion has asked for the wisdom of the Perl Monks concerning the following question:
I'm not quite sure how to present this question. The gist of the problem is, McAfee thinks the code I just wrote is a virus, "New Perl."
It appears I wasn't the only one to bump into this. There is a post McAfee Forums dated Dec 26, 2007 with someone asking about the same thing. Naturally, no response from anyone at McAfee and Google isn't turning up much.
What I'm working on is a database-like script. The script is basic and currently doesn't leverage any of the established SQL based databases. It is really one of those, "I'm bored today, I'd like to write something to pass the time," kind of thing. In any case, each record is handled as a hash (and later stored in a flat file modeled after WikiWikiWeb). Each hash key has an associated function by the same name.
Because it's just a bored project, I've implemented some things I've never tried before. One is to auto-generate core functions for hash keys by running the script in an "update" mode. Essentially, part of the code examines the hash keys, compares it to a blocked section of the perl and matches up functions with hash keys. If it finds a match, it keeps it in a hash. If no match is found, it stores it in another hash to be commented and stored elsewhere in the code (in case I want to reuse the code) and if new keys without matching functions are found, it generates skeleton functions. Then it copies the rest of the perl script, drops in the stored and updated functions in the appropriate location and in order. Voila! (Note this is the section surrounded by the Source Code Maintainence comment). You'll note the code is incomplete. This is a work in progress and doesn't work in its current iteration.
Next I wanted to examine a particular string, pick out each character in the string and run through a collection of functions (marginally related to the described process above). The test string is stored in $toke and the characters are separated and acted on in the for loop with the substr.
As dumb luck would have it, I decided to save the work before leaving and McAfee balked at a virus! Then it proceeded to delete my entire script! All I could do was to print out the changes and rebuild the rest from the test file generated by the script.
To narrow down the cause I C&P the code below into its own script. McAfee balked at it. I tried what tricks I knew to avoid McAfee from getting rid of my file but I kind of need this particular set of code to accomplish my goals. What exactly is triggering McAfee and how do I work around this?
Please keep in mind this is a work in progress and I haven't worked out all the bugs. It's also incomplete such as under the elsif statement. and construction of the %subs has probably could be better written. I spotted at least three spots that should be looked at for potential bugs. Point is, this is the exact code McAfee balked at.
On a side note. Altering McAfee's behavior is not possible. I have control over my laptop (from where I type this) but IT restricts what I can modify on the desktop. It took a lot of convincing to allow me to have Perl installed. Making any adjustments to McAfee's behavior is out of the question.
I can't really describe how much it irritates me McAfee thinks what I'm writing is a virus. I've already spent two days trying to play nice with McAfee. I'm so annoyed I'm tempted to burn a Live Disc and just work from that environment while I'm on the desktop. I'm not sure how I'm going to explain to my supervisor why my phone monitor isn't running though. :\