Bogus virus warnings for the latest Dolphin Viewer 3

It has been brought to my attention that Symantec products (Norton AntiVirus and PC Tools) pop up a virus warning about slplugin.exe when you install the latest Dolphin Viewer 3.

After hearing this,  I have taken the following steps:

  • I have scanned my build system for viruses – nothing found.
  • I have scanned my laptop that I actually use for everything else besides building viewers – nothing found.
  • I have submitted the latest slplugin.exe to virustotal.com – the result is here.

In this process I have used Microsoft Security Essentials, Clam AV Antivirus, and AVG Antivirus. None of them have reported anything.

This has happened a few times in the past, and it has always been this bogus “Heuristic” warning, which can basically be translated to “We don’t really know anything about this file, but we thought we could scare you into buying our product.”

To my best knowledge the current release of the Dolphin Viewer 3 is virus free.

Dolphin Viewer 3 Windows Installer

I received a single user report that Avira anti-virus found a virus in DolphinViewer3-i686-Windows-3.0.3.20418.exe.

After getting that report, I ran F-Prot, AVG, and ClamAV over the setup file, as well AVG and ClamAV across my whole build system, and they all found nothing.

Avira, on the other hand, has been known “somewhat prone to false positives”.

So there is no virus in there.

UPDATE:

The ‘virus’ that Avira is detecting in the Dolphin Viewer 3 installer is “ADWARE/Adware.Gen“.

Please note this section in the description of this ‘so-called’ virus:

A generic detection routine designed to detect common family characteristics shared in several variants.
This special detection routine was developed in order to detect unknown variants and will be enhanced continuously.

To me that translates to “We don’t really know what is going on there.”

I’ll send the installer to Avira to have it analyzed and properly scanned now.

UPDATE 2:

I’m getting word that other people have similar false positives with Firestorm, and the original Linden Labs viewers right now. It seems that there is something in the original code that upsets virus scanners.