I just ran into an annoying problem. Suddenly Avira AntiVir started to flag one executable from my software as being a virus.
As the default act
As a solution, you may want to:
1 - Verify your Delphi compiler is not infected
2 - Verify your sources and libraries are not tempered with (that was the M.O. for the Induc Virus)
3 - Check your (guaranteed) clean exe with the AVs. If they report a false positive, contact them so they could fix their tests.
4 - If you need to distribute before there is a chance to correct the AVs, sign your exe, so that your users could verify it's clean.
There are several reasons why an Anti Virus product might trigger on a Delphi produced exe, a few common reasons are:
As suggested before try scanning your release version with online services such as Virustotal or Jotti and always report your false positives to vendors instead of trying to prevent being a false positive. My experience is that AV vendors react quite fast on submission.
It is surprisingly common that Delphi applications are reported as (potentially) harmful by AV applications. It happened to me a while ago, using Delphi 2009, see http://en.wikipedia.org/wiki/Wikipedia:Reference_desk/Archives/Computing/2010_March_20#Delphi.2FAVG_Issue.
At SO, we also have
and many more.
It might be the actual Induc Virus. But most likely, it is a false positive.
In Free Pascal/Lazarus groups and bugtracker, such messages happen nearly every release and/or month.
We generally advise users to ignore all "generic" or "heuristic" scanning types, and stick to signature based scanning (as most corporate virusscanners do).
This because it is nearly always an heuristic alarms, never specific malware. This can be readily seen in the fact that the detected "virus/trojan" is nearly always of the "generic" type. Usually the virusscanners are also typical "home" virusscanners, or home editions of general virusscanners (Norton used to be particularly bad, nowadays it mostly the smaller scale "cheap" home use scanners)
However we communicate mostly with developers, and already have trouble getting this message across. I can imagine, when distributing to clueless end-users, this is a real difficult message to communicate.
Still, there is no other way.
Andreas's answer is excellent; it just happens a lot to Delphi applications.
Signing code doesn't make any difference -- I've had NOD32 throw false positives on signed Delphi code.
If there were any techniques that would avoid false-positives, virus authors will use them to avoid detection.
I've found the best course of action is, unfortunately, reactive rather than proactive. All AV vendors have a facility to report false positives, and I've found them to be responsive to reports.
Many honest developers have problems because of careless antivirus software. See this also: How to prevent false positive virus alarm on my software?
Imagine that for each false positive they show, you lose a possible customer. Programmers should take action against such antivirus products and force them to be more careful about false positive alarms, even to get some revenue back for the sales we lose because of them.
Update:
Recently I have observed that:
So, submit to VirusTotal before you publish your program!
Update 2019:
Unfortunately, InnoSetup is not spared also. I created a dummy installer with InnoSetup and upload it on VirusTotal. 5 out of 52 programs reported a false positive! Update on update: Now the number of false positive extended to 9!