In the list of antiviruses VirusTotal
there are Chinese antivirus solutions
, such as Bkav, Jiangmin, Rising, Cyren. Such antiviruses often check the code simply for the presence of function eval, base64_encode/decode, etc. Although the presence of such constructions in the php-code does not at all mean that the code is malicious
, and many developers use these functions for their own purposes (packing/unpacking data, custom fonts in css and others).For this reason, Chinese antiviruses often detect on absolutely clean files downloaded directly from developers. This is called false positives. Usually on VirusTotal
when checking the files, the detection rate for false positives of 1-2 (Chinese) antivirus out of 55. In case the detection rate is higher – it may be highly likely that within the file being checked, there may be malicious code or a virus present.