My Windows Service application in Delphi 6 is being accused as a virus by Avast in the auto-update process.
Soon after the build process of building the executable, Avast already has a virus. He accuses the Win32: Evo-gen [Susp] .
The process is through a thread and by this method:
procedure TThreadAutoUpdate.Update;
var
fileDownload: TFileStream;
bDownloaded: boolean;
fileBat: TStringList;
cAppName: string;
cBatName: string;
begin
cAppName := Application.ExeName;
if FileExists(cAppName+'.tmp') then
DeleteFile(PChar(cAppName+'.tmp'));
FileDownload := TFileStream.Create(cAppName+'.tmp', fmCreate);
try
AddLog('Logando ...');
FIdFTP.Host := 'ftp://fakeDeDownload.com.br';
FIdFTP.{$if CompilerVersion < 16}User{$else}Username{$ifend} := 'update';
FIdFTP.Password := 'update';
FIdFTP.Connect({$if CompilerVersion < 16}true{$ifend});
try
FIdFTP.Get('MyService.exe', FileDownload);
AddLog('Efetuando download ...');
if FIdFTP.Connected then
FIdFTP.Disconnect;
bDownloaded := True;
except
on e: Exception do
begin
bDownloaded := False;
AddLog('Não foi possível atualizar o serviço');
AddLog('Motivo: ' + e.Message);
end;
end;
finally
FreeAndNil(FileDownload);
end;
if bDownloaded then
begin
AddLog('Download efetuado');
AddLog('Trocando os executáveis');
fileBat := TStringList.Create;
try
fileBat.Clear;
cBatName := THelpers.GetTempDirectory + ExtractFileName(cAppName) + '.bat';
fileBat.Add('net stop MyServiceSvc');
fileBat.Add(':Label1');
fileBat.Add('@echo off');
fileBat.Add('del "'+cAppName+'"');
fileBat.Add('taskkill /f /im "'+ ExtractFileName(cAppName) +'"');
fileBat.Add('if Exist "' + cAppName + '" goto Label1');
fileBat.Add('Move "'+cAppName+'.tmp'+'" "'+cAppName+'"');
fileBat.Add('net start MyServiceSvc');
fileBat.Add(':Label2');
fileBat.Add('del "' + cBatName + '"');
fileBat.Add('if Exist "' + cBatName + '" goto Label2');
fileBat.SaveToFile(cBatName);
WinExec(PAnsiChar(AnsiString(cBatName)), SW_HIDE);
AddLog('Atualização efetuada com sucesso');
finally
fileBat.Free;
end;
end;
end;
But if I leave this commented line exactly, then the executable is no longer charged:
// FIdFTP.Get('MyService.exe', FileDownload);
Does anyone have an idea of what might be happening?