I am using the latest version of avast! Free and when I run Reaper installation file reaper422_x64-install.exe downloaded from www . reaper . fm/download . php, avast windows pops up saying that “Static analysis finds the file suspicious” and suggests that I run in in sandbox. Now, I am pretty sure that there isn’t any malware in there, but I’m curious, what does “static analysis” mean and why avast finds that file to be suspicious? It also says: “We did not find enough evidence to identify the file as malware. However you should still use extreme caution when accessing it”.
and suggests that I run in in sandbox. Now, I am pretty sure that there isn't any malware in there, but I'm curious,
then select.....run normal....and remeber my answer
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners (if tested before, click rescan)
when you have the result, copy the URL in the address bar and post it here for us to see
Thanks for your answers. I’ve already installed the software, and that’s not an issue because I’ve used it before without any issues or problems and because many people use Reaper for home audio and music production as it’s a well known digital audio workstation. The reason for my post was mainly to deduce what was the real reason for the warning I got. And BTW, none of the antivirus programs from virustotal found anything suspicious (including avast :)).
One entry I found in the avast! blog about static analysis explains: Static analysis finds the file suspicious
Static analyses checks file content and looks for suspicious strings in file headers similar in virus definitions. Main static analysis reasons are:
Application is not signed
Use of executable file encryption/compression
The file prevalence/reputation is low
All new unknown files are potentially dangerous. Whenever they have become widespread, there will not be a reason to AutoSandbox them anymore.
The file origin/source is suspicious
The file is executed from a remote/removable media
I’m just curious to know how can I find out what the exact reason for warning was (i can rule out the last one).
Thanks, it makes sense now. Symantec flags it as Suspicious.Insight. So I’m guessing the reason for warning I’ve got is reputation, which is understandable, as it has relatively small user base and therefore a low adoption rate so it’s in the “unproven” state in various reputation-based systems. It would be nice that avast gave some more info about that kind of stuff.