ZIP.DLL

Several people complained that the zip.dll file distributed with .NETZ tool until version 0.3.9, was marked as infected by a virus from AVG. One user also told that AVG locks this file and therefore .NETZ tool cannot be run at all.

Indeed, if you run that zip.dll file though several antivirus engines, only AVG marked it as infected by Worm/Generic.BZR virus, as can be seen here. What is stranger is that the AVG online virus encyclopedia does not contain at all this virus name.

I just recompiled zip.dll again in version 0.4.0 from the same old source code, with the same *.snk file, and linked NETZ agains it. Because of the different PE (spy) data Microsoft regularly puts in the all PE EXE/DLL headers, each EXE/DLL has always a different signature, even when compiled from the same exact code. I run the same antivirus tests on the newly compiled zip.dll that comes now with version 0.4.0 of NETZ, and it passed the AVG test (without any virus being found), as you can see here.

This story tells a few things about AVG :

• First, the zip.dll file never had any virus, so the AVG warning is simply wrong, I wonder what ever made they belive it. The source code of #ZipLib used in zip.dll from has always been on-line at the compress page.
• Second, the zip.dll is a .NET managed and signed CLR module, whose signature will not be valid if a single byte is changed, so it is almost impossible for someone else to have ever stored a virus there, that the AVG ever found it infected and with the same signature.
• Third, just recompiling, and changing the signature of zip.dll, tricked the AVG to remove its virus warning. This leads to believe that AVG only relies on the hash of the file, which is not very serious for an antivirus application. Furthermore, when you pack the suspected zip.dll with -z, AVG never finds it. This enforces my claim they only check the file signature.