Looking over the data in the Relations tab of VirusTotal:
1. Something contacts an IP address owned by Microsoft; I don't think
our installer does this, but who knows. Flagged by G-Data and ArcSight
Threat Intelligence engines
2. The examples\prebuilt\bin\fbSampleExtAuthKeygen.exe and
examples\prebuilt\bin\fbSampleDbCryptApp.exe are flagged by MaxSecure
and Rising engines
3. The examples\prebuilt\plugins\fbSampleKeyHolder.dll and
examples\prebuilt\plugins\fbSampleDbCrypt.dll are flagged by Cynet engine
Digging down, it seems to be because those files are built with
debugging symbols. I'm not 100% sure, but I think files with debug
symbols may trigger a look up to a Microsoft server for debugging
symbols, possibly because the PDB files aren't actually included. And
this could also explain point 1.
Interestingly enough, submitting
Firebird-5.0.1.1469-0-windows-x64-withDebugSymbols.zip produces only a
mention from Rising, not MaxSecure, but it is still processing things so
there is no relations tab.
Conclusion: it's a false positive due to the example files.
Mark
--
Mark Rotteveel