Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by nicholas on Thursday, 05 March 2026 05:20 CST
Hi as others report you cant download Akeeba backup the 2 latest versions. This never happens before and not with Akeeba Admin Tools pro.
https://www.akeeba.com/download/akeeba-backup/10-3-1/pkg-akeebabackup-10-3-1-pro-zip.raw
So pls advice what causing this suddenly error that never happend before.
cheers!
TL;DR: It's a false positive and I now have a workaround for it which I will release on Monday.
The whole Gen Digital portfolio of antivirus vendors (Norton, Avast, LifeLock, Avira, AVG, etc) share the exact same antivirus engine. This engine is known to suck and throw a lot of false positives, which is exactly the case here.
Akeeba Backup 10.3.0 added support for backing up PostgreSQL databases. However, unlike MySQL, PostgreSQL does not have a native way to dump the structure of each table (DDL – Data Definition Language). The only way to do that is to call the command-line tool pg_dump. To do that, we have to pass the PostgreSQL's password as an environment variable.
The so-called heuristic antivirus engine sees that in the same file there's a reference to the PostgreSQL environment variable, pg_dump, and PHP methods which call command-line executables. It assumes that this is malware trying to steal your database contents even though it's perfectly clear that it's a database backup engine. Hence the false positive.
Ironically, the workaround I found to this false positive is to refactor my code using the same obfuscation techniques actual malware authors use. I kid you not. I split my code into separate files so not all keywords appear in the same file. I named the files using Greek words transliterated to Latin characters to avoid using file names which match the keywords they are looking for. I rewrote my code comments in Greek, again avoid using the keywords they are looking for. Finally, I used a variation of the 2000-year-old Caesar cipher to obfuscate the name of the environment variable used to call pg_dump.
Unsurprisingly, this simple obfuscation of keywords was enough to defeat the simple pattern matching engine they misleadingly sell as a "heuristic algorithm".
I will be releasing this modified version on Monday. I am about to leave the office for the day, and I never make releases on a Friday or over the weekend.
For what it's worth, Windows Defender actually has a much better antivirus engine (in terms of false positives and false negatives), it does not bog down your PC that much, it gets updated far more frequently, and is free. My advice is to get rid of third party antivirus and use Windows Defender. The only use case when Windows Defender is not enough is when you want a full endpoint security solution. However, if you need that you are running a decently sized corporation with an IT security department which would've easily spot this as a false positive and we would not be having this conversation. So, bottom line is: use Windows Defender. It works better and costs nothing.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!