I am developing a Commodore 65 emulator: http://devilmaster.altervista.org/hi65.html
Recently, I have added the support of files, to allow users to create BASIC 10 programs that read and write files.

I also wanted to add compatibility with the BASIC 10 commands DELETE, ERASE and SCRATCH, that delete a file. However, if I insert the function that interprets them into the program, Avast will delete the executable file as soon as the compiler creates it, because it doesn't like the presence of the "remove" function.

This is the code snippet in question. I am absolutely sure this is the culprit, because the executable won't be deleted if I comment it out.


I am aware that "this proves that Avast works", but it seems to me that it works a little too much, because it effectively disallows the presence of any code containing a certain function. I am also aware that I could just ask users to please disable the antivirus while using the emulator, but a statement like that would make me look like a scumbag. I know I wouldn't trust a person telling me "Oh, if you want to use my program, you'll have to disable the antivirus."

Is disabling that code the only thing I can do?

No AVAST runs an heuristical analysis on all programs and it does not like the order of functions used such as OpenFile, DeleteFile and such therefore you need to change and tinker with them to make them better in terms of detection ratio maybe attempt to change function slightly.

Maybe try to NOT use std::remove and use DeleteFile API directly. I don't think Avast will complain because this means that all programs will be flagged as well.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363915%28v=vs.85%29.aspx

What AVAST is trying to do here is prevent a certain exploit technique called a "Return to STL" attack, this is where a malicious program overwrites the return address on the stack of another application and causes it to execute a function from the STL library instead of proceeding with it's original execution. Calling "DeleteFile()" directly like modoran suggests may be one way to get around this but I actually find that I have to turn off my AV client when I compile some programs to.

Try turning off your active scan component then compile your program and turn active scan back on. See if your program runs or just gets deleted. Like OrionMaster said these exploits are detected heuristically, it isn't just the calling of that one function that is causing it to get flagged by your AV. It could be the combination of this executable being created by another program (your compiler) and a bunch of other things that are adding up to your binary having a suspicious detection score.