We know that many Antivirus (AV) tools flag ZAP and some of the ZAP add-ons.
For example the ZAP 2.15 Windows installer was flagged by 3 / 63 security vendors.
In particular the Active Scan Rule add-on is often flagged: v65 was flagged by 10 / 63 security vendors.
Detecting viruses is hard, especially as viruses try to disguise themselves. This means that AV tools try to detect potentially malicious activity or code.
ZAP is a security tool which “does bad things”.
The Active Scan Rule add-on contains the rules which attack websites, so it is not surprising that make AV tools flag it.
Any issues raised about ZAP or its add-ons being flagged by AV tools will be closed with a link to this FAQ.
If you have hard evidence that there is an actual virus in ZAP or its add-ons then please report that with the evidence to the ZAP Bug Bounty Program.
If you work for an AV tool vendor and would like to discuss how you can make sure your tool does not incorrectly flag ZAP then please get in touch.