By 100%, do you mean 0 detections in VirusTotal?Marc56us wrote:All the programs I do in PB have always gone to 100%. I don't know why, but here's how I do it:
By the way, is there an issue with your website? It seems to be down.
By 100%, do you mean 0 detections in VirusTotal?Marc56us wrote:All the programs I do in PB have always gone to 100%. I don't know why, but here's how I do it:
I have no problem with that, but my users go to VirusTotal.com anyway and believe what it says, rather than what I try to explain. I've tried educating them over and over, but they simply reply that I've got a virus and don't know it. Sites like the below tell them to use VirusTotal:Marc56us wrote:stop taking this site for a reference
I wouldn't renew my site because the server logs only show spam, robots and connection attempts on management interfaces (which don't exist anyway).firace wrote:By 100%, do you mean 0 detections in VirusTotal?Marc56us wrote:All the programs I do in PB have always gone to 100%. I don't know why, but here's how I do it:
By the way, is there an issue with your website? It seems to be down.
And of course, code on an up-to-date machine with antivirus software.All the programs I do in PB have always gone to 100%. I don't know why, but here's how I do it:
- I code in pure basic syntax and PB function only (very few, if any, direct API calls).
- No direct modification of the registry
- Almost never pointers
- Entries are almost always made in standard Windows locations (ie: %AppData%).
- Large programs are packaged with InnoSetup and also use standard paths (ie: %ProgramFiles%, %ProgramData%).
Basic, Pure Basic, PureBasic
Nope, it actually has 2/70 malware hits: https://www.virustotal.com/gui/file/edd ... /detectionMarc56us wrote:ACME_Desk_x64.exe 0/72
This one actually has 1/63 malware hit: https://www.virustotal.com/gui/file/df8 ... /detectionMarc56us wrote:ACME_TreeNote_SQL_64_v2.7.1.zip 0/72
It's not, but if it were, would a virus infect my exe in the time I finish compilation to the time I submit it to VirusTotal? In 60 seconds?Marc56us wrote:(or maybe your PC is really infected?)
Look at the very first post in this thread: it follows your guidelines (no API calls, no Registry edits, etc) and still gets 8 malware hits.Marc56us wrote:it doesn't come from PB but from the way of coding.
When I check direct link from rsbasic, I still have 0/72BarryG wrote:Nope, it actually has 2/70 malware hits: https://www.virustotal.com/gui/file/edd ... /detectionMarc56us wrote:ACME_Desk_x64.exe 0/72
Yes.BarryG wrote:It's not, but if it were, would a virus infect my exe in the time I finish compilation to the time I submit it to VirusTotal? In 60 seconds?
The EXE that was generated is small: Poor AV classify that suspect.BarryG wrote:Look at the very first post in this thread: it follows your guidelines (no API calls, no Registry edits, etc) and still gets 8 malware hits.
The real world doesn't work like that: users only care about what VirusTotal says. You can tell them over and over not to listen to VT, and I already do that, but they don't care. You can't educate them. It's a sad situation.Marc56us wrote:If your users continue to believe VT Without completely reading the results (who says OK and who says KO) direct them to AV test sites.
You're ignoring the fact that the small exe made by Visual Basic (which is even smaller than the PureBasic exe) doesn't get so badly classified as suspect by VT (see the first post in this thread). So exe size is irrelevant. Those two exes do exactly the same thing, but only the PureBasic version gets flagged badly. There's obviously some byte sequence (signature) which is triggering it, which is what I've been trying to isolate lately.Marc56us wrote:The EXE that was generated is small: Poor AV classify that suspect.
Plenty of Visual Basic apps use direct API calls; check out some VB code forums. It's not bad to use API.Marc56us wrote:(very few, if any, direct API calls).
What? I didn't download this before. I downloaded it directly from RSBasic like you, yesterday and again today, from the link you provided (RSBasic.de archive page). Proof is below. Look at the VT scan date/time. I don't know what file you're testing, but it's not the one from RSBasic. What's its SHA-256 checksum? It won't be the same as below.Marc56us wrote:When I check direct link from rsbasic, I still have 0/72
You provide file you've dowloaded before and found 2/72
When I check direct link from rsbasic, I still have 0/72
You provide file you've dowloaded before and found 2/72
NO, NO, NO! Do not download, use URL onlyWhat? I didn't download this before. I downloaded it directly from RSBasic like you, yesterday and again today,
Firstly, as mentioned above, the URL scan is not directly sending any file to VirusTotal for scanning, so we can ignore that part of your statement. Second, you're alluding that the file I downloaded is getting infected by my PC once downloaded... but have you looked closely at the SHA-256 hash from the URL you quoted to the file I downloaded and then submitted? The hashes are the same. That means nothing on my PC has altered the file while it was in my possession (unless you think my PC has the ability to generate SHA-256 collisions; that would be a world-first!).Marc56us wrote:So if the file you downloaded and sent back is considered to have viruses while the one sent directly from the storage site does not, make the appropriate deduction about what is happening on your PC.