Malware inside package?

[Octopus]

When I installed the x86 beta within Windows 7 system,
my Avira Security Suite detected: "TR/ATRAPS.GEN" [trojan]
inside of "C:\Program Files\PureBasic\Examples\Library.exe".

[Rings]

false warning.
you can check yourself via http://www.virustotal.com/.

[Octopus]

Well then. Nevertheless, is it possible to modify that
example for to avoid such a kind of a warning message?

[PB]

Why? It's not PureBasic's problem.

[Octopus]

Well, you know, I know now. But a new user of PureBasic does
not know about that. So his first reaction will be to blame
PureBasic for that unwanted message, though he would be
addressing the wrong target.

Modifying that single part of the package would increase
PureBasic's acceptance anyway. So why insist?

[ts-soft]

Modifying that single part of the package would increase
PureBasic's acceptance anyway. So why insist?

The PB-TEAM can't test the whole package with all virus-scanners and settings.

I think removing all compiled examples would a good idea.

Greetings
Thomas

[Little John]

Several anti-virus programs generate a lot of false warnings, and especially Avira is known for that. If I had a fire alarm that would raise false warnings 3 times a week, I'd throw it out of the window. So it seems clear to me, that it's the Avira program which should be modified.

Regards, Little John

[Kaeru Gaman]

exactly.

Modifying that single part of the package would increase PureBasic's acceptance anyway.

this would be of no use, other heuristics will mock other parts, the next update of Avira will mock other parts...
heuristics on maximum always is much too trigger happy, not only Avira but also Bloodhound (Norton) and Kaspersky.
it is absolutely impossible to keep your package in a shape that will not be mocked by no heuristic for the next twelve months.

it's clearly Avira's problem, not PureBasic's.

for example, a lot of heuristics will alarm when they see an Exe you compiled using
IncludeBinary with a JPG or PNG Image. They will call it a packed troyan.
or when you use the API call to download from an URL, most would interprete this as an unallowed net access.

[luis]

Octopus, I don't like you alias. My badalias detection system says a person with that alias can be malicious and have negative impact on the forum. I suggest you to change your alias, so you will not incur in similar problems in the future. I believe to my badalias detection system blindly.
So why insist?

[Octopus]

@luis: Hmm, I am very surprised, that you seem to intend making
me a part of your life. Thus it maybe a welcomed though unintended
feature of my alias "Octopus" not to be liked by yourself, as I am
not prepared to have a copy of mine spooking around your place.

But more seriously now: the PureBasic developers should be happy
about learning of any problem, which might occur related to PureBasic.
And knowing about that one I reported, maybe might lead to placing
a hint within the installation procedure, that such false positive
virus or trojan warnings might occur, but could be simply ignored,
because the team has tested the package in all details.

[luis]

@luis: Hmm, I am very surprised, that you seem to intend making
me a part of your life. Thus it maybe a welcomed though unintended
feature of my alias "Octopus" not to be liked by yourself, as I am
not prepared to have a copy of mine spooking around your place.

what the hell ...

Anyway hope you got what I meant, if not I'm not explaining it

"But more seriously now: the PureBasic developers should be happy
about learning of any problem, which might occur related to PureBasic."

Sure, but a false positive is not a PB's problem, is a problem OF the antivirus and FOR the antivirus user, who does not know what to believe. There is nothing wrong in reporting a finding like yours in the forum, an accident can always happen and a virus can be unwillingly distributed by anyone, what I was contesting to you was the request to adapt the purebasic package contents to accommodate for the stupidity of your antivirus.

Personally I would never do such a thing, or I would become slave of the stupid opinions of any antivirus maker in the world.

[Kaeru Gaman]

And knowing about that one I reported, maybe might lead to placing
a hint within the installation procedure, that such false positive
virus or trojan warnings might occur, but could be simply ignored,
because the team has tested the package in all details.

what should that be? it's just dust in the wind.

anyone who can write a virus could write a bloody disclaimer "don't worry, it was tested"


everybody who wants to download packages and wants to use an AV software has to learn to deal with it.

[Rook Zimbabwe]

Come on guys... no flames!

[SFSxOI]

Octopus, its a false positive. Go to the anti-virus software web site and report it. Usually they take care of it so it doesn't show up again as a false positive.

[Psychophanta]

I use avira now, and the tip happens here while install 4.40b7 x86.
What about to write to avira about the issue?