PureBasic Forums - English

Just received an e-mail from an user that reported a false positive in one of my (open source) programs so I decided to go to VirusTotal.com to see what's going on. After submitting the ZIP file I was amazed to see that some 43% of the antivirus engines were falsely reporting infected files in the archive . So I searched on google for a list of contact e-mails to submit them false positive reports and found this the link below. Posted it here so you can quickly contact them if you encounter this problem as well:

http://www.wilderssecurity.com/showpost ... stcount=43

My program had only one false positive when I first scanned it but it seems that the rest of the AV vendors received the sample and added it to their database without even analysing the file...

Inf0Byt3 wrote:I searched on google for a list of contact e-mails to submit them false positive reports and found this the link below

Yuck, over 50 sites to submit your exe too! I wouldn't bother. It's a never-ending cycle; a game of cat and mouse that you'll be forever playing. What you get "fixed" as clean today will just become another false positive tomorrow. Why waste time submitting and re-submitting all the time?

So here's what I do: tell the user (who accuses your app of being infected) to run it at Comodo Instant Malware Analysis (see http://www.purebasic.fr/english/viewtop ... 17&t=45603) and they'll see it's harmless. If they still don't believe you, tell them you'll pay them $1000 if they can prove the downloaded exe from your site is infected (use MD5 or such to validate their claim, in case their download has already become infected by their machine, or if they downloaded it somewhere else). That should shut them up. I've not had one person try to claim the $1000 yet.

Yuck, over 50 sites to submit your exe too! I wouldn't bother. It's a never-ending cycle; a game of cat and mouse that you'll be forever playing. What you get "fixed" as clean today will just become another false positive tomorrow. Why waste time submitting and re-submitting all the time?

You're definitely right about this. Seems like this game will never end...

So here's what I do: tell the user (who accuses your app of being infected) to run it at Comodo Instant Malware Analysis (see viewtopic.php?f=17&t=45603) and they'll see it's harmless. If they still don't believe you, tell them you'll pay them $1000 if they can prove the downloaded exe from your site is infected (use MD5 or such to validate their claim, in case their download has already become infected by their machine, or if they downloaded it somewhere else). That should shut them up. I've not had one person try to claim the $1000 yet.

Fortunately the user who contacted me didn't complain about the problem, he understood that this was an erroneous detection and he contacted me just to let me know about it. Your tip is excellent, but it doesn't apply to my problem since the flagged files were DLLs and CIMA says they're not executable.

Still, DLLs can be infected so the "reward to prove it" concept would still stand. I just have to be 100% sure that my "build" PC is totally clean before I build my exe. But it is, it's a VM with no internet access and a clean install of Windows. Nothing to fear -- my $1000 is safe.