PureBasic Forums - English

Got a problem... when I have UseJPEGImageDecoder and LoadImage TOGETHER in my app, Avast throws out a false positive virus alert, and if I submit my exe to VirusTotal, it shows 9 false positives from various virus scanners, too.

However, if I remove UseJPEGImageDecoder, the false alert goes away, and Avast and VirusTotal are happy.
But if I keep UseJPEGImageDecoder and remove LoadImage instead, then Avast and VirusTotal are also happy.

So I need to either remove UseJPEGImageDecoder or LoadImage. Therefore, is there a way I can call LoadImage via API instead, in the hopes that the false positives go away? Or is there a FAST method of loading JPEG images with LoadImage that doesn't require UseJPEGImageDecoder? Maybe using the FreeImage.dll? I don't know how to do that, so if maybe someone can give me an example of loading/saving JPEGs with FreeImage?

And no, I'm not going to submit my exe to 9 different scanners as a false positive, because that's too much hassle and time for them to update, and end users might not update their scanners anyway, so they'll still see the alerts.

PB Fanatic wrote:[...] So I need to either remove UseJPEGImageDecoder or LoadImage.

No, don't do that because it's certainly not an error on your (or PureBasic's) side.

PB Fanatic wrote:And no, I'm not going to submit my exe to 9 different scanners as a false positive, because that's too much hassle and time for them to update, and end users might not update their scanners anyway, so they'll still see the alerts.

Usually the detection definitions are updated automatically. If you like it or not that's probably the best way to go. By the way: I too have an application that uses UseJPEGImageDecoder and LoadImage -- no false-positive detections though (at least for now).

Generally more information on this:

• PureBasic Blog: Anti-virus plague
• Forum Search: Virus
• Nearly 6 year-old but (obviously) still relevant blog post from "NirSoft": Antivirus companies cause a big headache to small developers

c4s wrote:Usually the detection definitions are updated automatically

I just re-uploaded my exe to VirusTotal again, with UseJPEGImageDecoder + LoadImage inside, and this time it only reports 2 false positives instead of 9! WTF? I think what you said above is right.

But Avast still complains about a virus. I can't have my users seeing this.

Good info here.
http://www.purebasic.fr/english/viewtop ... 7&p=448128

See last post for an "expert" answer

The last post there is for using an API call to trick the AV software, which is what I asked for in the first post of this thread, ie. how to call LoadImage as API instead of the regular command. I don't know how to do it, as I'm not an expert, despite what people may think.

This may be the answer: http://blog.virustotal.com/2015/02/a-fi ... tives.html