Author Topic: False positive report of Bass libraries  (Read 257 times)

Falcosoft

  • Guest
False positive report of Bass libraries
« on: 21 Oct '17 - 09:49 »
Hi Ian,
First and foremost this is not a complaint about why the libraries are flagged as malicious by various AV engines. I know about this issue and I'm also fighting it myself.
I just would like to recommend some regular (e.g. monthly) white list requests from you to your AV contacts for the actual/non-officially released libraries.
This is because active developers who use your fantastic libraries are forced to use newer libraries than the officially released ones because of frequent bug fixes.
Also I would like to ask how you can handle the fact that Virustotal brainlessly integrates new AV engines every month that seem not to have any platform to report false positives (Cylance, eGambit). Do you have any special contact for them?

Thanks in advance.   
Ps:
Currently the libraries I use are flagged by these engines:
bass.dll - https://www.virustotal.com/#/file/f6be574a0cfaea170063b675976e844e112fe6299007b27d585237e574a2ad87/detection
bassmidi.dll - https://www.virustotal.com/#/file/421f60ab1e9b1dc1bd6477e08373d5b63bcf4de739ada43a02c36503b6f2d4d0/detection

Ian @ un4seen

  • Administrator
  • Posts: 20427
Re: False positive report of Bass libraries
« Reply #1 on: 23 Oct '17 - 16:57 »
A few of the more popular AV providers monitor the files on the un4seen.com server (including "stuff" updates) to avoid false positives. Comodo are one of them, so it's strange that they are currently indicating a generic "unknown" problem with those updates. I will check with them if there is currently a problem with the monitoring.

rv

  • Posts: 192
Re: False positive report of Bass libraries
« Reply #2 on: 25 Oct '17 - 00:27 »
As I also have problems with antivirus false positive. Not related to Bass...
Did you had to contact all the antivirus companies one by one ?

saga

  • Posts: 2181
Re: False positive report of Bass libraries
« Reply #3 on: 25 Oct '17 - 12:17 »
In general that is what you have to do. But there are a few shortcuts you can take. This article might be helpful for you: https://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm

Falcosoft

  • Guest
Re: False positive report of Bass libraries
« Reply #4 on: 25 Oct '17 - 17:14 »
Quote
In general that is what you have to do. But there are a few shortcuts you can take. This article might be helpful for you:
The problem is these new AV vendors with their brilliant engines (e.g. Cylance) do not care small developers to report false positives.
https://www.reddit.com/r/antivirus/comments/6r09o0/cylance_false_positives/
But it seems eGambit has a report form:
https://tehtris.com/egambit_fp.php

Quote
Did you had to contact all the antivirus companies one by one ?
Isnstead I recommend what NirSoft recommended earlier, that is encourage your users who trust your product to report false positive to the AV vendor whose product they use:
Quote
http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/