Virus detection

Comments (3)

Anders@Melander

The generated resources modules are just completely empty DLL stubs (no data, no code, nothing) with some resources (the localized forms and strings) appended to them so it’s actually technically impossible for them to be infected unless something on your system infected them. The DLL stub is the file EmptyResourceModule.dll in the Source\Resources folder.

I wouldn’t worry about Symantec: Bloodhound.W32.EP though since it’s a heuristic virus signature which just means that something in the file “looks like a virus”.

The only way to minimize false positives like these is to digitally sign the files and even that is no guarantee.

2021-07-20T13:42:57+00:00

Anders Melander repo owner

changed status to closed

2021-07-20T13:45:02+00:00

Anders Melander repo owner

Refs ~~#21~~ Try to detect when an anti-virus program deletes the temporary file used by BeginUpdateResource/EndUpdateResource and notify the user.

→ <<cset 6f7884dc99c9>>

2021-10-04T22:12:11+00:00

Anders@Melander
The generated resources modules are just completely empty DLL stubs (no data, no code, nothing) with some resources (the localized forms and strings) appended to them so it’s actually technically impossible for them to be infected unless something on your system infected them. The DLL stub is the file EmptyResourceModule.dll in the Source\Resources folder.

I wouldn’t worry about Symantec: Bloodhound.W32.EP though since it’s a heuristic virus signature which just means that something in the file “looks like a virus”.

The only way to minimize false positives like these is to digitally sign the files and even that is no guarantee.
- 2021-07-20T13:42:57+00:00
Anders Melander repo owner
- changed status to closed
- 2021-07-20T13:45:02+00:00
Anders Melander repo owner
Refs ~~#21~~ Try to detect when an anti-virus program deletes the temporary file used by BeginUpdateResource/EndUpdateResource and notify the user.

→ <<cset 6f7884dc99c9>>
- 2021-10-04T22:12:11+00:00
Log in to comment