NO

Author Topic: 32-bit compile causes Avira Flag and Lock  (Read 2055 times)

Offline tony74

  • Member
  • *
  • Posts: 25
32-bit compile causes Avira Flag and Lock
« on: June 04, 2020, 07:41:49 PM »
To investigate an Explore-iX104C tablet touch screen problem (win7 32bit),
I wrote a short diagnostic.

When compiled for 64-bit on my desktop machine, it ran as expected.

When compiled for 32-bit on my desktop machine, Avira flagged it and
locked my project directory, not allowing it to be deleted until
after I did a reboot, I tried this several times with same result.

Avira did this as soon as compilation was finished, I never actually
had a chance to run the program before it was flagged, quarantined and
the project directory was locked.

With no changes to the code, I compiled it for 32-bit on VS2015.
It ran as expected, no Avira flags, no locked directories.

I'm submitting the code and my Pelles C settings to see if anyone
can duplicate my results in Pelles C with Avira, to see if it's
something specific to my machine setup or Pelles C is generating
a binary footprint in 32-bit that Avira thinks is malware, at
least with this particular code and this Avira version.

First time I've run into this in my 30+ years of compiling C/C++.

Try to duplicate my compiler and linker flags exactly, it only
raises an Avira flag in 32-bit compiles (at least over here).

My Avira settings:
version: 1.0.30.9723 free version
         Default settings

Code: [Select]
/*
*  TOUCH32.C
*  Tests for touchscreen capabilities, if any.
*
*  Compiler: Pelles C 9.00.9
*
*  Compiler settings:
*   Debug:          none
*   Runtime Lib:    single-threaded
*   Otimization:    speed
*   Floating-point: Precise
*   Warnings:       Level 1
*   Machine:        X64
*   Architecture:   SSE2
*   Inlinig:        Default
*   C Standard:     C17
*   Options         Microsoft Extensions
*
*  Linker settings (32bit shown):
*   Libs:           kernel32, advapi32, delayimp, user32
*   Subsystem:      Windows
*   Machine:        X86
*
*  Build:           Release.   
*
*  Results:
*   When compiled  with Pelles C for X64 (64-bit):
*   Performs normally, no anti virus flag, runs as expected.
*
*   ***********************************************************************************
*   **When compiled with Pelles C for X86 (32-bit):
*   **Avira anti-virus FLAGS as VIRUS, locks project directory, doesn't allow deleting.
*   ***********************************************************************************
*
*   When compiled with VS2015     for X86 (32-bit):
*   Performs normally, no anti virus flag, runs as expected.
*     
*/


#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

//global result buffer
char buf[4096];

//fwd declarations
int test(void);
int msgw(char *str);
int msgp(char *str);


/*
*From MSDN - for reference:
*
*TABLET_CONFIG_NONE   0x00000000 The input digitizer does not have touch capabilities.
*NID_INTEGRATED_TOUCH 0x00000001 An integrated touch digitizer is used for input.
*NID_EXTERNAL_TOUCH   0x00000002 An external touch digitizer is used for input.
*NID_INTEGRATED_PEN   0x00000004 An integrated pen digitizer is used for input.
*NID_EXTERNAL_PEN     0x00000008 An external pen digitizer is used for input.
*NID_MULTI_INPUT      0x00000040 An input digitizer with support for multiple inputs
*                                is used for input.
*NID_READY            0x00000080 The input digitizer is ready for input.
*                                If this value is unset, it may mean that the tablet
*                                service is stopped, the digitizer is not supported,
*                                or digitizer drivers have not been installed.
*/


//main
///////////////////////////////////////
int WINAPI WinMain(HINSTANCE hinst, HINSTANCE hprevinst, PSTR pcmdline, int cmdshow) {

memset(buf, 0, sizeof(buf));

msgp("  TOUCH DIGITIZER DIAGNOSTIC TEST\n");
test();
msgw(buf);

return 0;
}


//test for touch capability
////////////////////////////////////////////////////////////////////////
int test(void)
{
int value=0;

value = GetSystemMetrics(SM_DIGITIZER);


if (value & NID_READY)
msgp("Digitizer stack ready");
else
msgp("Digitizer Stack NOT ready.\n* Check drivers.\n* Make sure WaCom service is enabled in:\n* Control_Panel->Adminstrative_Tools->Services.\n");

if (value & NID_MULTI_INPUT)
msgp("HAS Multi Input capability");
else
msgp("NO Multi Input capability");

if (value & NID_INTEGRATED_TOUCH)
msgp("IS integrated touch digitizer");
else
msgp("NOT an integrated touch digitizer");

if (value & NID_EXTERNAL_TOUCH)
msgp("IS an External Touch Digitizer");
else
msgp("NOT an External Touch Digitizer");

if (value & NID_INTEGRATED_PEN)
msgp("IS an Integrated Pen Digitizer");
else
msgp("NOT an Integrated Pen Digitizer");

if (value & NID_EXTERNAL_PEN)
msgp("IS an External Pen Digitiser");
else
msgp("NOT an Integrated Pen Digitizer");


return 0;
}


//use MessageBox to display results
////////////////////////////////////////////////////////////////////////
int msgw(char *str)
{
MessageBox(NULL, str, "TOUCH TEST", MB_OK);
return 0;
}


//Concatenate results to global buf
////////////////////////////////////////////////////////////////////////
int msgp(char *str)
{
strcat(buf, str);
strcat(buf, "\n");
return 0;
}




Offline John Z

  • Member
  • *
  • Posts: 790
Re: 32-bit compile causes Avira Flag and Lock
« Reply #1 on: June 12, 2020, 04:18:06 PM »
Hi,

Well it seems not too many Avira users, I use GDATA myself.  So I can't directly help but I will say I have had multiple programs created by Pelles C flagged as having a virus.  I submit the program to GDATA and they have cleared every one, and adjusted their signatures. It mostly does not happen but sometimes a simple code change will make the antivirus flag it.  Even some code complied directly from unchanged Microsoft sources has been flagged.  Exact same code with different compiler optimizations can be ok.

So I would not worry to much.  If Avira has a submission page for false positives that would be useful to clear your code.

Regards,
John

Offline frankie

  • Global Moderator
  • Member
  • *****
  • Posts: 2096
Re: 32-bit compile causes Avira Flag and Lock
« Reply #2 on: June 12, 2020, 05:21:16 PM »
Norton flags all PellesC programs as malware...  >:(
Kaspersky seems to not complain  :o
It is better to be hated for what you are than to be loved for what you are not. - Andre Gide