Store an image in resources

**qwerz** · June 19th, 2012, 10:36 AM

Hello,

I tried to store a bmp image in my RT_RCDATA or RT_BITMAP and my file has a false positive now.
Is it normal that an array gets picked up as
AntiVir (Avira) TR/Dropper.Gen

And what are the possible work arounds?

Thanks in advance.
Regards,
Qwerz

**Igor Vartanov** · June 19th, 2012, 11:38 AM

BMP from resource
JPG from resource

**qwerz** · June 19th, 2012, 12:12 PM

That is not exactly the work around that I meant, because I still want to use the embedded resources. But thanks

**Igor Vartanov** · June 19th, 2012, 12:22 PM

You have to elaborate a bit on "embedded resources" as the samples exactly demonstrate how to embed pictures to resources and use those at runtime.

**Paul McKenzie** · June 19th, 2012, 01:53 PM

Originally Posted by qwerz

That is not exactly the work around that I meant

The workaround is to contact the company that makes the anti-virus and report what you're doing as a false positive.

Regards,

Paul McKenzie

**S_M_A** · June 19th, 2012, 03:40 PM

Not that I'm familiar with how a virus scanner does it's decisions but why would the bitmap be considered malicious when stored as a resource in the exe but not as a file? I would try copying that bitmap to a file that ends with exe to check if its really the bitmap that cause the false positive. Just in case the virus scanner needs a proper exe header you might also try attaching it to another exe by doing a copy /B file.exe + /B file.bmp test.exe

**qwerz** · June 19th, 2012, 06:25 PM

Just test it yourself if you do not believe it. I added the embedded resource under RT_STRING or RT_RCDATA. Not a single combination works.

Avira detects resources as a virus if they are bigger than 20kb.

**Igor Vartanov** · June 20th, 2012, 01:39 AM

Sorry, I failed to understand your original problem.

Just test it yourself if you do not believe it.

No, thanks. I'm fine with MSE.

Avira detects resources as a virus if they are bigger than 20kb.

And what kind of (programming?) workaround you expect here other than to get rid of the offending software and never use the one, never ever?

**Paul McKenzie** · June 20th, 2012, 05:32 AM

Originally Posted by qwerz

Just test it yourself if you do not believe it. I added the embedded resource under RT_STRING or RT_RCDATA. Not a single combination works.

Avira detects resources as a virus if they are bigger than 20kb.

What if I wrote a program that detected that all your EXE's had viruses? Are you going to pull your hair out looking for a "workaround", or are you going to contact my company and ask me what the heck is going on?

So contact the company and state very simply that their program is detecting your legitimate file has a virus. Let them resolve the issue.

Regards,

Paul McKenzie