Hi,

I’d really like if you could somehow analyze the crinkler executable file compressor (http://www.crinkler.net), so Avast doesn’t report false positives for all files of that type. It’s really a pain since close to every single demoscene production less than 64KB in size get caught and blocked.

I’m sure Rune and Aske (the authors of Crinkler) would be happy to help out in establishing a way to prevent files packed with crinkler to report false positive.

To see what people miss out on (without downloading the 4k executable, since it would get blocked) check out the pieces of art at http://www.demoscene.tv.
In particular - you might check out:
Elevated: http://www.demoscene.tv/page.php?id=172&lang=uk&vsmaction=view_prod&id_prod=13718
Receptor: http://www.demoscene.tv/page.php?id=172&lang=uk&vsmaction=view_prod&id_prod=13519
to see the awesome procedural audio/visual in just 4Kb made possible using Crinkler.

Whilst I’m unable to help directly as I’m only an avast user, it is a bit strange that only files below 64KB are detected and not those above it. So perhaps a question of the authors of what the difference between the two might be.

Do you mean crinkler.exe when you talk of the 4k executable, if so avast doesn’t alert on that ?

Sorry I can’t check out the demoscene.tv links being on dial-up it is a no go on this media intensive site.

I’m sorry - Probably could have put it more clearly.
What I meant was, that close to every released production in size-limited competitions uses Crinkler.
I don’t think crinkler.exe itself gets caught. Only the productions compressed using Crinkler.
If Crinkler was used to compress productions of larger size, they’d get caught as well.
To analyse a production compressed with Crinkler, get the Elevated intro here: http://www.scene.org/file_dl.php?url=http://http.se.scene.org/pub/scene.org/parties/2009/breakpoint09/in4k/rgba_tbc_elevated.zip&id=517890
It’s 4KB so even slow connections should do just fine

Sorry you have lost me here, I downloaded the zip and scanned it using the avast quick scan and no detections, see image.

I uploaded one of the files elevated_1024x768.exe, to virustotal and that got 12 detections of 41 scanners, avast not detecting.
http://www.virustotal.com/analisis/1343e3a86e11c47ef8b128a3a8ed5841117f6377292c3f3a4b1c5d2c10646fc1-1257355060

Did the same with another file elevated_1920x1080_hq.exe and this time only 9/41 detections.
http://www.virustotal.com/analisis/5815dbd67938d2d2e8fee13d06ccb8e83f168e5cac8742c5c0c507e45a6bb163-1263605061

So it looks like the the crinkler executable file compressor has problems with multiple AVs. So I don’t really know how to proceed as avast isn’t alerting on any of those files I downloaded.

So if you have some that avast is alerting on then you too could check the virustotal results and submit samples to avast.
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject (though if multiple scanners detect it that is a tough one to sell).

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.