You'd think that Virus Total would vet the tools they use in order to increase the validity of the data they provide, but that doesn't appear to happen either. If there is no process to reach exclusion (white list) then the process is one where the flags just grow. Which is a great business model for the uninformed.

Ideally, Virus Total would apply pressure to AV makers and then exclude them when they stay outside of their guidelines. Their database would give them a meaningful role in this process, but they don't do that. Which means they are meaningless. They need a transparent process of authority to bolster their validity.

...and they would still just be a collection of bad apples in the best case - the failed history of the malicious.

Submitted Avast:

https://www.avast.com/false-positive-file-form.php?page=success

They did not provide an Incident # for tracking. Not sure the process they use to update their whitelist/blacklists. Maybe if the version keeps changing, they have nothing to compare with and then they run some primitive checks, which they are not updating, or maybe fasmg keeps evolving (like with calm) so they have a harder time updating their rules. I'm sure self-modifying assembly is a flag, beyond that, this is not surprising, but unfortunate since the version will keep updating and they need SOME WAY to accommodate this.

There is no self-modifying code in fasmg, and no executable data section, CALM uses just a simple VM-like interpreter.

Noted!

Heard back from Avast, will see if the clearing holds up on further releases:
Avast Clean Guidelines.

So, basically, Avast is flagging the file because it lacks a version info section/resource - as it doesn't fault in any other way listed.

We shouldn't be designing our .exe files just to please Avast, or any other AV.

Unless they put us on the payroll then those false positives and false negatives are their problems they can spend time to solve for themselves, not something we need to solve for them.

Do you have an example pair of otherwise identical .EXEs to substantiate the claim?
If it's just some stupid section, I could throw it into my .EXEs.

I just reviewed their guidelines and groked that with what I know about fasmg. I'm not in favor of AV authors defining what an executable should consist of. Just like I'm not in favor of all this unwinding trash that programs need to be secure. Luckily, I don't need to bow down to this nonsense. This has nothing to do with the ability to comply.