You could simply move the original JNI DLL out of the way and replace it with a wrapper that does the signal handler setup in a .init section and otherwise has stubs for all entry points that simply call the real (now renamed) DLL.
In Solaris/Illumos we'd call that wrapper a "filter", and Solaris/ Illumos has tools to make building a filter easier, but the concept is general enough and you can build the same sort of thing on Linux and Windows just as well. Again, this is still code injection. It's still likely to cause false alerts. Again, I recommend taking this up with the vendors of the relevant security analysis tools. Nico --
