[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs

To: <exelist@yahoogroups.com>
Subject: Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs
From: "Boguslaw Brandys" <brandysb@...>
Date: Mon, 25 Mar 2002 08:52:10 -0000
Date: Fri, 22 Mar 2002 23:02:21 +0100
References: <a7aevp+pb6h@...>

Better stay with AVP.Running any not known EXE is dangerous even for good
programmer.
The only realistic solution is that used with AVP:
- recognize if file is compressed by any program like UPX,LZExe,wwpack etc
- unpack to memory (but not run)
- analize and fix if virus is found

Best Regards
Boguslaw


----- Original Message -----
From: "messie_x" <messie_x@...>
To: <exelist@yahoogroups.com>
Sent: Wednesday, March 20, 2002 5:56 PM
Subject: [exelist] Newbie question regarding compressed EXEs and anti-virus
progs


> Please forgive me if this is not the right place to bring this
> question up but I don't know a better one. I'm not a hacker, not even
> a developer (although I used to be one years ago), just an ordinary
> user today.
>
> I raised this question in a couple of security-related web forums
> before but haven't received any response that helped so far.
>
> While testing a couple of anti-virus programs, I realized that nearly
> all of them are not able to scan compressed executables (Kaspersky is
> the exception but has some other drawbacks).
>
> My first idea was to search for a tool, that finds all compressed
> executables and then uncompresses them so that a regular av scan will
> work. After some web research, I realized that this approach seems to
> be quite unrealistic as there are so many compressors which are just
> developed with the main intention to prevent others from getting a
> regular (unpacked) executable which they then can reverse engineer.
>
> But is should be possible to develop a program that
> a) runs a compressed executable to the point where the contained
> program is fully uncompressed in memory,
> b) stops at that point,
> c) calls an av on-demand scanner to scan the memory of the now
> uncompressed program,
> d) terminates without actually running the compressed executable
>
> The question now is wether such a nice tool already exists, or
> something similar which could be adapted easily.
>
> I'd also appreciate links to a scanner that generates a list of all
> compressed executables in a given directory and its subdirectories.
>
> The last question is off-topic but I'd also like to scan the contents
> of Microsoft Installer files (*.msi) for viruses. How to unpack?
>
> Thank you.
>
> Messie
>
>
>
>
>
>
>
>
>
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>



-- 

Tego nie znajdziesz w zadnym sklepie!
[ http://oferty.onet.pl ]

Follow-Ups:
- Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs
  - From: mame user <mame2099my@...>

References:
- Newbie question regarding compressed EXEs and anti-virus progs
  - From: "messie_x" <messie_x@...>

Prev by Date: Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs
Next by Date: Re: [exelist] (unknown)
Previous by thread: Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs
Next by thread: Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs
Index(es):
- Date
- Thread