[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs

To: exelist@yahoogroups.com
Subject: Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs
From: mame user <mame2099my@...>
Date: Fri, 5 Apr 2002 09:33:18 -0800 (PST)
In-reply-to: <a7aevp+pb6h@...>

--- messie_x <messie_x@...> wrote:
> Please forgive me if this is not the right place to
> bring this 
> question up but I don't know a better one. I'm not a
> hacker, not even 
> a developer (although I used to be one years ago),
> just an ordinary 
> user today.
> 
> I raised this question in a couple of
> security-related web forums 
> before but haven't received any response that helped
> so far.
> 
> While testing a couple of anti-virus programs, I
> realized that nearly 
> all of them are not able to scan compressed
> executables (Kaspersky is 
> the exception but has some other drawbacks).
> 
> My first idea was to search for a tool, that finds
> all compressed 
> executables and then uncompresses them so that a
> regular av scan will 
> work. After some web research, I realized that this
> approach seems to 
> be quite unrealistic as there are so many
> compressors which are just 
> developed with the main intention to prevent others
> from getting a 
> regular (unpacked) executable which they then can
> reverse engineer.
> 
> But is should be possible to develop a program that
> a) runs a compressed executable to the point where
> the contained 
> program is fully uncompressed in memory,
> b) stops at that point, 
> c) calls an av on-demand scanner to scan the memory
> of the now 
> uncompressed program,
> d) terminates without actually running the
> compressed executable
> 
> The question now is wether such a nice tool already
> exists, or 
> something similar which could be adapted easily. 
> 
> I'd also appreciate links to a scanner that
> generates a list of all 
> compressed executables in a given directory and its
> subdirectories.
> 
> The last question is off-topic but I'd also like to
> scan the contents 
> of Microsoft Installer files (*.msi) for viruses.
> How to unpack?
> 
> Thank you.
> 
> Messie
> 
> 
> 
> 
> 
> 
> 
> 
> 
btw: to unpack *.msi files try msi.wcx plugin for
Windows Commander, www.ghisler.com


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

References:
- Newbie question regarding compressed EXEs and anti-virus progs
  - From: "messie_x" <messie_x@...>

Prev by Date: Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs
Next by Date: Re: [exelist] "EKB" file used by StopCopy
Previous by thread: Re: [exelist] Newbie question regarding compressed EXEs and anti-virus progs
Next by thread: exe wrapper
Index(es):
- Date
- Thread