Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: AW: [suse-security] NAI on unix do not find actual virus
  • From: Michel Messerschmidt <lists@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Sat, 13 Mar 2004 10:36:05 +0100
  • Message-id: <20040313093605.GA4284@xxxxxxxxxxxxxxxx>
On Thu, Mar 11, 2004 at 09:26:21PM -0500, Dana Hudes wrote:
> Seems to me that while the method of executing in a controlled/simulated
> environment wouldn't work that once its known what the virus is you just
> check for the bitpattern like anything else. If you use enough bits
> its highly unlikely to match any other file, encrypted or otherwise.

That doesn't work for polymorphic viruses and viruses that use randomly
generated encryption passwords.

--
Michel Messerschmidt lists@xxxxxxxxxxxxxxxxxxxxxxx
antiVirusTestCenter, Computer Science, University of Hamburg

< Previous Next >