13 Mar
2004
13 Mar
'04
09:36
On Thu, Mar 11, 2004 at 09:26:21PM -0500, Dana Hudes wrote:
Seems to me that while the method of executing in a controlled/simulated environment wouldn't work that once its known what the virus is you just check for the bitpattern like anything else. If you use enough bits its highly unlikely to match any other file, encrypted or otherwise.
That doesn't work for polymorphic viruses and viruses that use randomly generated encryption passwords. -- Michel Messerschmidt lists@michel-messerschmidt.de antiVirusTestCenter, Computer Science, University of Hamburg