On Thu, 04 May 2006 10:34:38 +0200 Nikolaus Rath <[EMAIL PROTECTED]> wrote:
> Hello, > > I'm interested in the JS code emulator idea. Unfortunately the > description on clamav.net is a little bit brief. I'd be great if > somebody could elaborate a little bit more on what exactly the > emulator is supposed to do. There exist some open-source JS interpreters. The idea is to take such an interpreter (e.g. the one from www.njs-javascript.org) and integrate it with libclamav. Because ClamAV is not a web browser such an emulator must have some execution limits (eg. terminate itself after some time) and targeted on viruses: should be able to detect some standard decryption loop constructions and perform pattern matching in VM's memory after unrolling them, scan variable arguments of document.write(), etc. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri May 5 12:01:31 CEST 2006
signature.asc
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
