On Fri, 01 Oct 2004 21:56:22 +0200 Bogusław Brandys <[EMAIL PROTECTED]> wrote:
> Hello, > > Anybody have an idea how to detect polymorphic viruses/ and other > mutating malware ? There is _no_ simple answer on this question because it depends on an encryption technique used by a virus. Some mutating malware may be detected using regular expressions and some require more subtle methods. Maybe a code emulation (performed in order to get a real virus code in an emulator's memory) was a good generic method in the DOS era but now (even if they support all w32 syscalls) such emulators are very easy to fool. In ClamAV, we plan to add (most likely in 0.90) some cryptoanalysis mechanisms that will allow to detect complex polymorphic viruses. BTW: Please ask technical questions on clamav-devel@ and not [EMAIL PROTECTED] -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Oct 2 03:53:54 CEST 2004
pgpkkaeM0ad86.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
