Exactly my point, yes- especially if one were to make a framework designed to easily analyse such things (when it becomes much easier for the malware because it for instance could just check whether the framework is in the current env (as a super-trivial example- but any framework that is easy to run is likely to be easy to adapt to for this sort of code).
It'd certainly be feasible to check for outgoing calls though, at least for relatively simple cases (on-import, when calling with particular args), but I think the licensing, etc issues are probably easier to solve-ish and maintain, so probably a better starting point. This is just a gut feeling though- I've done this stuff manually in the past when I've needed to. Thanks, S On 27/07/17 14:41, Mike Eriksson wrote: On Thu, Jul 27, 2017 at 2:39 PM Andy Robinson <a...@reportlab.com<mailto:a...@reportlab.com>> wrote: On 27 July 2017 at 15:33, S Walker <walke...@hotmail.co.uk<mailto:walke...@hotmail.co.uk>> wrote: > I suspect malicious phone-home (and other deliberately malicious security) > stuff would be very difficult to automatically test for Presumably you want to spy on outbound network activity from your test machine, rather than analysing code? That is if they haven't written their code so it is aware of the characteristics of 'malware analytics environments'. Basically it's dormant if it thinks it is being observed. Something which is very common these days. At least at the cutting edge of such things. Cheers, Mike _______________________________________________ python-uk mailing list python-uk@python.org<mailto:python-uk@python.org> https://mail.python.org/mailman/listinfo/python-uk
_______________________________________________ python-uk mailing list python-uk@python.org https://mail.python.org/mailman/listinfo/python-uk
