Hosting Provided By

Re: Anti-virus support for packers

From: Nick FitzGerald <nick(at)virus-l.demon.co.uk>
Date: Mon Nov 25 2002 - 21:45:33 EST

"Raghavendran H. (SSG) - CTD, Chennai." <raghavh@ctd.hcltech.com> wrote:

> During an interesting "study" session on viruses, I found to my dismay
> Norton Antivirus Corp. Ed. wouldn't even detect UPXed viruses (the UPX
> version being the latest. The older ones too weren't detected!). Funny
> enough, NAV wouldn't detect the file on accessing it and not even when the
> virus is run!!! Is this behaviour common with all other Virus Scanners too
> (such as McAfee, Kaspersky etc.) I also tried ASPack and still same result.
> NAV simply couldn't detect the virus. The "virus" sample chosen for the
> study was the W32.Debploit virus.
>
> What gives?

Before commenting further, I need to know the answer to a question I presume is answered yes, but is so important to making sense of your "data" that I'm surprised you didn't tell us up front:

Does NAV detect the unpacked "virus" you were "testing" with?

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Received on Tue Nov 26 11:50:39 2002

This message: [ Message body ]
Next message: David Vincent: "FW: bugbear virus"
Previous message: Nick FitzGerald: "Re: Opaserv.-- Problems"
In reply to: Raghavendran H. (SSG) - CTD, Chennai.: "Anti-virus support for packers"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:38 EDT