funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CME: A Total Failure -- Throw in the Towel

From: Blue Boar <BlueBoar () thievco com>
Date: Sun, 12 Mar 2006 16:20:37 -0800
Drsolly wrote:

OK. My favourite antivirus scanner says that "This specimen resembles
Yellow Wheelbarrow". Now what? I still don't know if it's CME-24 or not.
You scanner spits out the string "CME-24" somewhere next to "Yellow Wheelbarrow", and/or you go to the CME site and type in "Win95.YellowWheelbarror@mm-wtfbbq", and it gives you back CME-24. Then, when somoene else's scanner says that they have "bob", when you can go look up bob, and see that it is also CME-24.
Current AV companies mostly list names that other scanners call it already. The CME simply becomes a a key field, instead of everyone having a many<->many mapping.
Or were you instead asking about something more complicated, related to partial matches, and the fact that one AV may identify two files as two things, probably in the same family, while a second scanner says they are the same thing? 

                                                BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: