funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CME: A Total Failure -- Throw in the Towel

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 14 Mar 2006 09:23:40 +1300
Drsolly wrote:


That's part of it. Are there any products today that do exact 
identification by checksumming the static bytes of the malware?


Well, I'm sure some parts of what was once your engine still do that in 
at least some circumstnaces in the McAfee product today.

And I was always under the impression that Frisk's engine did this in 
at least some cases -- with most "old DOS" viruses and much macro 
malware being (nearly) exactly identified (i.e., as "exactly" as in 
your former engine).


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: