funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CME: A Total Failure -- Throw in the Towel

From: Drsolly <drsollyp () drsolly com>
Date: Mon, 13 Mar 2006 23:03:33 +0000 (GMT)
On Tue, 14 Mar 2006, Nick FitzGerald wrote:


Drsolly wrote:


That's part of it. Are there any products today that do exact 
identification by checksumming the static bytes of the malware?


Well, I'm sure some parts of what was once your engine still do that in 
at least some circumstnaces in the McAfee product today.


But is that product doing it for CME-24?
 

And I was always under the impression that Frisk's engine did this in 
at least some cases -- with most "old DOS" viruses and much macro 
malware being (nearly) exactly identified (i.e., as "exactly" as in 
your former engine).


But is that product doing it for CME-24? 
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: