funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about Viruses

From: Drsolly <drsollyp () drsolly com>
Date: Fri, 7 Jul 2006 20:44:29 +0100 (BST)
On Fri, 7 Jul 2006, Peter Kosinar wrote:


This way the engine wouldnt submit the new virus to the parent company
for developers to figure out a removal procedure.


In fact, this happens regularly (though, not very often) -- certain pieces 
of malware tend to be infected by parasitic viruses (Win32/Parite.B comes 
into mind) and are thus detected as such and possibly disinfected by the 
AV and the underlying piece of malware might remain undetected. On the 


It would be a *remarkably* crappy AV that behaved that way. What Findvirus 
did (and I guess still does) is, if it's told to do a repair, then it 
strips off the virus to get back to the underlying file. Then it checks 
that for viruses - if it finds a virus, it does a repair ... and so on, 
down to an unlimited number of times (as long as there's still a virus in 
the file).

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: