A blog about reverse engineering, mathematics, politricks and some more ...
Sunday, January 04, 2009
ClamAV and unpackers
Hey all,
this might be a rather odd question, but given the (unfortunate) fact that ClamAV can't unpack even the simplest packers, has nobody ever contemplated writing packer-specific unpackers for ClamAV ?
This is very strange, read the following qoute from their website
(The 0.9x series introduces lots of improvements in terms of detection rate and performance, like support for many new packers and decryptors, RAR3 and SIS archives, and a new phishing signatures format that proves to be very effective.)
Check this link: http://www.clamav.net/index.php?s=packers
A Symantec Certified Specialist @ your service http://extremesecurity.blogspot.com
Unpackers can get pretty complicated and now that SourceFire owns ClamAV, at least, some people just don't feel like giving away their gems... Either way, unpackers don't need to be integrated directly into ClamAV, which avoids dealing with this whole mess :-) At least, that's how I integrated with it.
Hi,
ReplyDeleteThis is very strange, read the following qoute from their website
(The 0.9x series introduces lots of improvements in terms of detection rate and performance, like support for many new packers and decryptors, RAR3 and SIS archives, and a new phishing signatures format that proves to be very effective.)
Check this link:
http://www.clamav.net/index.php?s=packers
A Symantec Certified Specialist @ your service
http://extremesecurity.blogspot.com
Unpackers can get pretty complicated and now that SourceFire owns ClamAV, at least, some people just don't feel like giving away their gems... Either way, unpackers don't need to be integrated directly into ClamAV, which avoids dealing with this whole mess :-) At least, that's how I integrated with it.
ReplyDelete