Sunday, January 04, 2009

ClamAV and unpackers

Hey all,

this might be a rather odd question, but given the (unfortunate) fact that ClamAV can't unpack
even the simplest packers, has nobody ever contemplated writing packer-specific unpackers
for ClamAV ?

Cheers,
Halvar

2 comments:

Aa'ed Alqarta said...

Hi,

This is very strange, read the following qoute from their website

(The 0.9x series introduces lots of improvements in terms of detection rate and performance, like support for many new packers and decryptors, RAR3 and SIS archives, and a new phishing signatures format that proves to be very effective.)

Check this link:
http://www.clamav.net/index.php?s=packers


A Symantec Certified Specialist @ your service
http://extremesecurity.blogspot.com

Cosmo said...

Unpackers can get pretty complicated and now that SourceFire owns ClamAV, at least, some people just don't feel like giving away their gems... Either way, unpackers don't need to be integrated directly into ClamAV, which avoids dealing with this whole mess :-) At least, that's how I integrated with it.