jguo@cs.NYU.EDU (Jun Guo) (02/06/91)
Hi,
We know that signature based scanner will not search into compressed
EXE/COM file. So if we have decompressors we should decompress the file
and then apply virus scanner on it.
The following is a list of EXE/COM compressors I heard of:
compressor: decompressor:
LZEXE UNLZEXE
PKlite PKlite -x
Diet 1.0 Diet -r
LEXEM
TinyProg
EXEPACK UPACKEXE
AXE
Shrink
SCRNCH
ICE ICE breaker
CRUNCH
I'd like to hear from you of other compressors and decompressors.
And one more thing: how are device drivers loaded? Can they be
compressed also? If yes, how can we decompress that?
Many thanks.
Jun
P.S.: I just heard of there is ICE breaker. But never seen that.frisk@rhi.hi.is (Fridrik Skulason) (02/08/91)
jguo@cs.NYU.EDU (Jun Guo) writes: > We know that signature based scanner will not search into compressed >EXE/COM file. Not 100% correct - some scanners will scan some types of compressed files simply by uncompressing them first - for example my F-PROT, and (I think) McAfee's SCAN will scan a LZEXE-packed file. Of course I want to make my scanner be able to scan all the different types of compressed files - the problem is just that I don't have a copy of all the compressors - in fact, I only have LZEXE and EXEPACK. I know some of the compressors are available on SIMTEL20 and elsewhere, but not all. So, could somebody mail me information on the status of the programs below - are they shareware/freeware/commercial, and where are they available ? No need to increase the traffic on Virus-L too much...I will post a summary of the replies I receive. > PKlite PKlite -x > Diet 1.0 Diet -r > LEXEM > TinyProg > AXE > Shrink > SCRNCH > ICE ICE breaker > CRUNCH > I'd like to hear from you of other compressors and decompressors. I know of one program from Bulgaria - perhaps Vesselin Bontchev could provide some information on it - the problem is just that he does not have a computer any more, as he was just promoted. > And one more thing: how are device drivers loaded? Can they be >compressed also? If yes, how can we decompress that? I know of no method to compress device drivers, which allows them to be uncompressed dynamically on loading - it could be written, of course, but I don't think it is worth the effort - device drivers are usually so small (less than 50 Kbytes) one does not gain much in space or loading time.