TIP: Click on subject to list as thread! ANSI
echo: alt-comp-anti-virus
to: ALL
from: FROMTHERAFTERS
date: 2014-10-27 18:16:00
subject: Re: Notice to Appear, fro

Virus Guy expressed precisely :
> Dustin wrote:
>
>>> And we have more!  This one's hot-off-the-press (as of 3 hours
>>> ago):
>> 
>> And it means absolutely nothing. That's the thing you don't seem to
>> comprehend.
>
> So what you're saying is that for the 10 AV programs that *can* detect
> those files as viral - it means nothing.

It looks to me as if they are detecting the packer and not the actual 
malware in the package. IOW they have seen the packer before with 
samples of other malware inside.

[...]

> Does anyone else here feel the same way as Dustin about this ability (or
> lack thereof) of the vast majority of AV software to be able to detect
> these threats when they first enter circulation?

It is inherently impossible to identify any *new* sample with signature 
based detection if no signature has yet been promulgated.

In some cases they may be able to 'detect' that it is malware by 
guessing that malware would reside in such a packed file, but not be 
able to 'identify' what malware it is.


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.