Jump to content
Tuts 4 You

White listing


BoB

Recommended Posts

Posted

As some of you will know, I have written a packer (haven't we all)

What is the best way to get files compressed by my packer to be known by AV companies as safe?

Is there some site to upload files for processing, like VirusTotal but the other way round?

The loader code is very simple, so smart AV software will probably have no problem unpacking it and checking for malware, but I mean for the others that detect everything unknown as suspicious.

Have fun!

BoB

Posted

You will never be able to have a 100% clean executable, there will always be false positives given the current methodology of heuristics and signature scanning, but through pro-action you might minimize its effects.

That taggant system sounds neat, i wonder how much it will cost to become a 'certified' developer though, if it does get adopted i can see all of us 'rogue' coders being kicked in the nuts. If that happens then the only way people will be able to run our stuff alongside their AV will be through hacks or workarounds, oh joy.

This is possibly a strange suggestion but have you considered contacting any packer vendors to see how they handle it? I honestly don't know how receptive they would be of questions but considering that they're benign, perfectly reasonable and legitimate, they might come to the party with information.

Even freeware packer vendors might be able and willing to give you information BoB.

HR,

Ghandi

  • Like 1
  • 2 weeks later...
Posted (edited)

I have been working on and off on my own personal PE packer for some time.

I'd say the easiest thing is to get end users to flag any software packed by your packer as false positives as needs be. Seems doubtful some companies will have the patience to look at a packer and then make a generic unpacker routine based on info you give to AV devs, or even source code.

that said, this taggant idea is awesome, but my concern is the freeware/FOSS packer environment, how will taggants be handled there? Still requires a fee per year?

Edited by mudlord
Posted

Hi all,

I am aware of the taggent system, but adding loads of extra uncompressed data to packed file is against the reasoning for my packer to exist.

The Taggent seems like a nice idea, but I doubt anything will really be achieved by it except less licencing theft, from what I have read.

I had looked around before asking, and some AV companies, Symantic and Kasperski for example, have their own whilelisting available from their websites.

But my hope was that there was some site/company that would add your software to all these. Perhaps I should make one :)

Ghandi: I have talked to developer of PEC and a couple of others, they fight against AV false positives constantly :(

MudLord: I might put an unpacker into it like Upx -d, but I doubt it would help. My packer is easy to unpack, they should have no problem analysing it :)

Have fun!

BoB

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...