BoB Posted August 10, 2012 Share Posted August 10, 2012 As some of you will know, I have written a packer (haven't we all)What is the best way to get files compressed by my packer to be known by AV companies as safe?Is there some site to upload files for processing, like VirusTotal but the other way round?The loader code is very simple, so smart AV software will probably have no problem unpacking it and checking for malware, but I mean for the others that detect everything unknown as suspicious.Have fun!BoB Link to comment
Teddy Rogers Posted August 10, 2012 Share Posted August 10, 2012 Maybe you could try looking in to Taggant?http://forum.tuts4you.com/topic/26948-ieee-software-taggant-system-for-exposing-malware-creators/Ted. Link to comment
ghandi Posted August 10, 2012 Share Posted August 10, 2012 You will never be able to have a 100% clean executable, there will always be false positives given the current methodology of heuristics and signature scanning, but through pro-action you might minimize its effects.That taggant system sounds neat, i wonder how much it will cost to become a 'certified' developer though, if it does get adopted i can see all of us 'rogue' coders being kicked in the nuts. If that happens then the only way people will be able to run our stuff alongside their AV will be through hacks or workarounds, oh joy.This is possibly a strange suggestion but have you considered contacting any packer vendors to see how they handle it? I honestly don't know how receptive they would be of questions but considering that they're benign, perfectly reasonable and legitimate, they might come to the party with information.Even freeware packer vendors might be able and willing to give you information BoB.HR,Ghandi 1 Link to comment
mudlord Posted August 22, 2012 Share Posted August 22, 2012 (edited) I have been working on and off on my own personal PE packer for some time.I'd say the easiest thing is to get end users to flag any software packed by your packer as false positives as needs be. Seems doubtful some companies will have the patience to look at a packer and then make a generic unpacker routine based on info you give to AV devs, or even source code.that said, this taggant idea is awesome, but my concern is the freeware/FOSS packer environment, how will taggants be handled there? Still requires a fee per year? Edited August 22, 2012 by mudlord Link to comment
BoB Posted August 25, 2012 Author Share Posted August 25, 2012 Hi all, I am aware of the taggent system, but adding loads of extra uncompressed data to packed file is against the reasoning for my packer to exist. The Taggent seems like a nice idea, but I doubt anything will really be achieved by it except less licencing theft, from what I have read. I had looked around before asking, and some AV companies, Symantic and Kasperski for example, have their own whilelisting available from their websites. But my hope was that there was some site/company that would add your software to all these. Perhaps I should make one Ghandi: I have talked to developer of PEC and a couple of others, they fight against AV false positives constantly MudLord: I might put an unpacker into it like Upx -d, but I doubt it would help. My packer is easy to unpack, they should have no problem analysing it Have fun! BoB Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now