This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: BLODA detection code in latest snapshot
Greetings, Corinna Vinschen!
>> > Yup, confirmed. This occurs on W7/32 as well.
>> > I add shlwapi to the list of filtered DLLs for which no such message is printed.
>>
>> Could you please consider making such list configurable, if it's not much of
>> an issue?
>> This feature seems to be the reasonable way for rough detection of potentially
>> malicious presence, but I would like to avoid certain handlers to be reported,
>> such as antivirus' LSP or keyboard hotkey handler.
> Hmm. Well, this option isn't meant to be used all the time. It's not
> overly intrusive, but it costs time and Cygwin already isn't exactly
> fast. For a pure diagnosing tool, does it makes sense to add lots
> of configuration options?
No, it doesn't. I've asked "just in cause" :)
> If you want to make the DLL list configurable, what's your idea? Another
> env var like, say CYGWIN_DETECT_BLODA_DLL_IGNORE_LIST?
Registry key (REG_MULTI_SZ) would be better.
Speaking of which (a list of potentially intrusive DLL's) - do you filter by
DLL name or it's full path?
Because, %SystemRoot%\system32\shlwapi.dll is likely to be harmless.
But same name DLL inserted from any other place...
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 29.02.2012, <16:09>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple