This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: BLODA detection code in latest snapshot


On 29/02/2012 7:22 AM, Andrey Repin wrote:
do you filter by DLL name or it's full path?
Because, %SystemRoot%\system32\shlwapi.dll is likely to be harmless.
But same name DLL inserted from any other place...
That would be moving beyond mere BLODA and into malware territory. At that point, just because it's in %SystemRoot% doesn't mean it's safe, either. In fact, we can't really even be sure a well-known dll name in %SystemRoot% is safe if the machine is infected with something.

I don't think we're trying to play virus scanner here, so dll name should suffice.

$.02
Ryan


-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]