Nmap Development: Re: compressing nmap executables and dlls with upx

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

Re: compressing nmap executables and dlls with upx

From: AgentSmith15 <agentsmith15 () gmail com>
Date: Tue, 5 Feb 2008 22:40:26 -0600

I couldn't see why AVs would flag UPX compression as suspicious. Yes, I know
viruses and bots have used UPX in the past to attempt to bypass AV's, but
this mindset isn't helping the AVs argument to flag all packed executables
as suspicious. UPX is open source and there are no attempts whatsoever to
try to prevent unpacking. So all AV's worth their salt should be able to
unpack and scan UPX files.

Also looking at the UPX site they say it's it doesn't require any extra
memory to run the compressed files.

Fyodor could put two links on his site, and let people choose what they
want.

Jonathan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

By Date By Thread

Current thread:

compressing nmap executables and dlls with upx DePriest, Jason R. (Feb 04)
- RE: compressing nmap executables and dlls with upx Dario Ciccarone (dciccaro) (Feb 04)
  - Re: compressing nmap executables and dlls with upx Guilherme Polo (Feb 05)
  - Re: compressing nmap executables and dlls with upx DePriest, Jason R. (Feb 05)
    - Re: compressing nmap executables and dlls with upx AgentSmith15 (Feb 05)