Nmap Development mailing list archives
Re: Latest dist v5.2
From: Ron <ron () skullsecurity net>
Date: Thu, 21 Jan 2010 14:56:20 -0600
On 01/21/2010 10:04 AM, Ron wrote:
On 01/21/2010 09:59 AM, DePriest, Jason R. wrote:The other option is to tell the a/v vendor to cut it out, but I can't see that working. :)Actually, this is pretty much the only option. Sysinternal's psexec occasionally gets flagged as a virus along with other legit things like upx-compressed executables because malware also use them. That's free / open source for you, right? You have to let the vendors know they are triggering false positives. It's up to them if they care or not.Well, the alternative option is to distribute it separately so Nmap proper doesn't trigger the aignature.
Another alternative, that Patrik mentioned to me, is to encode/encrypt the .exe on our side then decrypt it in memory before uploading.
On one hand, it's sort of the best of both worlds. On the other hand, evading antivirus has that malicious feeling to it..
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Latest dist v5.2 AntonĂn Sprinzl (Jan 21)
- Re: Latest dist v5.2 Jonathan R (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- Re: Latest dist v5.2 DePriest, Jason R. (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- Re: Latest dist v5.2 DePriest, Jason R. (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- Re: Latest dist v5.2 Michael Pattrick (Jan 21)
- Re: Latest dist v5.2 Michael Pattrick (Jan 21)
- Re: Latest dist v5.2 Ron (Jan 21)
- AW: Latest dist v5.2 Wissmann, Dirk (Jan 21)
- Re: Latest dist v5.2 Fyodor (Jan 21)
- Re: Latest dist v5.2 Tom Sellers (Jan 21)
- Re: Latest dist v5.2 David Fifield (Jan 25)
- Re: Latest dist v5.2 Ron (Jan 25)
- Re: Latest dist v5.2 David Fifield (Jan 26)
- Re: Latest dist v5.2 Ron (Jan 26)