Nmap Development mailing list archives
Re: Latest dist v5.2
From: Fyodor <fyodor () insecure org>
Date: Wed, 27 Jan 2010 14:18:00 -0800
On Tue, Jan 26, 2010 at 05:31:42PM -0600, Ron wrote:
Have you (or anyone else) tested to make sure this will solve the problem? If not, I guess what we'll have to do is build the installer and submit it to the same links as in http://seclists.org/nmap-dev/2010/q1/211.No, I didn't test it, but somebody commented that changing just the first bit is enough to overcome the scanner. I change every bit, though, and the encoder isn't built in, so there isn't really any way an a/v scanner would pick it up.
We should have tested :(. Now I'm getting reports that nmap_services.exe triggers Panda Antivirus W32/Xor-encoded.A: http://www.cloudantivirus.com/en/threat-information/Xor-encoded.A/194318/ VirusTotal finds that as well: http://www.virustotal.com/analisis/5938478eb7195e53ba408b6fc390b35f2ccff6e68b761da4a5dfab97f3164a9c-1264630143 -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Latest dist v5.2, (continued)
- Re: Latest dist v5.2 Michael Pattrick (Jan 21)
- Re: Latest dist v5.2 Michael Pattrick (Jan 21)
- AW: Latest dist v5.2 Wissmann, Dirk (Jan 21)
- Re: Latest dist v5.2 Fyodor (Jan 21)
- Re: Latest dist v5.2 Tom Sellers (Jan 21)
- Re: Latest dist v5.2 David Fifield (Jan 25)
- Re: Latest dist v5.2 Ron (Jan 25)
- Re: Latest dist v5.2 David Fifield (Jan 26)
- Re: Latest dist v5.2 Ron (Jan 26)
- Re: Latest dist v5.2 Fyodor (Jan 27)
- Re: Latest dist v5.2 Brandon Enright (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Fyodor (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Jonathan R (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 28)
- Re: Latest dist v5.2 Fyodor (Jan 28)