Nmap Development mailing list archives
Re: Latest dist v5.2
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 27 Jan 2010 23:35:14 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 27 Jan 2010 17:32:40 -0600 Ron <ron () skullsecurity net> wrote:
On Wed, 27 Jan 2010 14:18:00 -0800 Fyodor <fyodor () insecure org> wrote:We should have tested :(. Now I'm getting reports that nmap_services.exe triggers Panda Antivirus W32/Xor-encoded.A: http://www.cloudantivirus.com/en/threat-information/Xor-encoded.A/194318/ VirusTotal finds that as well: http://www.virustotal.com/analisis/5938478eb7195e53ba408b6fc390b35f2ccff6e68b761da4a5dfab97f3164a9c-1264630143 -FAww damn, sorry! That really sucks... It looks like Panda detects xor'ing by any byte. That's sort of clever, but also irritating. I tried 0xFF, 0x01, and 0x13. I'm assuming it happens for everything. Any other suggestions on how to encode it in a simple way without triggering a/v signatures?
Hi Ron, did you not see my email on this? I sent it like 15 min ago. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAktgzbIACgkQqaGPzAsl94LidwCeKI0n+uQv4VXAb9D1aM3ht7MH TkgAoJ81qoEjDRLsdow1AnG/tkQ8dsP7 =8OqH -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Latest dist v5.2, (continued)
- Re: Latest dist v5.2 Ron (Jan 26)
- Re: Latest dist v5.2 Fyodor (Jan 27)
- Re: Latest dist v5.2 Brandon Enright (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Fyodor (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Jonathan R (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 28)
- Re: Latest dist v5.2 Fyodor (Jan 28)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Brandon Enright (Jan 27)
- Re: Latest dist v5.2 Brandon Enright (Jan 27)