Nmap Development mailing list archives
Re: False positives on antivirus
From: Michael Pattrick <mpattrick () rhinovirus org>
Date: Thu, 28 Jan 2010 13:43:10 -0500
On Thu, Jan 28, 2010 at 10:57 AM, Ron <ron () skullsecurity net> wrote:
1. Encode the file in a simple way --> Didn't work in the simplest case, because some a/v still detects it
Out of curiosity, what did you try?
2. Encrypt the file properly --> No reason that it wouldn't work (though I've said that before and was very wrong ;) ) --> Dependency on OpenSSL (dependency already exists) --> Will take me awhile to implement (I'm going to be rather busy for the next month or so)
I'd argue that we don't need to go as far as a dependency on OpenSSL just to trick antivirus programs. The attached file implements a simple - small - stream cipher, which should be able to trick all antiviruses. The encryption operation is the same as the decryption operations, so it should be convenient to use. -M
Attachment:
streamC.cpp
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- False positives on antivirus Ron (Jan 28)
- Re: False positives on antivirus Michael Pattrick (Jan 28)
- Re: False positives on antivirus Ron (Jan 28)
- Re: False positives on antivirus Fyodor (Jan 28)
- Re: False positives on antivirus Ron (Jan 29)
- Re: False positives on antivirus DePriest, Jason R. (Jan 29)
- Re: False positives on antivirus Brandon Enright (Jan 29)
- Re: False positives on antivirus Fyodor (Jan 29)
- Re: False positives on antivirus Ron (Jan 29)
- Re: False positives on antivirus Fyodor (Jan 29)
- Re: False positives on antivirus Michael Pattrick (Jan 28)
- Re: False positives on antivirus David Fifield (Feb 12)
- Re: False positives on antivirus Ron (Feb 12)