This is the mail archive of the
mailing list for the Cygwin project.
Re: BLODA detection code in latest snapshot
On 29/02/2012 7:22 AM, Andrey Repin wrote:
That would be moving beyond mere BLODA and into malware territory. At
that point, just because it's in %SystemRoot% doesn't mean it's safe,
either. In fact, we can't really even be sure a well-known dll name in
%SystemRoot% is safe if the machine is infected with something.
do you filter by DLL name or it's full path?
Because, %SystemRoot%\system32\shlwapi.dll is likely to be harmless.
But same name DLL inserted from any other place...
I don't think we're trying to play virus scanner here, so dll name
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple