This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: BLODA detection code in latest snapshot
- From: Andrey Repin <anrdaemon at freemail dot ru>
- To: Corinna Vinschen <cygwin at cygwin dot com>
- Date: Fri, 2 Mar 2012 02:54:29 +0400
- Subject: Re: BLODA detection code in latest snapshot
- References: <20120227122614.GB31025@calimero.vinschen.de> <4F4C41B5.7040804@acm.org> <4F4C51D0.70307@acm.org> <20120228094024.GD23052@calimero.vinschen.de> <16210489654.20120229024137@mtu-net.ru> <20120229085527.GO23440@calimero.vinschen.de>
- Reply-to: Andrey Repin <cygwin at cygwin dot com>
Greetings, Corinna Vinschen!
>> > Yup, confirmed. This occurs on W7/32 as well.
>> > I add shlwapi to the list of filtered DLLs for which no such message is printed.
>>
>> Could you please consider making such list configurable, if it's not much of
>> an issue?
>> This feature seems to be the reasonable way for rough detection of potentially
>> malicious presence, but I would like to avoid certain handlers to be reported,
>> such as antivirus' LSP or keyboard hotkey handler.
> Hmm. Well, this option isn't meant to be used all the time. It's not
> overly intrusive, but it costs time and Cygwin already isn't exactly
> fast. For a pure diagnosing tool, does it makes sense to add lots
> of configuration options?
> If you want to make the DLL list configurable, what's your idea? Another
> env var like, say CYGWIN_DETECT_BLODA_DLL_IGNORE_LIST?
After a good day of pondering the question, I would suggest to not filter out
anything at all.
And i'm leaning to the suggestion of extending cygcheck functionality in the
way of reporting inserted dll's. Probably this should be done by default.
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 02.03.2012, <02:51>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple