[Avcheck] Pre-announce: avcheck-0.9
Piotr Klaban
makler+avcheck@man.torun.pl
Fri, 12 Jul 2002 11:29:56 +0200
On Fri, Jul 12, 2002 at 10:49:37AM +0200, Ralf Hildebrandt wrote:
> On Thu, Jul 11, 2002 at 01:50:16PM +0200, Ralf Hildebrandt wrote:
>
> > Right now it's working, it detects viruses. Let's see how it survives
> > the day.
>
> It works. One thing I noticed this day:
>
> One mail doesn't go through. When I "postcat" the queuefile to get at
> it's contents and scan those, avp reports:
>
> /tmp/strangemessage/[From "Tobias" <sender@charite.de>][Date Wed, 10 Jul 2002 12:01:17 +0200]/JPGWIZ.EXE/WISE0018.BIN UPX: unknown format.
> /tmp/strangemessage/[From "Tobias" <sender@charite.de>][Date Wed, 10 Jul 2002 12:01:17 +0200]/JPGWIZ.EXE/WISE0018.BIN I/O error.
> /tmp/strangemessage/[From "Tobias" <sender@charite.de>][Date Wed, 10 Jul 2002 12:01:17 +0200]/JPGWIZ.EXE I/O error.
> /tmp/strangemessage I/O error.
>
> What is UPX?
It is a compression format, look at: http://upx.sourceforge.net/
It is very good compress method e.g. for compressing Win/DOS executable files.
Exe file is then uncompressed on the fly during execution (UPX is slow
at compression but very fast at decompression).
AVP recognizes UPX format. I am sure. Maybe the problem is with any new
(not yet recognized) UPX format, or wrong WISE0018.BIN format,
or avp's unpack.avc file is damaged.
But... from the log you included, it seems that file JPGWIZ.EXE is properly
uncompressed - I do not know if JPGWIZ.EXE is a zip/exe archive and WISE0018.BIN
is UPX packed, or JPGWIZ.EXE is UPX archive?
Best regards,
--
Piotr Klaban