Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: frisk@rhi.hi.is (Fridrik Skulason) Newsgroups: comp.virus Subject: Re: Compressors Message-ID: <0009.9102081853.AA00397@ubu.cert.sei.cmu.edu> Date: 8 Feb 91 10:05:49 GMT Sender: Virus Discussion List Lines: 43 Approved: krvw@sei.cmu.edu jguo@cs.NYU.EDU (Jun Guo) writes: > We know that signature based scanner will not search into compressed >EXE/COM file. Not 100% correct - some scanners will scan some types of compressed files simply by uncompressing them first - for example my F-PROT, and (I think) McAfee's SCAN will scan a LZEXE-packed file. Of course I want to make my scanner be able to scan all the different types of compressed files - the problem is just that I don't have a copy of all the compressors - in fact, I only have LZEXE and EXEPACK. I know some of the compressors are available on SIMTEL20 and elsewhere, but not all. So, could somebody mail me information on the status of the programs below - are they shareware/freeware/commercial, and where are they available ? No need to increase the traffic on Virus-L too much...I will post a summary of the replies I receive. > PKlite PKlite -x > Diet 1.0 Diet -r > LEXEM > TinyProg > AXE > Shrink > SCRNCH > ICE ICE breaker > CRUNCH > I'd like to hear from you of other compressors and decompressors. I know of one program from Bulgaria - perhaps Vesselin Bontchev could provide some information on it - the problem is just that he does not have a computer any more, as he was just promoted. > And one more thing: how are device drivers loaded? Can they be >compressed also? If yes, how can we decompress that? I know of no method to compress device drivers, which allows them to be uncompressed dynamically on loading - it could be written, of course, but I don't think it is worth the effort - device drivers are usually so small (less than 50 Kbytes) one does not gain much in space or loading time.