• atzanteol@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    6 months ago

    Why? It’s not hard. They typically hash files and look for hits against a database of known vulnerabilities.

    • boredsquirrel@slrpnk.net
      link
      fedilink
      arrow-up
      7
      ·
      6 months ago

      Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore.

      As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bits

      • atzanteol@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        The xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.

        • boredsquirrel@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          6 months ago

          This is obviously not about this known file.

          It is about “would this scanner detect a system package from the official repos opening an ssh connection”

    • Possibly linux
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      6 months ago

      That doesn’t work against polymorphic malware

      I think the best way is to monitor calls and behavior. Doing that is a privacy nightmare