Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A lot of false positives #2

Open
AmrThabet opened this issue Oct 17, 2014 · 3 comments
Open

A lot of false positives #2

AmrThabet opened this issue Oct 17, 2014 · 3 comments

Comments

@AmrThabet
Copy link

Hello,

I liked the idea of the tool very much but I'm asking if it could be extended to check also the generated strings among other clean files to exclude the widely used strings

So I can give an input for the mean malware samples directory and the clean files directory .. and then it generates all of the strings it can generate and excludes what's common with other clean samples

I think in this situation it will be really useful

@Maijin
Copy link

Maijin commented Oct 17, 2014

@AmrThabet
Copy link
Author

Yes I know .. I looked on it .. but still there's a lot of strings that still not included .. and that's will continue .. so I think it could be more useful if we have a more accurate option if we need

so if we need more accurate results so we can have an option to skip some strings that's not in exe blacklist but still common in clean samples and so on

because sometimes some malwares uses libraries like openssl or crypto libraries and it's static linked library so we need to skip them and skip their strings

@LittleHann
Copy link

is there elf_blacklist?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants