BLODA detection code in latest snapshot

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Feb 29 09:26:00 GMT 2012


On Feb 29 02:41, Andrey Repin wrote:
> Greetings, Corinna Vinschen!
> 
> > Yup, confirmed.  This occurs on W7/32 as well.
> > I add shlwapi to the list of filtered DLLs for which no such message is printed.
> 
> Could you please consider making such list configurable, if it's not much of
> an issue?
> This feature seems to be the reasonable way for rough detection of potentially
> malicious presence, but I would like to avoid certain handlers to be reported,
> such as antivirus' LSP or keyboard hotkey handler.

Hmm.  Well, this option isn't meant to be used all the time.  It's not
overly intrusive, but it costs time and Cygwin already isn't exactly
fast.  For a pure diagnosing tool, does it makes sense to add lots
of configuration options?

If you want to make the DLL list configurable, what's your idea?  Another
env var like, say CYGWIN_DETECT_BLODA_DLL_IGNORE_LIST?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list