From: Ant on 18 Jan 2010 21:22 "FromTheRafters" wrote: > "Ant" wrote: >> The article is in three parts, and the first is very specific about >> which files to exclude apart from some wildcarded files, e.g. '.log' >> in %windir%\security. However, it does stress the importance of >> edb.log and edb.chk. Now suppose some malware dropped an exe called >> abc123.log in there and ran it from a 'hk..\...\run' registry key? > > It would presumedly be scanned, as it wasn't one of the mentioned files > to be specifically excluded. The wildcard just means that there are > various files to be excluded based on that wildcard naming, not that all > future files fitting that wildcard naming are automatically excluded. Yes, I know but they really aren't very clear about it. They mention the wildcarding in the general description then go on to the specifics of individual file names. Unfortunately in one 'specific' description they repeat '*.log' after listing edb.log and also say nothing about any particular '*.edb' mentioned in the 'general' part. > Placing a malware file in there and making it run from the registry is > not a virus infection, it is a trojan. I don't think they are trying to > exclude non-viral malware from scanning. They state only that the files > are not infectable. Sure, legitimate files in those directiories are just data and can't be infected. However, my concern was about not scanning some files in those places which might be executables in disguise. Ok, so perhaps an anti-malware app could pick it up from the registry as you imply in another post. |