> > /PACKED is a very different beast. It will attempt to scan compressed
> > .EXE's (such as PKLite or Neolite) by actually emulating the decompression
> > code. I personally wouldn't use this on a server, just in case someone
> > figures out a way to bypass F-Prot's safety mechanisms when running the
> > unknown code.
>
>Are you saying it actually tries to execute or interpret the code in the .exe
>it finds?
That's my interpretation. They say that it "emulates the execution of the
decompressor", and that it slows down the scanning significantly (which it
doesn't say about /ARCHIVE). "emulates the execution of the decompressor"
could mean just about anything, but "emulation" typically involves
interpreting code and running it (such as the Apple ][+ emulators and such).
-Scott
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
