Its time again to announce the long anticipated *eyebrow raise* relaunch of the -->
UNIX VIRUS MAILING LIST ----------------------- [EMAIL PROTECTED] ^^ subscriptions here. It is a moderated list, for which I will moderate and hopefully not be too noticable on the moderation end for people. Initially when unix-virus ran for its short time a few years ago, it was un-moderated list, however the content on the list quickly turned into a situation where posts were talking only of poor philosophical (because they weren't philosophical) discussions centralized over os religious wars. The list was primarily aimed at being a technical forum on virus technology aimed in the direction of Unix. Including such topics, but not limited too, reverse engineering, binary analysis, anti-virus technology which go into forensics these days. And of course unix virus! --> some example discussion topics (that i find interesting anyway). but --> the list is a public forum, so its everyone's content that makes --> value to the list. these are mostly your "non virus" considered --> material, so thats why i'll show examples of relevant discussion without --> talking too much about "virus specific" topics. If interesting discussions regarding other platforms, or even non binary discussions, then I believe this is the highly appropriate for the list. An example of a non binary discussion could be something like the limits of virus detection in terms of language recognition (ie, turing, cfg's, ram etc - which one of these can a virus always be detected on given computational models such as a universal turing machine!? - ok.. maybe preschool comp sci to some, but definately relevant to the list :) Another non direct "virus" topic, could be generic binary analysis, or program understanding problems. Does a checker for source code help us understand virus technology - yes.. source checkers offer many techniques for use in general reverse engineering, and program analysis. Binary analysis and its relation to program verification or automated bug checkers? - I believe they are very relevant. Please free to expand upon these on the list :) Naturally.. Binary format specific's are important when discussing any type of virus (even macro style virus i suppose). Ideally "I'd" want to talk about ELF, since i'm crap at other object formats :) however, other platforms and formats are extremely welcome. An example topic of discussion here is that currently there is not a linux virus that is undetectable through pure automated geometry checking of the object format structure! There are ways of course, that make automated detection hard here, but most of these techniques require some pretty hefty work on a binary and cross over into binary analysis themselves! eg, relinking a binary given no relocation information - or moving chunks of code around but keeping all relative jumps etc consistant (zombie apparently did this in windows!). This technology is ofcourse virus related, but crosses fields into "non virus" areas as generally viewed by the mainstream. Another question, is poly/meta morphic code.. its a relatively old technique, but can these techniques be applied generally to any given binary over the entire program? - I believe so, at least in some specific ways such as instruction re-ordering, which also happens to be a compiler construction problem.. we'll see how much I can implement, because I aint got squat done on it atm ;-) dead code elimination in a binary? seems possible, but requires at least being to arbitrarily shift pieces of a binary around and still have it run. sometimes very effective relocation can be done quite adhoc'ly that work well in practice. --> so thats a very small announcement for unix-virus. i hope people contribute and dicuss many issues relating to the wonder world of unix-virus (I wont be writing a unix-virus pop-up book this time however - lets hope). I am new to this entire moderation thing, so please go easy, and feel free to spam me with questions or commentry if you want to do. ^^ i must say thanks to skyper for providing the hosting :) ^^ now.. everyone better subscribe! -- Silvio _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
