Y
Hacker News
new
|
ask
|
show
|
jobs
by
yorwba
248 days ago
If the decompressor is included in the compressed file and it's malicious, the file can hardly be called
known good
.
1 comments
tecleandor
248 days ago
But also I guess the logic of the decompressor could output different files in different occasions, for example, if it detects a victim, making it difficult to verify.
link
viraptor
248 days ago
If it can "detect a victim", then the sandbox is faulty. The decompressor shouldn't see any system details. Only the input and output streams.
link