![[GiM logo]](/files/gimmoodle.png)
gim.org.pl is downMy job in Google Summer of Code is to write two unpackers for Clam AntiVirus for MEW and UPack exe-packers. MEW seems to be beaten-up. Now it's time for UPack. Some more information about both of them will be realeased in later.
What is an exe-packer? It's a program that allows to compress binary of other programs, They are decompressed on the fly after running exe-packed file.
Malware writers thought it would be cool to make executable smaller (so it could go even faster through the net and occupy less disk-space). Some Antivirus systems instead of unpacking compressed file, match exe-packer.
This is very wrong. Why? Many demoscene programs are exe-packed (this is very useful if you want to fit in 64k or 4k), so matching by exe-packer can cause much false-positives.
