[unisog] identifying packed executables

STeve Andre' andres at msu.edu
Mon May 9 21:22:40 GMT 2005


On Monday 09 May 2005 08:48, Ray Strubinger wrote:
> >>> michael.holstein at csuohio.edu 5/6/2005 4:57:36 PM >>>
>
> before everyone blasts me for not reading "UNIX for Dummies", I know
> what '/usr/bin/file' is for. There are bots being compressed with tools
> for which header sigs are NOT in '/etc/magic'
>
> On that note .. anyone have a better copy of /etc/magic than what comes
> with Slackware? I know BSD's protocols and services files are better ...
>
> The Wotsit site might be useful in locating file headers.
>
>  http://www.wotsit.org/
>
> -Ray

OpenBSD's /etc/magic is good.  You can find it in the etc36.tgz file in
the 3.6 distribution.  The 3.7 version will be etc37.tgz, etc.  Look at
openbsd.org for the mirror closest to you.

--STeve Andre'


More information about the unisog mailing list