On 29/02/2012 7:22 AM, Andrey Repin wrote:
do you filter by DLL name or it's full path?
Because, %SystemRoot%\system32\shlwapi.dll is likely to be harmless.
But same name DLL inserted from any other place...
That would be moving beyond mere BLODA and into malware territory. At
that point, just because it's in %SystemRoot% doesn't mean it's safe,
either. In fact, we can't really even be sure a well-known dll name in
%SystemRoot% is safe if the machine is infected with something.
I don't think we're trying to play virus scanner here, so dll name
should suffice.
$.02
Ryan
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
