X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Date: Wed, 29 Feb 2012 09:55:27 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: BLODA detection code in latest snapshot Message-ID: <20120229085527.GO23440@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20120227122614 DOT GB31025 AT calimero DOT vinschen DOT de> <4F4C41B5 DOT 7040804 AT acm DOT org> <4F4C51D0 DOT 70307 AT acm DOT org> <20120228094024 DOT GD23052 AT calimero DOT vinschen DOT de> <16210489654 DOT 20120229024137 AT mtu-net DOT ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <16210489654.20120229024137@mtu-net.ru> User-Agent: Mutt/1.5.21 (2010-09-15) Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Feb 29 02:41, Andrey Repin wrote: > Greetings, Corinna Vinschen! > > > Yup, confirmed. This occurs on W7/32 as well. > > I add shlwapi to the list of filtered DLLs for which no such message is printed. > > Could you please consider making such list configurable, if it's not much of > an issue? > This feature seems to be the reasonable way for rough detection of potentially > malicious presence, but I would like to avoid certain handlers to be reported, > such as antivirus' LSP or keyboard hotkey handler. Hmm. Well, this option isn't meant to be used all the time. It's not overly intrusive, but it costs time and Cygwin already isn't exactly fast. For a pure diagnosing tool, does it makes sense to add lots of configuration options? If you want to make the DLL list configurable, what's your idea? Another env var like, say CYGWIN_DETECT_BLODA_DLL_IGNORE_LIST? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple