Curious,
Is there a decent way to filter self-extracting archives like winzip or
install shield? I’m a little stumped on how
differentiate between an ‘exe program’ file and an ‘exe self-extract’
archive.
One way I think would work would be to use a traditional AV approach and
attempt to locate the stub’s
signature within the archive…
Any creative/better ideas?
M.