I know that avast! cannot perform heuristic analysis on files yet,but detecting non-standard packers could be first step into this area.
This won’t be a full heuristic solution,but majority of viruses/worms use modified packers. You’d get warning about potentialy dangerous file and you could then send it to Chest or to Alwil.
I got this idea when i was playing with some trojan sample that was using modified UPX packer…
It depends on how “well” the modification is done; heavily modified programs aren’t detected by UPX as UPX at all. Additionally, even “legal” programs are (for some reason completely unknown to me) packed by UPX scramblers occasionally.
Well, in general it’s an interesting idea… but a real implementation wouldn’t be easy, and I’m not sure about the results.