Diego M. Vadell

What about making a shadow copy of the function and compare it? Of course tyton should be loaded in a clean state, but it could detect a modification made afterwards....

Yes, that's what I was referring to when I said shadow copy. I don't know what's easier to implement. But the problem with inserting an instruction (as a canary, I...

Hi I would love to have this. I have 50 domains in one server, and it would be great to start using it on a per-domain or per-mailbox basis. Thanks...

Hi. It would be great to be able to filter PDFs to some extent. For PDFs I found a couple of alternatives here: [https://github.com/rshipp/awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis). [PeepPDF](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) looks useful.

@sbidy thanks a lot for all your work!