OS-bound despite claims to the contrary

[kergoth]

This assumes that extensions are the way to determine an executable, which is not true in unix based operating systems like linux and osx. It should check for the execute bit being set in the file permissions.

[daanraman]

Thanks for the feedback and time to write, appreciated.

When developing binsnitch, I considered this approach (checking the execute bit on UNIX). However, this raises other issues, the most obvious one being: files that are not explicitly marked with the execute bit but that still need to be tracked.

A second approach I tried was to run the "file" utility on each file and check if the resulting output contained the text "exe". The issue with this is: a subprocess each time we run "file" is very expensive, and it's also not available by default on Windows; I removed this functionality and reverted to only checking extensions, which indeed is heavily focused on Windows, but available cross-platform and inexpensive to check on a huge amount of files.

I could add an optional command line parameter to binsnitch which would allow the user to detect executables either by extension (which is the case now) or by checking the execute bit. Do you think that would be a good solution?

Daan