lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: michael at bluesuperman.com (Michael Gale)
Subject: Show me the Virrii!

Hello,

	I believe you could use the following method, it is used by some mail
servers to block attachments by file type. It is not sure way, but could
provide a option like "Possible virus".

Here is an example ... take a windows exe file. Better yet take 15
windows exe files. You will notice that the first part of each file is
the same. I can not remember how many bits :(

Now some mail servers will scan attachments and if some one renames a
exe to .zip jpeg or something the system will still know it is a exe
because of the first X number of bits of the file.

I believe that most viruses work the same way, so a lot of the heuristic
engines work the same way.

Many "new" viruses work very simular to the way old ones do. So if you
can get the pattern of lets say 20 viruses (which you have) you should
be able to detect other viruses or files that may contain a virus based
on the pattern of the file and how well it relates to a know virus
pattern.

Michael.




On Sun, 04 Jan 2004 17:01:33 +0000
Richard Maudsley <r_i_c_h@...penworld.com> wrote:

> Hi list,
> 
> I recently finished a stable version of my little Virus-Scanner, LMS (
> 
> http://www.mindblock.org/lms ).
> It currently detects 19 viruses. I need it to detect hundreds.
> 
> How do big Anti-Virus companies get their hands on new viruses, and
> how can I?
> 
> Thanks,
> 	Richard Maudsley
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ