[1435] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Linux virus

daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Feb 5 11:17:56 1997

From: Alan Cox <alan@cymru.net>
To: linux-security@redhat.com
Date: Wed, 5 Feb 1997 14:32:49 +0000 (GMT)
Cc: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199702051016.CAA20294@antares.starshine.org> from "Jim Dennis" at Feb 5, 97 02:16:16 am
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

> 	In any event -- McAfee may be able to add this to 
> 	their existing uvscan product.  uvscan scan Linux
> 	filesystems for DOS and Windows (including Word Macro)
> 	viruses.   It may be possible for the AV team to 
> 	simply add bliss' signature to the next release -- and
> 	it may even be possible for them to create a remover.

I've had a look at the algorithms used for this "Bliss" toy. Its quite
interesting as its a completely portable technique. It works for NT
DLL's it works for all Unixen.

Tripwire pretty much immediately spots such tampering.

Alan


home help back first fref pref prev next nref lref last post