[1435] in linux-security and linux-alert archive
[linux-security] Re: Re: Linux virus
daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Feb 5 11:17:56 1997
From: Alan Cox <alan@cymru.net>
To: linux-security@redhat.com
Date: Wed, 5 Feb 1997 14:32:49 +0000 (GMT)
Cc: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199702051016.CAA20294@antares.starshine.org> from "Jim Dennis" at Feb 5, 97 02:16:16 am
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
> In any event -- McAfee may be able to add this to
> their existing uvscan product. uvscan scan Linux
> filesystems for DOS and Windows (including Word Macro)
> viruses. It may be possible for the AV team to
> simply add bliss' signature to the next release -- and
> it may even be possible for them to create a remover.
I've had a look at the algorithms used for this "Bliss" toy. Its quite
interesting as its a completely portable technique. It works for NT
DLL's it works for all Unixen.
Tripwire pretty much immediately spots such tampering.
Alan