[4009] in bugtraq
Re: [linux-security] Re: Linux virus
daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Feb 5 12:24:01 1997
Date: Wed, 5 Feb 1997 14:32:49 +0000
Reply-To: Alan Cox <alan@CYMRU.NET>
From: Alan Cox <alan@CYMRU.NET>
X-To: linux-security@redhat.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199702051016.CAA20294@antares.starshine.org> from "Jim Dennis"
at Feb 5, 97 02:16:16 am
> In any event -- McAfee may be able to add this to
> their existing uvscan product. uvscan scan Linux
> filesystems for DOS and Windows (including Word Macro)
> viruses. It may be possible for the AV team to
> simply add bliss' signature to the next release -- and
> it may even be possible for them to create a remover.
I've had a look at the algorithms used for this "Bliss" toy. Its quite
interesting as its a completely portable technique. It works for NT
DLL's it works for all Unixen.
Tripwire pretty much immediately spots such tampering.
Alan
