[Esd-l] How do I display Virus Names
John D. Hardin
jhardin at impsec.org
Mon Jan 14 06:40:14 PST 2002
On Mon, 14 Jan 2002, Herbert Nkhoma wrote:
> I am new to the forum and I am writing from Malawi.
Welcome!
> I want sanitizer to say what virus it has caught as opposed to the
> poisoned file name. Is this possible? What configurations do I do?
To do that, there has to be a unique signature for the file attachment
or email that will identify the worm. We have collected such
information for a few of the common worms and made some rules that do
identify the worm - see the discussion of the local-rules scripts near
the bottom of the Configuration page.
Please note that the sanitizer is not signature-based (even though
we've made a few signature-based traps) - it does not try to identify
specific attacks; rather, it enforces a policy decision that
"bare executable file attachments are too dangerous to accept".
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Monty Python's Star Trek Voyager:
A successful trans-warp experiment turns Paris and Janeway into
newts, but they get better.
...wait a minute... It's already been done...
-----------------------------------------------------------------------
5 days until Babylon 5: the Legend of the Rangers
More information about the esd-l
mailing list