(Page 3 of 9)   < Prev  1 2 3 4 5 6 7 8  Next >

Category: Hostile Code » Detection

SecureServ
Added 2004-02-09
by Justin
IRC administrators can now maintain their own definitions file. Help text has been cleaned up. Onjoin bots now have a random version reply to look more like real users, and onjoin bots will not check channels that are already monitored with a monbot. There is updated documentation and many bugfixes for existing code.

MydoomDeleter
Added 2004-02-02
by labrum
MydoomDeleter tries to identify email messages infected with the Mydoom(.B) worm in POP3 mailboxes. It deletes any infected message that it identifies while they are still on the server. In order to perform the identification, it applies some heuristics to the headers, the size of the messages, and name of the attachment. It thus avoids downloading the actual email, making retrievals less taxing. It has both interactive and nonstop modes.

Port Scan Attack Detector (psad)
Added 2003-12-29
by Michael Rash
Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, DShield reporting, and automatic blocking of offending IP addresses via dynamic configuration of iptables firewall rulesets. In addition, psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate

Mod_security
Added 2003-12-23
by Ivan Ristic
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.

IDA Pro - Freeware Edition
Added 2003-12-15
by DataRescue Inc.
The freeware version of the Interactive Disassembler Pro. Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automagically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis.

KAVClient
Added 2003-11-05
by Leonid Zeitlin
KAVClient is a C language interface to the Kaspersky Anti-Virus daemon. It allows users to check files and memory for viruses.

The OpenAntivirus Project: Summary
Added 2003-09-04
by cbricart, fz-net, hfuhs, kurti and reniar
Developing Open Source AntiVirus Solutions

Sophie
Added 2003-06-09
by Vanja Hrustic
Sophie is a daemon which uses 'libsavi' library from Sophos anti-virus vendor (http://www.sophos.com). On startup, Sophie initializes SAPI (Sophos Anti-Virus Interface), loads virus patterns into memory, opens local UNIX domain socket, and waits for someone to connect and instructs it which path to scan. Since the database is loaded in RAM, scanning is very fast. (Note: speed of scanning also depends on SAVI settings and size of the file.) It works on Linux, Solaris (Sparc/x86), HP-UX, and FreeBSD.

DansGuardian Anti-Virus Scanner
Added 2002-07-31
by James A. Pattie
The DansGuardian Anti-Virus Scanner gives you the ability to virus-scan all content that passes through DansGuardian. It uses the scanning code from the MailScanner project to do the actual virus scanning, so it supports all the virus engines that the MailScanner project supports. The scanning is done as the file is being downloaded, so your current network apps don't have to be modified, etc. They just have to support using a proxy.

amavis-notify-parser
Added 2002-06-18
by Martin List-Petersen
amavis-notify-parser analyzes hostmaster notifications from Amavis and writes a logfile which records the type and origin of the viruses detected. It requires only a piped mail alias, a PHP4 CGI binary, and Amavis. McAfee uvscan is supported as the virus scanner. The logfile may be output in qmail's logfile format.

Search Tools
Keyword:
Platform:
Category:
Browse by category
Auditing
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Sniffers
Recovery
Passwords
Utilities
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
Authentication
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Replacement
Libraries, Applications
Programming
Libraries
Cryptography
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Rootkits
Secure Deletion
Hardening
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


 

Privacy Statement
Copyright 2010, SecurityFocus