develooper Front page | perl.beginners | Postings from May 2002

Re: (OT) Klez virus

From:
Gary Stainburn
Date:
May 2, 2002 08:09
Subject:
Re: (OT) Klez virus
Message ID:
E173I9x-00056L-00@stan.ringways.co.uk
On Thursday 02 May 2002 3:37 pm, Michael D. Risser wrote:
> Maybe this isn't so off topic...
> Can anyone think of a way to write a virus scanner in Perl? We could stop
> it at the Unix server :-)
> Has anyone else already done this? Have examples?

Basically you just need to scan the incoming emails, and look for the 
filename part of the mime boundries and complain if the attachment is of a 
known threat, such as .exe, .com, .lnk.

A more thorough one could use some of the MIME modules from CPAN to unmime 
the attachments and store them in a temp directory and then fire a virus 
scanner at them.

I currently use both methods, checking for the attachment file types inside 
an exim system filter, and then calling a bash script using metamail and 
Sophos Sweep to do a proper virus check.

However, none of this code is worth basing a perl script on.

>
> On Wednesday 01 May 2002 12:25 pm, Mark Edwards typed:
> > Hi all,
> > 	sorry to put this off-topic message here but I have just recieved in my
> > in-box the klez virus which is doing the rounds at the moment. Anyway it
> > came in on an account which I use on the beginners@perl.org address from
> > someone on @verizon.net. Anyway don't want to start a flame-war but
> > thought people using Outlook may like to check they are using the latest
> > virus scanners..
> >
> > Thanks
> >
> > Oh yeah, Keep up the good advice,I have been able to work around many
> > problems with the information offered here!
> >
> > Mark.
> >
> >
> > +
> > + If I had a really witty signature ... I would place it here.
> > +

-- 
Gary Stainburn
 
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000     



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About