Yet Another antiVirus Recipe 1.9.5
Sponsored Links
Yet Another antiVirus Recipe 1.9.5 Ranking & Summary
File size:
0.054 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
1210
Date added:
2006-07-07
Publisher:
Nikos K. Kantarakias
Yet Another antiVirus Recipe 1.9.5 description
Yet Another antiVirus Recipe is a procmail that helps to filter out a lot of the most common e-mail worms.
For some of the above (plain iframe, clsid, xml, macro) e-mail is delivered normally but gets a WARNING in subject plus its old subject ($SUB).
Some of the warnings are:
WARNING-XML-CODEBASE-OBJECT-$SUB
WARNING-CLSID-EXTENSION-$SUB
WARNING-IFRAME-$SUB
WARNING-MACRO-$SUB
WARNING-NSCAM-SCORE:$NKNGS-$SUB
Main features:
- :: base64 signatures ::
- Most of these worms are MS-Windows executables and arrive at our e-mail encoded through base64 routines. YAVR uses especially selected signatures to locate these attachments. After that it places them in a directory (/virus/) sorted by name.
-
- :: iframe html exploit ::
- Through IFrame tag a html encoded e-mail can download and execute a file from a remote http site without informing the user.
-
- :: CLSID hidden extensions exploit ::
- Attachments which end with a Class ID (CLSID) file extension do not show the actual file extension saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are actually innocent files, such as JPG or WAV files.
-
- :: xml codebase exploit ::
- Usage of some xml objects allow local files to be automatically executed, regardless of the security settings on the target machine.
-
- :: generic executable trap for bat, pif, vbs, vba, scr, lnk, com, exe ::
- The rest of MS-executable files that are not caught from base64 signatures end up in a virus-could-be file.
-
- :: generic macro detection for doc,dot,xls,xla files ::
- MS-Word and MS-Excel files that contain macro commands are marked with a warning.
-
- :: generic detection for most of nigeria scam e-mails (most of them) ::
- Nigeria scam e-mail is not a virus but a big spam problem... There are many good filters that use great algorithms for spam. This is just an add-on.
Enhancements:
- new switches for quarantine or not certain e-mailsbased on some ideas by Dan Smart
- YAVRQUARANTEXE if set to ON it sends unknown executables to /virus/virus-could-be as usual if set to OFF it delivers at inbox with a warning (and the X- header ;)
- YAVRQUARANTNIG same for nigeria scam
- YAVRQUARANTPRN same for porn e-mail read instuctions inside nkvir-rc
- X- marks in headers to help your own procmail scripts
- X-YAVR: MS-EXEC (any MS executable that wasnt identified by signatures)
- X-YAVR: NIGERIA (nigeria scam)
- X-YAVR: PORN (porn related)
- X-YAVR: MACRO (containing macro code)
- X-YAVR: XML-CODEBASE
- X-YAVR: IFRAME
- X-YAVR: CLSID-EXTENSION
- X-YAVR: SENDMAIL-EXPLOIT
- some more Worm.Moodown.b aka Netsky.b signatures
- another Mimail.Q
For some of the above (plain iframe, clsid, xml, macro) e-mail is delivered normally but gets a WARNING in subject plus its old subject ($SUB).
Some of the warnings are:
WARNING-XML-CODEBASE-OBJECT-$SUB
WARNING-CLSID-EXTENSION-$SUB
WARNING-IFRAME-$SUB
WARNING-MACRO-$SUB
WARNING-NSCAM-SCORE:$NKNGS-$SUB
Main features:
- :: base64 signatures ::
- Most of these worms are MS-Windows executables and arrive at our e-mail encoded through base64 routines. YAVR uses especially selected signatures to locate these attachments. After that it places them in a directory (/virus/) sorted by name.
-
- :: iframe html exploit ::
- Through IFrame tag a html encoded e-mail can download and execute a file from a remote http site without informing the user.
-
- :: CLSID hidden extensions exploit ::
- Attachments which end with a Class ID (CLSID) file extension do not show the actual file extension saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are actually innocent files, such as JPG or WAV files.
-
- :: xml codebase exploit ::
- Usage of some xml objects allow local files to be automatically executed, regardless of the security settings on the target machine.
-
- :: generic executable trap for bat, pif, vbs, vba, scr, lnk, com, exe ::
- The rest of MS-executable files that are not caught from base64 signatures end up in a virus-could-be file.
-
- :: generic macro detection for doc,dot,xls,xla files ::
- MS-Word and MS-Excel files that contain macro commands are marked with a warning.
-
- :: generic detection for most of nigeria scam e-mails (most of them) ::
- Nigeria scam e-mail is not a virus but a big spam problem... There are many good filters that use great algorithms for spam. This is just an add-on.
Enhancements:
- new switches for quarantine or not certain e-mailsbased on some ideas by Dan Smart
- YAVRQUARANTEXE if set to ON it sends unknown executables to /virus/virus-could-be as usual if set to OFF it delivers at inbox with a warning (and the X- header ;)
- YAVRQUARANTNIG same for nigeria scam
- YAVRQUARANTPRN same for porn e-mail read instuctions inside nkvir-rc
- X- marks in headers to help your own procmail scripts
- X-YAVR: MS-EXEC (any MS executable that wasnt identified by signatures)
- X-YAVR: NIGERIA (nigeria scam)
- X-YAVR: PORN (porn related)
- X-YAVR: MACRO (containing macro code)
- X-YAVR: XML-CODEBASE
- X-YAVR: IFRAME
- X-YAVR: CLSID-EXTENSION
- X-YAVR: SENDMAIL-EXPLOIT
- some more Worm.Moodown.b aka Netsky.b signatures
- another Mimail.Q
Yet Another antiVirus Recipe 1.9.5 Screenshot
Advertisements
Yet Another antiVirus Recipe 1.9.5 Keywords
Yet Another
YAVR
MS
SUBWARNING
Yet Another Recipe 1.9.5
CLSID
to filter out
to filter
most common
filter out
antivirus
recipe
E-mail
Nigeria
macro
files
Bookmark Yet Another antiVirus Recipe 1.9.5
Yet Another antiVirus Recipe 1.9.5 Copyright
WareSeeker periodically updates pricing and software information of Yet Another antiVirus Recipe 1.9.5 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of Yet Another antiVirus Recipe 1.9.5 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
yet another fantasy gamer comic
yet another warcraft lan emulator
yet another hierarchical officious oracle
yet another side of me part 1
yet another lancraft emulator
yet another forum
yet another messenger
yet another movie jukebox
yet another day
yet another warcraft emulator
yet another side of me
yet another cso compressor
yet another myanmar chat
yet another day armin van buuren
abc yet another
yet another securom utility
yet another movie
yet another related posts plugin
Related Software
Yet Another RSS Reader provides a RSS aggregator and reader that displays its results in the system tray. Free Download
Yet Another Autoresponder (yaa) is an email (vacation) autoresponder. Free Download
Yet Another SQL*Plus Replacement is an open source Oracle CLI to replace SQL*Plus. Free Download
Yet Another Dynamic Engine (YADE) is an extensible framework that is designed with dynamic libraries. Free Download
YATE is a telephony engine aimed at creating an telephony server. Free Download
Yet Another Random Perl Portal (YARPP) is a simple Web portal environment. Free Download
Yet Another Machine Simulator is a machine simulator which emulates the MIPS32 architecture CPU close enough. Free Download
Yet another Linux FAQ is a comprehensive FAQ about the Linux Operating System. Free Download
Latest Software
Popular Software
Favourite Software
