obfuscated virus
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 180
Obfuscated Tiny C Compiler
Obfuscated Tiny C Compiler (OTCC) is a very small C compiler. more>>
Obfuscated Tiny C Compiler (OTCC) is a very small C compiler I wrote in order to win the International Obfuscated C Code Contest (IOCCC) in 2002.
My goal was to write the smallest C compiler which is able to compile itself. I choose a subset of C which was general enough to write a small C compiler. Then I extended the C subset until I reached the maximum size authorized by the contest: 2048 bytes of C source excluding the ;, {, } and space characters.
I choose to generate i386 code. The original OTCC code could only run on i386 Linux because it relied on endianness and unaligned access. It generated the program in memory and launched it directly. External symbols were resolved with dlsym().
In order to have a portable version of OTCC, I made a variant called OTCCELF. It is only a little larger than OTCC, but it generates directly a dynamically linked i386 ELF executable from a C source without relying on any binutils tools! OTCCELF was tested succesfully on i386 Linux and on Sparc Solaris.
NOTE: My other project TinyCC which is a fully featured ISOC99 C compiler was written by starting from the source code of OTCC !
Compilation:
gcc -O2 otcc.c -o otcc -ldl
gcc -O2 otccelf.c -o otccelf
Self-compilation:
./otccelf otccelf.c otccelf1
<<lessMy goal was to write the smallest C compiler which is able to compile itself. I choose a subset of C which was general enough to write a small C compiler. Then I extended the C subset until I reached the maximum size authorized by the contest: 2048 bytes of C source excluding the ;, {, } and space characters.
I choose to generate i386 code. The original OTCC code could only run on i386 Linux because it relied on endianness and unaligned access. It generated the program in memory and launched it directly. External symbols were resolved with dlsym().
In order to have a portable version of OTCC, I made a variant called OTCCELF. It is only a little larger than OTCC, but it generates directly a dynamically linked i386 ELF executable from a C source without relying on any binutils tools! OTCCELF was tested succesfully on i386 Linux and on Sparc Solaris.
NOTE: My other project TinyCC which is a fully featured ISOC99 C compiler was written by starting from the source code of OTCC !
Compilation:
gcc -O2 otcc.c -o otcc -ldl
gcc -O2 otccelf.c -o otccelf
Self-compilation:
./otccelf otccelf.c otccelf1
Download (0.004MB)
Added: 2006-03-29 License: GPL (GNU General Public License) Price:
1318 downloads
B::Deobfuscate 0.18
B::Deobfuscate Perl module contains the deobfuscate source code. more>>
B::Deobfuscate Perl module contains the deobfuscate source code.
SYNOPSIS
perl -MO=Deobfuscate,-csynthetic.yml,-y synthetic.pl
B::Deobfuscate is a backend module for the Perl compiler that generates perl source code, based on the internal compiled structure that perl itself creates after parsing a program. It adds symbol renaming functions to the B::Deparse module. An obfuscated program is already parsed and interpreted correctly by the B::Deparse program. Unfortunately, if the obfuscation involved variable renaming then the resulting program also has obfuscated symbols.
This module takes the last step and fixes names like $z5223ed336 to be a word from a dictionary. While the name still isnt meaningful it is at least easier to distinguish and read. Here are two examples - one from B::Deparse and one from B::Deobfuscate.
Initial input
if(@z6a703c020a){(my($z5a5fa8125d,$zcc158ad3e0)=File::Temp::tempfile(
UNLINK,1));print($z5a5fa8125d "=over 8nn");(print($z5a5fa8125d
@z6a703c020a)or die(((("Cant print $zcc158ad3e0: $!"))); print($z5a5fa8125d
"=backn");(close(*$z5a5fa8125d)or die(((("Cant close ".*$za5fa8125d.": $!")
));(@z8374cc586e=$zcc158ad3e0);($z9e5935eea4=1);}
After B::Deparse:
if (@z6a703c020a) {
(my($z5a5fa8125d, $zcc158ad3e0) = File::Temp::tempfile(UNLINK, 1));
print($z5a5fa8125d "=over 8nn");
(print($z5a5fa8125d @z6a703c020a)
or die((((q[Cant print ] . $zcc158ad3e0) . : ) . $!)));
print($z5a5fa8125d "=backn");
(close(*$z5a5fa8125d)
or die((((q[Cant close ] . *$za5fa8125d) . : . $!)));
(@z8374cc586e = $zcc158ad3e0);
($z9e5935eea4 = 1);
}
After B::Deobfuscate:
if (@parenthesises) {
(my($scrupulousity, $postprocesser) = File::Temp::tempfile(UNLINK, 1));
print($scrupulousity "=over 8nn");
(print($scrupulousity @parenthesises)
or die((((q[Cant print ] . $postprocesser) . : ) . $!)));
print($scrupulousity "=backn");
(close(*$scrupulousity)
or die((((q[Cant close ] . *$postprocesser) . : ) . $!)));
(@interruptable = $postprocesser);
($propagandaist = 1);
}
Youll note that the only real difference is that instead of variable names like $z9e5935eea4 you get $propagandist.
<<lessSYNOPSIS
perl -MO=Deobfuscate,-csynthetic.yml,-y synthetic.pl
B::Deobfuscate is a backend module for the Perl compiler that generates perl source code, based on the internal compiled structure that perl itself creates after parsing a program. It adds symbol renaming functions to the B::Deparse module. An obfuscated program is already parsed and interpreted correctly by the B::Deparse program. Unfortunately, if the obfuscation involved variable renaming then the resulting program also has obfuscated symbols.
This module takes the last step and fixes names like $z5223ed336 to be a word from a dictionary. While the name still isnt meaningful it is at least easier to distinguish and read. Here are two examples - one from B::Deparse and one from B::Deobfuscate.
Initial input
if(@z6a703c020a){(my($z5a5fa8125d,$zcc158ad3e0)=File::Temp::tempfile(
UNLINK,1));print($z5a5fa8125d "=over 8nn");(print($z5a5fa8125d
@z6a703c020a)or die(((("Cant print $zcc158ad3e0: $!"))); print($z5a5fa8125d
"=backn");(close(*$z5a5fa8125d)or die(((("Cant close ".*$za5fa8125d.": $!")
));(@z8374cc586e=$zcc158ad3e0);($z9e5935eea4=1);}
After B::Deparse:
if (@z6a703c020a) {
(my($z5a5fa8125d, $zcc158ad3e0) = File::Temp::tempfile(UNLINK, 1));
print($z5a5fa8125d "=over 8nn");
(print($z5a5fa8125d @z6a703c020a)
or die((((q[Cant print ] . $zcc158ad3e0) . : ) . $!)));
print($z5a5fa8125d "=backn");
(close(*$z5a5fa8125d)
or die((((q[Cant close ] . *$za5fa8125d) . : . $!)));
(@z8374cc586e = $zcc158ad3e0);
($z9e5935eea4 = 1);
}
After B::Deobfuscate:
if (@parenthesises) {
(my($scrupulousity, $postprocesser) = File::Temp::tempfile(UNLINK, 1));
print($scrupulousity "=over 8nn");
(print($scrupulousity @parenthesises)
or die((((q[Cant print ] . $postprocesser) . : ) . $!)));
print($scrupulousity "=backn");
(close(*$scrupulousity)
or die((((q[Cant close ] . *$postprocesser) . : ) . $!)));
(@interruptable = $postprocesser);
($propagandaist = 1);
}
Youll note that the only real difference is that instead of variable names like $z9e5935eea4 you get $propagandist.
Download (0.017MB)
Added: 2007-06-26 License: Perl Artistic License Price:
854 downloads
Obfunae 0.5.2
Obfunae is an Obfuna interpreter. more>>
Obfuna is an esoteric programming language designed to minimise the instruction set, the length of code necessary to express a program, and the readability while still remaining vaguely useful.
To achieve these goals, all Obfuna operations are assigned one-character names and take exactly one argument. In fact, the name Obfuna is derived from obfuscated (Obfuna code is, at least initially, difficult to read) and unary (All operations have exactly one argument).
There are twenty six variables and one random-access unbounded array. All variables are dynamically typed as this cuts down on the code length.
Obfuna has 26 standard variables which are represented by the lower-case letters a to z.
There is one random-access array which is infinitely extendable (well, in theory anyway; in practice this will be limited by your machines memory) which is represented by a number (indicating the position in the array - starting at 0) or a function returning a number surrounded by round brackets, i.e. ( and ). For example, the first element in the array is represented by (0). The size of the array increases as you assign to higher locations. The initial size of the array is 0.
There are two special variables used to ascertain the current size of the array. $ holds the index number of the last element in the array and % holds the number of elements in the array. From above, it will be obvious that initially $ will be -1 and % will be 0. Assigning to these variables can grow or shrink (in which case you will lose data) the array to a specified size. These are of particular use as ($) can used to reference the last element in the array and (%) will reference one element beyond the end, allowing you to add a new element, treating the array like a stack.
In addition, there are three special variables which act as I/O pipes. Passing a value to ?, prints the value to the standard output. Assigning a variable from ?, reads from the standard input. ! acts similarly except that in the case of output, it appends a newline (return) character to the value, and in the case of input, it preserves the newline from standard input. # works in exactly the same way as ? but inputs and outputs from and to the currently open file.
The syntax of Obfuna is extremely simple. There are only two types of instruction: function calls and assignments. Assigments take the form of and function calls look like or . Note you can nest functions in this way.
As an example, to assign the number 10 to the variable n, you simply write n10. There is no = operator.
Strings are quoted using the angle brackets, < and >. Anything between curly brackets, { and }, is considered a comment and will be ignored by Obfuna. These are particularly useful for naming variables more helpfully. Instead of just n10, you could write n{umber}10.
The only other syntactic element of Obfuna is the square brackets, [ and ]. Any code between a pair of square brackets will be considered a block to be processed as one instruction. This is of particular use when using flow control functions which skip or repeat only the next instruction.
<<lessTo achieve these goals, all Obfuna operations are assigned one-character names and take exactly one argument. In fact, the name Obfuna is derived from obfuscated (Obfuna code is, at least initially, difficult to read) and unary (All operations have exactly one argument).
There are twenty six variables and one random-access unbounded array. All variables are dynamically typed as this cuts down on the code length.
Obfuna has 26 standard variables which are represented by the lower-case letters a to z.
There is one random-access array which is infinitely extendable (well, in theory anyway; in practice this will be limited by your machines memory) which is represented by a number (indicating the position in the array - starting at 0) or a function returning a number surrounded by round brackets, i.e. ( and ). For example, the first element in the array is represented by (0). The size of the array increases as you assign to higher locations. The initial size of the array is 0.
There are two special variables used to ascertain the current size of the array. $ holds the index number of the last element in the array and % holds the number of elements in the array. From above, it will be obvious that initially $ will be -1 and % will be 0. Assigning to these variables can grow or shrink (in which case you will lose data) the array to a specified size. These are of particular use as ($) can used to reference the last element in the array and (%) will reference one element beyond the end, allowing you to add a new element, treating the array like a stack.
In addition, there are three special variables which act as I/O pipes. Passing a value to ?, prints the value to the standard output. Assigning a variable from ?, reads from the standard input. ! acts similarly except that in the case of output, it appends a newline (return) character to the value, and in the case of input, it preserves the newline from standard input. # works in exactly the same way as ? but inputs and outputs from and to the currently open file.
The syntax of Obfuna is extremely simple. There are only two types of instruction: function calls and assignments. Assigments take the form of and function calls look like or . Note you can nest functions in this way.
As an example, to assign the number 10 to the variable n, you simply write n10. There is no = operator.
Strings are quoted using the angle brackets, < and >. Anything between curly brackets, { and }, is considered a comment and will be ignored by Obfuna. These are particularly useful for naming variables more helpfully. Instead of just n10, you could write n{umber}10.
The only other syntactic element of Obfuna is the square brackets, [ and ]. Any code between a pair of square brackets will be considered a block to be processed as one instruction. This is of particular use when using flow control functions which skip or repeat only the next instruction.
Download (0.020MB)
Added: 2005-04-14 License: GPL (GNU General Public License) Price:
1654 downloads
gadoyanvirus 0.4
gadoyanvirus is a virus checker for qmail. more>>
gadoyanvirus is a virus checker for qmail that works with the QMAILQUEUE patch by Bruce Guenter. gadoyanvirus scans incoming messages using the ClamAV anti-virus library.
Suspected messages are quarantined and a notification message can optionally be sent to the recipients.
<<lessSuspected messages are quarantined and a notification message can optionally be sent to the recipients.
Download (0.11MB)
Added: 2005-12-07 License: GPL (GNU General Public License) Price:
1416 downloads
Milter-Virus 2.0.0
Milter-Virus is a wrapper that can be used with many commercial and freely available virus scanners. more>>
Milter-virus is not a virus scanner. It is a wrapper that can be used with many commercial and freely available virus scanners. Milter-Virust is written completely in C, and requires (few skills??).
It is run-able with the Milter interface, but then will only scan for "double extensions".
If you wish it to scan for more, you need at Ripmime or other tools to extract files from MIME-encoded emails. You also need a (command-line) virus scanner.
The difference between this program and the original is that this is much more configurable via the config file. The original version has the advantage that it is simpler and easier to bugfix.
Enhancements:
- This is a large update.
- Many problems in the statistik module were fixed.
- Some spam protection features were included.
<<lessIt is run-able with the Milter interface, but then will only scan for "double extensions".
If you wish it to scan for more, you need at Ripmime or other tools to extract files from MIME-encoded emails. You also need a (command-line) virus scanner.
The difference between this program and the original is that this is much more configurable via the config file. The original version has the advantage that it is simpler and easier to bugfix.
Enhancements:
- This is a large update.
- Many problems in the statistik module were fixed.
- Some spam protection features were included.
Download (0.11MB)
Added: 2007-01-04 License: GPL (GNU General Public License) Price:
1032 downloads
obfsh 1.2
obfsh is a shell script obfuscator. more>>
obfsh is a shell script obfuscator. It is quite flexible and can obfuscate any type of shell script.
The obfuscated script version is printed to stdout. The original script is not modified.
Options:
-c < n >, insert deceiving comments for every n line
-d < n >, insert deceiving code for every n line
-e < n1 >-< n2 >, prepend each line with a random number of spaces ranging
from n1 to n2
-f < file >, file to obfuscate
-g < n1 >-< n2 >+< n3 >-< n4 >, insert gibberish header and footer of n2 lines
long with each line n1 signs long, n3-n4 being range of characters
to generate from. See the manual for more details.
-h, usage and options (this help)
-i, remove blank lines, comments, leading and trailing spaces and tabs
-j < n1 >-< n2 >, insert n1 empty lines for every n2 line
-m, manual
-l, see this script"
<<lessThe obfuscated script version is printed to stdout. The original script is not modified.
Options:
-c < n >, insert deceiving comments for every n line
-d < n >, insert deceiving code for every n line
-e < n1 >-< n2 >, prepend each line with a random number of spaces ranging
from n1 to n2
-f < file >, file to obfuscate
-g < n1 >-< n2 >+< n3 >-< n4 >, insert gibberish header and footer of n2 lines
long with each line n1 signs long, n3-n4 being range of characters
to generate from. See the manual for more details.
-h, usage and options (this help)
-i, remove blank lines, comments, leading and trailing spaces and tabs
-j < n1 >-< n2 >, insert n1 empty lines for every n2 line
-m, manual
-l, see this script"
Download (0.016MB)
Added: 2006-08-23 License: GPL (GNU General Public License) Price:
1161 downloads
Aegis Virus Scanner 2.0.0
Aegis is a virus scanner for Linux, Unix and Windows with a simple and intuitive user interface. more>>
Aegis project is a virus scanner for Linux, Unix and Windows with a simple and intuitive user interface.
Aegis supports scanning of subdirectories, hidden files and .zip and .tar archive files, and drag-and-drop of files from the Nautilus file browser, or your Gnome desktop. When a virus is detected you can choose to delete, quarantine or rename the file.
<<lessAegis supports scanning of subdirectories, hidden files and .zip and .tar archive files, and drag-and-drop of files from the Nautilus file browser, or your Gnome desktop. When a virus is detected you can choose to delete, quarantine or rename the file.
Download (0.021MB)
Added: 2006-09-20 License: GPL (GNU General Public License) Price:
1134 downloads
Qmail virus scanner 1.4
The Qmail virus scanner (QScan) is a mail filter for Qmail that scans incoming messages using the Sophos Antivirus engine. more>>
The Qmail virus scanner (QScan) is a mail filter for Qmail that scans incoming messages using the Sophos Antivirus engine, immediately rejecting infected content.
It is designed to be minimalistic, yet extremely fast and secure, and uses multiple pipes instead of the traditional temporary files and privilege separation. It works with non-native versions of the virus scanner like under OpenBSD with Linux or FreeBSD emulation.
You must create a temporary directory to extract MIME attachments, and replace Qmails original qmail-queue program with Qscan. Quick way to achieve this for the impatients :
mkdir /var/qmail/qscan
chmod 700 /var/qmail/qscan
chown qmaild:qmail /var/qmail/qscan
ln /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue-old
Now, lets compile and install Qscan :
./configure --help
./configure [your beloved flags]
make install-strip
The last step is to replace the original qmail-queue program with our filter :
rm /var/qmail/bin/qmail-queue
ln -s /usr/local/sbin/qscan /var/qmail/bin/qmail-queue
Depending on your local configuration, it may be needed or not, but start with doing it :
chown qmaild:qmail /usr/local/sbin/qscan
chmod 6711 /usr/local/sbin/qscan
After testing, if everythings ok for you, remove the setuid bit :
chown 0:0 /usr/local/sbin/qscan
chmod 711 /usr/local/sbin/qscan
<<lessIt is designed to be minimalistic, yet extremely fast and secure, and uses multiple pipes instead of the traditional temporary files and privilege separation. It works with non-native versions of the virus scanner like under OpenBSD with Linux or FreeBSD emulation.
You must create a temporary directory to extract MIME attachments, and replace Qmails original qmail-queue program with Qscan. Quick way to achieve this for the impatients :
mkdir /var/qmail/qscan
chmod 700 /var/qmail/qscan
chown qmaild:qmail /var/qmail/qscan
ln /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue-old
Now, lets compile and install Qscan :
./configure --help
./configure [your beloved flags]
make install-strip
The last step is to replace the original qmail-queue program with our filter :
rm /var/qmail/bin/qmail-queue
ln -s /usr/local/sbin/qscan /var/qmail/bin/qmail-queue
Depending on your local configuration, it may be needed or not, but start with doing it :
chown qmaild:qmail /usr/local/sbin/qscan
chmod 6711 /usr/local/sbin/qscan
After testing, if everythings ok for you, remove the setuid bit :
chown 0:0 /usr/local/sbin/qscan
chmod 711 /usr/local/sbin/qscan
Download (0.083MB)
Added: 2006-07-10 License: GPL (GNU General Public License) Price:
1201 downloads
AntiVirus Scanner 3.2.1
AntiVirus Scanner is an anti-virus scanner for Endeavour Mark II that uses the ClamAV library (libclamav). more>>
AntiVirus Scanner is an anti-virus scanner for Endeavour Mark II that uses the ClamAV library (libclamav).
AntiVirus Scanner allows you to create a list of scan items for frequently scanned locations and features easy virus database updating, all in a simple GUI environment.
<<lessAntiVirus Scanner allows you to create a list of scan items for frequently scanned locations and features easy virus database updating, all in a simple GUI environment.
Download (0.50MB)
Added: 2007-08-02 License: GPL (GNU General Public License) Price:
843 downloads
Kvirus 0.5.2
Kvirus project is a board/puzzle game for the KDE Environment. more>>
Kvirus project is a board/puzzle game for the KDE Environment.
Kvirus is a board game for the KDE Environment and a clone of Ataxxlet originally written in Java.
The goal is to copy or jump your virus to eat up the enemy virus. Kvirus provides a cute interface with hours of fun.
<<lessKvirus is a board game for the KDE Environment and a clone of Ataxxlet originally written in Java.
The goal is to copy or jump your virus to eat up the enemy virus. Kvirus provides a cute interface with hours of fun.
Download (0.30MB)
Added: 2006-12-05 License: Freely Distributable Price:
1053 downloads
Corbicula Anti Virus 0.0.20060505-1
Corbicula Anti Virus provides a GNOME HIG compliant front end for ClamAV more>>
Corbicula Anti Virus is a GNOME HIG compliant front end for ClamAV.
Corbicula Anti Virus tries to be the simplest possible anti virus application, without any fancy features who nobody uses anyway...
<<lessCorbicula Anti Virus tries to be the simplest possible anti virus application, without any fancy features who nobody uses anyway...
Download (0.030MB)
Added: 2006-05-06 License: GPL (GNU General Public License) Price:
1269 downloads
HTTP Anti Virus Proxy 0.86
HTTP Anti Virus Proxy is a proxy with a ClamAV anti-virus scanner. more>>
HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. HTTP Anti Virus Proxy aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic.
Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
Main features:
- HTTP Antivirus proxy
- Scans complete incomming traffic
- Nonblocking downloads
- Smooth scanning of dynamic and password protected traffic
- Can used with squid or other proxy
- Parent proxy support
- Transparent proxy support
- Logfile
- Process change to defined user and group
- Daemon
- Use Clamav (GPL antivirus)
- Operating System: Linux
- Written in C++
- Released under GPL
Enhancements:
- Experimental support was added for chunked Transfer-Encoding, which fixes some broken sites.
- The IGNOREVIRUS configuration directive was added for whitelisting virus names.
- The CLAMBLOCKBROKEN configuration directive was added.
- Detection with AVG was improved.
- HAVP is killed if database reloading fails for Library Scanner.
- The URL is logged when a crashed scanner process is detected.
- The build system updated, adding the --prefix, --sbindir, --sysconfdir, and --localstatedir options.
<<lessHavp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
Main features:
- HTTP Antivirus proxy
- Scans complete incomming traffic
- Nonblocking downloads
- Smooth scanning of dynamic and password protected traffic
- Can used with squid or other proxy
- Parent proxy support
- Transparent proxy support
- Logfile
- Process change to defined user and group
- Daemon
- Use Clamav (GPL antivirus)
- Operating System: Linux
- Written in C++
- Released under GPL
Enhancements:
- Experimental support was added for chunked Transfer-Encoding, which fixes some broken sites.
- The IGNOREVIRUS configuration directive was added for whitelisting virus names.
- The CLAMBLOCKBROKEN configuration directive was added.
- Detection with AVG was improved.
- HAVP is killed if database reloading fails for Library Scanner.
- The URL is logged when a crashed scanner process is detected.
- The build system updated, adding the --prefix, --sbindir, --sysconfdir, and --localstatedir options.
Download (0.53MB)
Added: 2007-04-17 License: GPL (GNU General Public License) Price:
932 downloads
F-Secure Rescue CD 3.0 Build 12506
F-Secure Rescue CD offers you a Linux-based rescue CD to scan the computer and rename all files which contains malware. more>>
F-Secure Rescue CD 3.0 Build 12506 offers you a Linux-based rescue CD to scan the computer and rename all files which contains malware.
Major Features:
- Rescue CD scans the computer and renames all files containing malware to .virus file extension.
- Rescue CD will by default scan:
- all hard drives in the computer
- all USB drives attached to the computer
- Windows FAT and NTFS drives
- Virus definition databases are updated automatically if the computer has an internet connection
- Virus definition databases can be updated manually by using a USB drive
- The Rescue CD Guide (pdf) has step by step instructions how to use the CD
- Rescue CD will by default scan:
- Rescue CD is localized to English only.
Enhancements:
- Enhanced hardware support: Knoppix updated to version 5.3.1
- Enhanced NTFS support: NTFS-3G driver updated to version 1.2506
Requirements:
- Be x86 compatible
- Have at least 256MB of RAM
- Be able to boot from a CD
- Be able to connect to the Internet or be able to use a USB drive
Added: 2008-07-02 License: Freeware Price: FREE
1 downloads
POP3 Virus Scanner Proxy 0.4
POP3 Virus Scanner Proxy is a full-transparent proxy daemon which scans all mails for viruses more>>
POP3 Virus Scanner Proxy is a full-transparent proxy daemon which scans all mails for viruses using third party scanners (built-in support for AVPD and Trophie).
You have to set up a port redirection in the linux-netfilter (iptables) so that all connections from e.g. inside your office to any POP3 server outside in the world will not leave your router, but come a local port, on which POP3VScan listens. POP3VScan receives from the linux kernel the original destinations of packets (the POP3 server outside in the world) and will connect to them.
All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the neccessary parts of the POP3 protocol and when an email is sent from the server, we store it into a file, invoke a virusscanner and send it if it is good, or we just replace it with a virus notification. It should be possible to use all scanners using the scannertype=basic. Also POP3VScan provides scannertype=avpd for high-speed scanning using Kaspersky Anti-Virus for Linux, every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).
Neither the client nor the server has to be configured, none of them will take notice that theres a mailscanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).
<<lessYou have to set up a port redirection in the linux-netfilter (iptables) so that all connections from e.g. inside your office to any POP3 server outside in the world will not leave your router, but come a local port, on which POP3VScan listens. POP3VScan receives from the linux kernel the original destinations of packets (the POP3 server outside in the world) and will connect to them.
All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the neccessary parts of the POP3 protocol and when an email is sent from the server, we store it into a file, invoke a virusscanner and send it if it is good, or we just replace it with a virus notification. It should be possible to use all scanners using the scannertype=basic. Also POP3VScan provides scannertype=avpd for high-speed scanning using Kaspersky Anti-Virus for Linux, every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).
Neither the client nor the server has to be configured, none of them will take notice that theres a mailscanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).
Download (0.13MB)
Added: 2006-07-07 License: GPL (GNU General Public License) Price:
1208 downloads
Viralator Proxy Virus Scanner 0.9.7
Viralator Proxy Virus Scanner is a Perl script that virus scans HTTP/FTP downloads request on a UNIX server. more>>
Viralator is a Perl script that virus scans HTTP/FTP downloads request on a UNIX server after passing through the Squid proxy server.
Even when I implemented virus protection for my network email server we still continued to get the odd virus. Most of the viruses came from people using free webmail accounts like Hotmail or Yahoo and downloading the infected attachments to their machines or through downloading junk.
Rather than block access to the users I decided to look at how we could better protect the network. I looked at a couple of different products both comercial and free but they were either too expensive or did not meet my needs.
That is how Viralator was born. Viralator Proxy Virus Scanner is licenced under the GPL.
Viralator should work in any UNIX system that uses Apache and Squid servers. We have reports about successful instalations on:
- RedHat Linux
- Mandrake Linux
- SuSe Linux
- e-Smith Linux
- Slackware Linux
- Conectiva Linux
- Debian Gnu Linux
Supported Redirectors:
- Squirm
- SquidGuard
- Jesred
Supported Virus Scanners
- AntiVir
- AVP
- RAV
- Inoculate
- Sophos Sweep
- McAfee
- Trend
- Clamav
- Bit Defender (free edition)
The original concept for Viralator came from the Viromat project. Without Viromat the Viralator project would not have had a starting point. We can also thank Ralph Meyer for badgering me into releasing the script under the GPL.
Enhancements:
- Parenthesis are included on the regular expression used to validate URLs.
- The character set checking step, which was not working before last patch released, has been fixed.
<<lessEven when I implemented virus protection for my network email server we still continued to get the odd virus. Most of the viruses came from people using free webmail accounts like Hotmail or Yahoo and downloading the infected attachments to their machines or through downloading junk.
Rather than block access to the users I decided to look at how we could better protect the network. I looked at a couple of different products both comercial and free but they were either too expensive or did not meet my needs.
That is how Viralator was born. Viralator Proxy Virus Scanner is licenced under the GPL.
Viralator should work in any UNIX system that uses Apache and Squid servers. We have reports about successful instalations on:
- RedHat Linux
- Mandrake Linux
- SuSe Linux
- e-Smith Linux
- Slackware Linux
- Conectiva Linux
- Debian Gnu Linux
Supported Redirectors:
- Squirm
- SquidGuard
- Jesred
Supported Virus Scanners
- AntiVir
- AVP
- RAV
- Inoculate
- Sophos Sweep
- McAfee
- Trend
- Clamav
- Bit Defender (free edition)
The original concept for Viralator came from the Viromat project. Without Viromat the Viralator project would not have had a starting point. We can also thank Ralph Meyer for badgering me into releasing the script under the GPL.
Enhancements:
- Parenthesis are included on the regular expression used to validate URLs.
- The character set checking step, which was not working before last patch released, has been fixed.
Download (0.029MB)
Added: 2006-06-16 License: GPL (GNU General Public License) Price:
1240 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above obfuscated virus search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
