[LINK] Ruminating about viruses

[Howard Lowndes]

On Fri, 25 Oct 2002, Robin Whittle wrote:

> This is me thinking aloud to the programmers on Link.   In short, why
> bother much with the exact nature of the virus - instead, we should
> simply dump, flag or alter all executable attachments.  But first, some
> thoughts on how a virus could probably make itself look like a
> variegated stream of machine instructions followed by random gibberish,
> and do this differently for every time it sends itself.

Isn't that what polymorphic viruses do anyway.

> Why should people send executable programs to each other by email
> anyway?   It is a most unsanitary practice.

Its not just executables, ala .exe, .pif, .bat, .scr, etc.  Microsoft will
look at a file that it doesn't recognise and look for the "magic" in the
file and then execute it based on that, so you could call it what you
like.  It's also the INCLUDETXT and INCLUDEIMAGE (??) "features" of M$
Word and the like that can snaffle files.

>
> The Anomy Sanitizer program I have just installed, as per my recently
> totally rewritten page:
>
>    http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/
>
> doesn't care at all about the nature of a Windows executable file in an
> attachment, it just drops it and/or renames it to have a non-executable
> extension.

I use John Hardin's sanitizer http://impsec.org for all of my clients.  It
does similar things.



-- 
Howard.
LANNet Computing Associates - Your Linux people
Contact detail at http://www.lannetlinux.com
"Flatter government, not fatter government." - me
 Get rid of the Australian states.
------------------------------------------
If electricity comes from electrons, does morality come from morons?


----------
For Link list information see http://sunsite.anu.edu.au/link/