The developers behind Snort, the open source intrusion detection system, are pushing ahead with a project to develop a system for detecting malformed documents in a bid to provide early warnings about targeted attacks. Razorback is designed to complement traditional anti-virus products by providing a warning about maliciously …
maliciously constructed files
> Razorback is designed to complement traditional anti-virus products by providing a warning about maliciously constructed files that may take advantage of zero-day vulnerabilities to compromise targeted machines ..
Instead of detecting malformed documents why not detect all types of Windows Executables and disable them before they get to the desktop. For instance if an attachment contains a word document with macros, disable the autorun function in the document.
make this available as a samba plugin.
then have home and work shares on a samba based server.
Infected file arrives and is quarrantined on first storage.
Regarding modifying files this can get messy - I have had compressed data files quarrantined because the octects matched some signature file.
The problem is that windows AV tends to assume all files are for wndows apps which is a big no-no.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Video of US journalist 'beheading' pulled from social media
- Microsoft refuses to confirm 'Windows 9' unzip lip slip
- The Register to boldly go where no Vulture has gone before: The WEEKEND