The developers behind Snort, the open source intrusion detection system, are pushing ahead with a project to develop a system for detecting malformed documents in a bid to provide early warnings about targeted attacks. Razorback is designed to complement traditional anti-virus products by providing a warning about maliciously …
maliciously constructed files
> Razorback is designed to complement traditional anti-virus products by providing a warning about maliciously constructed files that may take advantage of zero-day vulnerabilities to compromise targeted machines ..
Instead of detecting malformed documents why not detect all types of Windows Executables and disable them before they get to the desktop. For instance if an attachment contains a word document with macros, disable the autorun function in the document.
make this available as a samba plugin.
then have home and work shares on a samba based server.
Infected file arrives and is quarrantined on first storage.
Regarding modifying files this can get messy - I have had compressed data files quarrantined because the octects matched some signature file.
The problem is that windows AV tends to assume all files are for wndows apps which is a big no-no.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Analysis BlackBerry's turnaround relies on a secret weapon: Its own network
- Hire and hold IT staff in 2015: The Reg's how-to guide