The developers behind Snort, the open source intrusion detection system, are pushing ahead with a project to develop a system for detecting malformed documents in a bid to provide early warnings about targeted attacks. Razorback is designed to complement traditional anti-virus products by providing a warning about maliciously …
maliciously constructed files
> Razorback is designed to complement traditional anti-virus products by providing a warning about maliciously constructed files that may take advantage of zero-day vulnerabilities to compromise targeted machines ..
Instead of detecting malformed documents why not detect all types of Windows Executables and disable them before they get to the desktop. For instance if an attachment contains a word document with macros, disable the autorun function in the document.
make this available as a samba plugin.
then have home and work shares on a samba based server.
Infected file arrives and is quarrantined on first storage.
Regarding modifying files this can get messy - I have had compressed data files quarrantined because the octects matched some signature file.
The problem is that windows AV tends to assume all files are for wndows apps which is a big no-no.
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Review Vulture trails claw across Lenovo's touchy N20p Chromebook
- Adobe spies on readers: EVERY DRM page turn leaked to base over SSL
- Analysis The future health of the internet comes down to ONE simple question…