The developers behind Snort, the open source intrusion detection system, are pushing ahead with a project to develop a system for detecting malformed documents in a bid to provide early warnings about targeted attacks. Razorback is designed to complement traditional anti-virus products by providing a warning about maliciously …
maliciously constructed files
> Razorback is designed to complement traditional anti-virus products by providing a warning about maliciously constructed files that may take advantage of zero-day vulnerabilities to compromise targeted machines ..
Instead of detecting malformed documents why not detect all types of Windows Executables and disable them before they get to the desktop. For instance if an attachment contains a word document with macros, disable the autorun function in the document.
make this available as a samba plugin.
then have home and work shares on a samba based server.
Infected file arrives and is quarrantined on first storage.
Regarding modifying files this can get messy - I have had compressed data files quarrantined because the octects matched some signature file.
The problem is that windows AV tends to assume all files are for wndows apps which is a big no-no.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Find email DIFFICULT? Print this article out and give it to someone 'techy'
- Back to the ... drawing board: 'Hoverboard' will disappoint Marty McFly wannabes
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...