Virus signatures

[John Stoilis]

Exei suzhth8ei suxna edw mesa gia xrhsh antivirus se mail 
servers. Milwntas me kapoion pou asxoleite me 
programmatismo se windows, mou eipe (kai to 
epibebaiwsa molis twra) oti an anoikseis ena .doc arxeio 
molusmeno me io, me kapoion aplo text editor, 8a breis 
mesa kapou na leei "kernel32.dll" pou einai kai h 
biblio8hkh pou exei functions gia na grafeis/diabazeis sto 
registry(ena kanoniko doc arxeio den 8a eprepe na 
peirazei to registry, akoma kai auta pou xrhsimopoioun 
VBScript mesa). Epishs epikindunh biblio8hkh pou 
peirazei to registry einai h advapi32.dll.
Twra, an to programma paei na sthlei mail mesw mailer, 
8a uparxei mesa kai h biblio8hkh mapi32.dll.
O sircam omws, DEN xrhsimopoiei to mapi32.dll alla 
anti8etws sundeete apeu8eias se mail servers. Etsi, mesa 
sto molusmeno .doc arxeio 8a doume oloka8ara to 
"HELO" command, mazi me ta fake headers pou bazei.
Sigoura ena grep tou .doc arxeiou den einai tromera 
aksiopisth me8odos, alla mporw na pw oti einai kati san 
"poor man's antivirus", mia pou ta virus definitions einai 
ola commercial.

Filika
- Stoilis Giannis

P.S: Mporeite na stamathsete epitelous auto to distro-war? 
Meta apo xronia xrhshs slackware, phga sto SuSe. 
Hmouna ikanopoihmenos, mexri pou @#@$#%$ arxisate 
na milate. :)