unix and linux commands - unix shell scripting

Malware analysis

11-21-2010

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Malware analysis

A collection of resources (mostly online) that will help those interested get started working towards an understanding of how to pick apart malware, see what it does, and how to protect against it.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Help to remove malware

hello I hope you have a good day, no question is because a few days ago I did a malware scan to my debian and showed me that I have malware, and searched and not found how I can eliminate it, would be useful if someone knows how to You can delete or uninstall, thank you very much

2. Cybersecurity

Virus/Malware Uptake Rates

Hi. I'm trying to get information about the rates at which viruses and malware infect computers. Let's say that Mr. Dastardly Developer discovers an exploitable flaw, writes a virus to take advantage of it, and releases the virus. Assuming that a large-scale attack method is chosen (Facebook,...

3. UNIX Desktop Questions & Answers

Virus and Malware

How do i manage virus and melware in Unix ?

LEARN ABOUT DEBIAN

courier::filter::module::clamavd

Courier::Filter::Module::ClamAVd(3pm)			User Contributed Perl Documentation		     Courier::Filter::Module::ClamAVd(3pm)

NAME

       Courier::Filter::Module::ClamAVd - ClamAV clamd filter module for the Courier::Filter framework

SYNOPSIS

	   use Courier::Filter::Module::ClamAVd;

	   my $module = Courier::Filter::Module::ClamAVd->new(
	       # See the socket options description for details.
	       socket_name     => '/var/run/clamav/clamd.ctl',
	       socket_host     => 'clamav.example.com',
	       socket_port     => '3310',

	       max_message_size
			       => $max_message_size,
	       max_part_size   => $max_part_size,
	       response        => $response_text,

	       logger	       => $logger,
	       inverse	       => 0,
	       trusting        => 0,
	       testing	       => 0,
	       debugging       => 0
	   );

	   my $filter = Courier::Filter->new(
	       ...
	       modules	       => [ $module ],
	       ...
	   );

DESCRIPTION

       This class is a filter module class for use with Courier::Filter.  It matches a message if the configured ClamAV "clamd" daemon detects
       malware in it.

   Constructor
       The following constructor is provided:

       new(%options): returns Courier::Filter::Module::ClamAVd
	   Creates a new ClamAVd filter module.

	   %options is a list of key/value pairs representing any of the following options:

	   socket_name
	   socket_host
	   socket_port
	       These options describe the Unix domain or TCP/IP socket that should be used to connect to the ClamAV daemon.  If no socket options
	       are specified, first the socket options from the local "clamd.conf" configuration file are tried, then the Unix domain socket
	       /var/run/clamav/clamd.ctl is tried, then finally the TCP/IP socket at 127.0.0.1 on port 3310 is tried.  If either Unix domain or
	       TCP/IP socket options are explicitly specified, only these are used.

	   max_message_size
	       An integer value controlling the maximum size (in bytes) of the overall message text for a message to be processed by this filter
	       module.	Messages larger than this value will never be processed, and thus will never match.  If undef, there is no size limit.
	       Defaults to 1024**2(1MB).

	       As MIME multipart processing can be quite CPU- and memory-intensive, you should definitely restrict the message size to some
	       sensible value that easily fits in your server's memory.  1024**2(1MB) should be appropriate for most uses of this filter module.

	   max_part_size
	       An integer value controlling the maximum size (in bytes) of any single MIME part for that part to be processed by this filter
	       module.	Parts larger than this value will never be processed, and thus will never match.  If undef, there is no size limit.

	       Defaults to the value of the "max_message_size" option, so you don't really need to specify a part size limit if you are
	       comfortable with using the same value for both.	See the "max_message_size" option for its default.

	   response
	       A string that is to be returned as the match result in case of a match.	The name of the detected malware is appended to the
	       response text.  Defaults to "Malware detected:".

	   All options of the Courier::Filter::Module constructor are also supported by the constructor of the ClamAVd filter module.  Please see
	   "new" in Courier::Filter::Module for their descriptions.

   Instance methods
       See "Instance methods" in Courier::Filter::Module for a description of the provided instance methods.

SEE ALSO

       Courier::Filter::Module, Courier::Filter::Overview.

       For AVAILABILITY, SUPPORT, and LICENSE information, see Courier::Filter::Overview.

AUTHOR

       Julian Mehnle <julian@mehnle.net>

perl v5.14.2							    2011-12-27				     Courier::Filter::Module::ClamAVd(3pm)