CIACTech04-001: Remote Detection of the MyDoom.A Worm

4 More Discussions You Might Find Interesting

1. Programming

Parallel Processing Detection and Program Return Value Detection

Hey, for the purpose of a research project I need to know if a specific type of parallel processing is being utilized by any user-run programs. Is there a way to detect whether a program either returns a value to another program at the end of execution, or just utilizes any form of parallel...

2. Linux

Problem with worm ctfmon.exe

I have this worm in my network. It works only on Windows OS. My data server is on Linux with samba server and all the time somebody is copping this worm from windows client to my data server, because the data server is mapped as a network drive. My question is: Is there any way to find which...

3. Shell Programming and Scripting

MyDoom in mail queue

Is there someone out there that has a script for cleaning up the mail queue after viruses such as MyDoom?

4. UNIX for Dummies Questions & Answers

Worm Virus

I am running Unix SCO and have discovered the worm virus. It is enabled through a BIOS connections, I am able to get around it using telnet, believe it or not. - Can anyone recommend a virus scan software? - Has anyone successfully used a virus scan software on unix without a problem? ...

LEARN ABOUT LINUX

megaco_flex_scanner

megaco_flex_scanner(3erl)				     Erlang Module Definition					 megaco_flex_scanner(3erl)

NAME

       megaco_flex_scanner - Interface module to the flex scanner linked in driver.

DESCRIPTION

       This  module  contains the public interface to the flex scanner linked in driver. The flex scanner performs the scanning phase of text mes-
       sage decoding.

       The flex scanner is written using a tool called flex . In order to be able to compile the flex scanner driver, this tool has to	be  avail-
       able.

       By  default  the  flex  scanner reports line-number of an error. But it can be built without line-number reporting. Instead token number is
       used. This will speed up the scanning some 5-10%. Use --disable-megaco-flex-scanner-lineno when configuring the application.

       The scanner will, by default, be built as a reentrant scanner if the flex utility supports this (it depends on the version of flex). It	is
       possible  to explicitly disable this even when flex support this. Use --disable-megaco-reentrant-flex-scanner when configuring the applica-
       tion.

DATA TYPES

       megaco_ports() = term()
       megaco_version() = integer() >= 1

EXPORTS

       start() -> {ok, PortOrPorts} | {error, Reason}

	      Types  PortOrPorts = megaco_ports()
		     Reason = term()

	      This function is used to start the flex scanner. It locates the library and loads the linked in driver.

	      On a single core system or if it's a non-reentrant scanner, a single port is created. On a multi-core system with a reentrant  scan-
	      ner, several ports will be created (one for each scheduler).

	      Note that the process that calls this function must be permanent. If it dies, the port(s) will exit and the driver unload.

       stop(PortOrPorts) -> stopped

	      Types  PortOrPorts = megaco_ports()

	      This function is used to stop the flex scanner. It also unloads the driver.

       is_reentrant_enabled() -> Boolean

	      Types  Boolean = boolean()

	      Is the flex scanner reentrant or not.

       is_scanner_port(Port, PortOrPorts) -> Boolean

	      Types  Port = port()
		     PortOrPorts = megaco_ports()
		     Boolean = boolean()

	      Checks if a port is a flex scanner port or not (useful when if a port exits).

       scan(Binary, PortOrPorts) -> {ok, Tokens, Version, LatestLine} | {error, Reason, LatestLine}

	      Types  Binary = binary()
		     PortOrPorts = megaco_ports()
		     Tokens = list()
		     Version = megaco_version()
		     LatestLine = integer()
		     Reason = term()

	      Scans a megaco message and generates a token list to be passed on the parser.

Ericsson AB							   megaco 3.15.1					 megaco_flex_scanner(3erl)

Security Advisories (RSS)