-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 17, 2007 at 03:34:01AM +0100, Sander Holthaus wrote:
>a very basic perl script which opens a listening socket and a shell? I >found it after a hacker tried to gain entry. The script is nothing >special (far from, 612 bytes) but I doubt people are actually using it >for any legitimate means. BitDefender does recognize the file, but not >any other AV. We use similar procedures to do process monitoring, I don't think you can really do this type of scanning for perl scripts. But maybe the sig writers can find something unique that points to virus writers (until they start copying code from the man pages). - -- Regards... Todd Chris: grep 500 sendmail.mc undefine(`FAIL_MAIL_OVER_500_MILES')dnl Chris: just in case ... Linux kernel 2.6.17-5mdv 3 users, load average: 0.06, 0.05, 0.00 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFrkDdY2VBGxIDMLwRAo/MAJ9bHYYehmRB+n6+58FfDj3ZBhF/vACfUDvJ NwRds9ryTD30Ojzmy+K6IIg= =Ggzn -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
