What's In The VFind Security Toolkit

VFind is the virus scanner and pattern analysis tool. It is unlike any other virus scanner in existence. It was the first antivirus scanner for UNIX, the first heterogeneous virus scanner and the first scanner to incorporate a full virus description language, CVDL. Unlike most virus scanners, it actually searches for attacks in a file based upon what the file actually is. Most virus scanners assume that the filename is a description of the file type. VFind determines the file type by direct examination of the file's contents. This makes VFind significantly more powerful than a virus scanner that only searches in files with the ".com" and ".exe" filename extensions. [ more about VFind ]

VFind Daemon provides user applications virus scanning and detection services at a high level of performance. Running as a daemon process eliminates the need to re-initialize the scan engines on each request. Without the overhead of initialization, files are processed as they are received, improving response time and minimizing the effect of virus scanning on the main application.[ more about VFind Daemon ]

CIT detects virus, hacker, sabotage and baseline configuration violations from any source, using cryptographic change detection. Reduces help desk turnaround time from hours to minutes! The system doesn't work. The users claim they didn't change anything and a proposal on the system is due out the door by noon, today. Is it a user error, virus attack or sabotage? CIT will never lie and can not be tricked! [ more about CIT ]

THD answers the question of how do you find a chameleon Trojan horse attack when there is no contents to scan. The chameleon Trojan horse attack works because a user is able to redirect a system command to a program of the same name in a different location. The chameleon may or may not have contents. [ more about THD ]

UAD solves two difficult problems, identification and decomposition. Decomposition of a file to it's smallest indivisible parts (universal atomic disintegration using classical Greek language meanings) is a difficult problem. First the program must have infallible identification of the file in order to decompose it. This is not a problem for UAD which identifies the file by direct examination of it's contents. [ more about UAD ]

MvFilter disinfects OLE documents (Microsoft Word, Excel and PowerPoint) from macro viruses (both VBA and Word Basic). It does this in the same way that all antivirus programs disinfect macro viruses, by removal of the macro. The difference is that MvFilter was designed as a tool. As such it can be used for compartmentalization purposes in addition to it's reactive disinfection role. [ more about MvFilter ]

Avatar maintains the system Baseline Configuration. It does so by executing system security policies that act as an intrusion detection and response system. The most important function of Avatar is, response. If the system Baseline Configuration is modified, for any reason, it will be detected by Avatar and returned to the correct Baseline Configuration. The value of Avatar's response system is that it enforces discipline by non-subjective automated process which can execute many times per day. Avatar is only available with VSTK Professional. [ more about Avatar ]

VGUI allows access to VFind, CIT, Avatar, and other functions via virtually any web browser homed to the Miniweb Server running on the target machine. The user can scan the system for viruses via VFind, baseline the system via AVATAR, and integrity check the system via CIT. The VGUI allows even a non-UNIX user access to the great majority of the VSTK tools. Most functions can be executed by one or two simple button clicks. [ more about VGUI ]

The MiniWeb Server is a compact web server based on the HTTP 1.1 standard. It supports the HEAD, GET, POST, and PUT access methods, the .htaccess file for access security, and SecureSocket Layer. The Server is implemented on all platforms supported by VSTK, except those on which POSIXthreads are not available. Those platforms are HPUX-10, IRIX-6.2-MIPS, and OSF-ALPHA. [ more about MiniWeb ]

The Quick Training Handbook for the Security Handbook: Now available for download the comprehensive training guide on how to use the VFind Security ToolKit to it's fullest potential. Get insight into the many features of VSTK/P along with learning some basic theories on computer security. Find out how VSTK/P can do more than just help you catch viruses.

What's New in VFind Security Toolkit Version 171

(This information applies to VSTK, VSTK/P, and Turbo version)

VFind Security ToolKit (VSTK) 171, which is an upgrade from the current VSTK 170, was just released and is now available! In addition to improved reliability, VSTK 171 enhances performance of the VFind Daemon, provides VDL updates over secure connections, and is supported on additional platforms. CyberSoft works constantly to find ways to improve all of its products. Customers with current Maintenance and Support contracts are eligible for a free VSTK upgrade.

What's new in VSTK Version 171

Here is a brief summary of the changes for each component in this release of the toolkit. If a component is not listed here, then it is unchanged in this release.

- vfind:

Fixed problem in recursive directory scanning causing stack overflow on some platforms.

The '--#=num' option to stop scanning a file after finding 'num' viruses, now works as documented.

The vdlupdate script now uses secure (SSL) connections for downloading VDL updates.

- vfindd:

Removed resource leak that stopped the Simple Virus Scanning Protocol (SVSP) SCAN/REQUEST command from processing more than a few hundred files when the file contents were passed with a SCAN/REQUEST command.

Fixed a problem in recursive directory scanning causing stack overflow on some platforms.

Fixed rc.vfindd configuration problem on non-Linux platforms.

New Platforms

  • SuSE Linux 10 (includes multi-threaded support)
  • Mac OS X 10.4 on Intel x86 (includes multi-threaded support)
  • RedHat Enterprise Linux Advanced Server 4 (includes multi-threaded support)

Known Problems and Limitations

The following platforms have problems extracting RAR archives:

  • BSDI x86 4.1
  • OSF Alpha 3.2
  • Tru 64 5.1

The following platforms do not support multi-threaded applications, which includes miniweb and the VSTK Web GUI:

  • BSDI x86 4.1
  • HP/UX 10.20
  • HP/UX 11.00
  • IBM AIX 4.1
  • IBM AIX 4.3
  • OSF Alpha 3.2
  • SCO Open Desktop 5
  • SGI Irix 6.2

Please note that GNU find is no longer distributed with VSTK. Use the find that comes with your system for the same purpose.

The chart below explains which version of each individual tool is included with a specific VSTK/P Toolkit Package. Click on the Toolkit version number for more details about the updated features in each VSTK/P version.

VSTK, VSTK/P, VSTK/P-Turbo, & COMPONENT VERSION NUMBERS
VSTK
Version		 VFind VFindD** VFindC** CIT THD UAD VDLC BHead JDIS LBH LBT MvFilter VTest Avatar* MiniWeb
171 17.1.21 2.2.4 1.1.1 4.3.5 2.4.4 3.15.3 1.1.13 2.1.0 2.1.6 1.3.5 1.3.7 5.1.6 1.2.0 2.1.1 2.1.1

*Available only with VSTKP

**Available only with VSTK-Turbo and VSTKP-Turbo

  • To view the VFind® Security ToolKit Component Reference Chart. Click here.
  • To view the list of support platforms for this release. Click here.
  • To view a listing of the VFind® Security ToolKit release dates. Click here.

Questions about upgrading?