What's In The VFind Security Toolkit
VFind is the virus scanner and pattern analysis tool. It is unlike any other virus scanner in existence. It was the first antivirus scanner for UNIX, the first heterogeneous virus scanner and the first scanner to incorporate a full virus description language, CVDL. Unlike most virus scanners, it actually searches for attacks in a file based upon what the file actually is. Most virus scanners assume that the filename is a description of the file type. VFind determines the file type by direct examination of the file's contents. This makes VFind significantly more powerful than a virus scanner that only searches in files with the ".com" and ".exe" filename extensions. [ more about VFind ]
CIT detects virus, hacker, sabotage and baseline configuration violations from any source, using cryptographic change detection. Reduces help desk turnaround time from hours to minutes! The system doesn't work. The users claim they didn't change anything and a proposal on the system is due out the door by noon, today. Is it a user error, virus attack or sabotage? CIT will never lie and can not be tricked! [ more about CIT ]
THD answers the question of how do you find a chameleon Trojan horse attack when there is no contents to scan. The chameleon Trojan horse attack works because a user is able to redirect a system command to a program of the same name in a different location. The chameleon may or may not have contents. [ more about THD ]
UAD solves two difficult problems, identification and decomposition. Decomposition of a file to it's smallest indivisible parts (universal atomic disintegration using classical Greek language meanings) is a difficult problem. First the program must have infallible identification of the file in order to decompose it. This is not a problem for UAD which identifies the file by direct examination of it's contents. [ more about UAD ]
MvFilter disinfects OLE documents (Microsoft Word, Excel and PowerPoint) from macro viruses (both VBA and Word Basic). It does this in the same way that all antivirus programs disinfect macro viruses, by removal of the macro. The difference is that MvFilter was designed as a tool. As such it can be used for compartmentalization purposes in addition to it's reactive disinfection role. [ more about MvFilter ]
Avatar maintains the system Baseline Configuration. It does so by executing system security policies that act as an intrusion detection and response system. The most important function of Avatar is, response. If the system Baseline Configuration is modified, for any reason, it will be detected by Avatar and returned to the correct Baseline Configuration. The value of Avatar's response system is that it enforces discipline by non-subjective automated process which can execute many times per day. Avatar is only available with VSTK Professional. [ more about Avatar ]
VGUI allows access to VFind, CIT, Avatar, and other functions via virtually any web browser homed to the Miniweb Server running on the target machine. The user can scan the system for viruses via VFind, baseline the system via AVATAR, and integrity check the system via CIT. The VGUI allows even a non-UNIX user access to the great majority of the VSTK tools. Most functions can be executed by one or two simple button clicks. [ more about VGUI ]
The MiniWeb Server is a compact web server based on the HTTP 1.1 standard. It supports the HEAD, GET, POST, and PUT access methods, the .htaccess file for access security, and SecureSocket Layer. The Server is implemented on all platforms supported by VSTK, except those on which POSIXthreads are not available. Those platforms are HPUX-10, IRIX-6.2-MIPS, and OSF-ALPHA. [ more about MiniWeb ]
The Quick Training Handbook for the Security Handbook: Now available for download the comprehensive training guide on how to use the VFind Security ToolKit to it's fullest potential. Get insight into the many features of VSTK/P along with learning some basic theories on computer security. Find out how VSTK/P can do more than just help you catch viruses.
What's New in VFind Security Toolkit Version 169
(This information applies to VSTK and VSTKP)
Here is a brief summary of the changes for each component in this release of the toolkit. If a component is not listed here, then it is unchanged in this release.
VFind Version 15.4.5
- The multi-threaded version of VFind, vfind-mt, is available on all supported platforms except the following:
- AIX 4.1 and 4.3
- RedHat Linux 8
- HPUX 10.20
- BSDI-x86 4.1
- IRIX 6.2
- OSF 3.2
- SCO OpenServer 5
- Improved the performance of the CVDL construct, WP1, for matching whitespace and punctuation characters.
- Added --no-smartscan-types (-nosst) command line option to disable the skipping of VDL signatures due to file type restrictions.
- Added large file support for Linux platforms.
- Made a fix to the emulator engine to stop emulating when the HLT instruction is encountered.
VFind Library Version 2.1.0
- The VFind Library has been re-structured. Review the following manual pages for details: vfapi, vf, vfconf, vf_config_defaults, vfsetup, vf_setup_defaults, vf_init, vf_queue, vfstat, vf_wait, vf_cleanup, vf_uad_version.
- The VFind Library works with gcc 2.95.
UAD Version 3.14.4
- The text expander detects and decodes encoded data in mail message headers based on RFC 2047, "MIME Part Three: Message Header Extensions for Non-ASCII Text".
- A CAB archive expander has been added.
- UAD identifies GRIB2 (grid weather data) files in JPEG 2000 code stream format.
- Added large file support for Linux platforms.
- The gzip expander and the external expander use the basename of the file for the name of the first level component.
CIT Version 4.3.3
- Improved performance of the CIT dangerfile database check.
MvFilter 5.1.4
- Bug fix to stop creating a zero-length log file.
Example Scripts
All scripts that use vfind now have the capability of using multi-threaded vfind (vfind-mt). The options to the scripts are:
- m use multi-threaded vfind
- p <path> scan starting at this path name (default is /)
- v'vfind options' command line options for vfind
- u'uad options' command line options for uad
- c'cit options' command line options for cit
New Platforms
- IBM AIX 4.3 (for AIX 4.3 and above)
- SUSE Linux
- RedHat Linux ES 3
- RedHat Linux AS 2.1
- SCO OpenServer 5 (re-established support for this platform)
The chart below explains which version of each individual tool is included with a specific VSTK/P Toolkit Package. Click on the Toolkit version number for more details about the updated features in each VSTK/P version.
|
|||||||||||||||||||||||||||||||||||||||
*Available only with VSTKP
- To view the VFind® Security ToolKit Component Reference Chart. Click here.
- To view the list of support platforms for this release. Click here.
- To view a listing of the VFind® Security ToolKit release dates. Click here.