Re: Virus protection for Perl scripts

Actually, that isn't going to work against all attacks. In fact, it doesn't even work against the code I posted yesterday in the thread about virusses. That is because my virus installs itself in a BEGIN block right below the first line (it assumes the first line is the she-bang line). Hence, it gets executed (and does its damage) before your check aborts the program. (And yeah, putting the BEGIN all the way at the top was done by design) The only thing you gained is that you get alarmed as soon as damage is done - but then it's too late already.

-- Abigail

Comment on Re: Virus protection for Perl scripts

Replies are listed 'Best First'.
Re: Re: Virus protection for Perl scripts by tachyon (Chancellor) on Jun 29, 2001 at 04:09 UTC
You are correct that this post is misnamed in using the word 'Protection' - it should have been 'Warning'. There is little you can currently do to prevent a perl script running with sufficient permissions to write to files writing to files! You can detect this though, which was the point. Detecting damage is a worthwhile endeavour as you can run a script like: #!/usr/bin/perl -w # clean.pl # this code will remove the viral infection when run in same dir # as a virus if you add the viral code to the data section local $/; $signature = <DATA>; 1 while $signature =~ s/\n$//g; $signature = quotemeta $signature; while (<*>) { next unless $_ =~ m/\.(pl\|cgi\|pm)$/; open (FILE, "<$_") or die "Unable to check $_ for infection"; $check_if_infected = <FILE>; close FILE; if ($check_if_infected =~ s/^$signature//) { open (CLEAN, ">$_") or die "Unable to disinfect $_"; print CLEAN $check_if_infected; close CLEAN; print "Uninfected $_\n"; } } __DATA__ # Viral code goes here as the viral signature [download] Whist neither of these pieces of code 'prevent' infection by either your code, mine or any of the others, if you add these two pieces of code together you can detect and repair which is about the best you can hope for without writing some very OS invasive antiviral software. Noton Antivirus slows my dos box by a measured 50-60% for most tasks as it is continually vetting executing threads.	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Virus protection for Perl scripts
by tachyon (Chancellor) on Jun 29, 2001 at 04:09 UTC

You are correct that this post is misnamed in using the word 'Protection' - it should have been 'Warning'. There is little you can currently do to prevent a perl script running with sufficient permissions to write to files writing to files! You can detect this though, which was the point.

Detecting damage is a worthwhile endeavour as you can run a script like:

#!/usr/bin/perl -w

# clean.pl
# this code will remove the viral infection when run in same dir
# as a virus if you add the viral code to the data section

local $/;
$signature = <DATA>;
1 while $signature =~ s/\n$//g;
$signature = quotemeta $signature;

while (<*>) {
    next unless $_ =~ m/\.(pl|cgi|pm)$/;
    open (FILE, "<$_") or die "Unable to check $_ for infection";
    $check_if_infected = <FILE>;
    close FILE;
    if ($check_if_infected =~ s/^$signature//) {
        open (CLEAN, ">$_") or die "Unable to disinfect $_";
        print CLEAN $check_if_infected;
        close CLEAN;
        print "Uninfected $_\n";
    }
}
__DATA__
# Viral code goes here as the viral signature
[download]

Whist neither of these pieces of code 'prevent' infection by either your code, mine or any of the others, if you add these two pieces of code together you can detect and repair which is about the best you can hope for without writing some very OS invasive antiviral software. Noton Antivirus slows my dos box by a measured 50-60% for most tasks as it is continually vetting executing threads.

[reply]
[d/l]