Start of Content

Latest From Our Blog

Credit Card Processor Hacked, Again

Once again we learn about a credit card processor being hacked and millions of credi ...
Read More...

We Are Not Ready.

In an article by Devlin Barrett in the Wall Street Journal, 28 Mar 2012, the FBI's to ...
Read More...

It Happened One Night

I was recently asked to investigate a computer that was sending out spam email. This ...
Read More...

Chinese Checkers

The anti virus industry is all excited about a new remote control worm and its gainin ...
Read More...

Components of the VSTK Family

The Main Tools of VSTK

VFind™

VFind™ is the virus scanner and pattern analysis tool in the toolkit, and is unlike any other virus scanner in existence. It was the first antivirus scanner for UNIX, the first heterogeneous virus scanner and the first scanner to incorporate a full virus description language, CVDL. Unlike most virus scanners, it actually searches for attacks in a file based upon what the file actually is. Most virus scanners assume that the filename is a description of the file type. VFind™ determines the file type by direct examination of the file's contents. This makes VFind significantly more powerful than a virus scanner that only searches in files with the “.com” and “.exe” filename extensions.

Cryptographic Integrity Tool

The Cryptographic Integrity Tool (CIT) detects virus, hacker, sabotage and baseline configuration violations from any source, using cryptographic change detection, reducing help desk turnaround time from hours to minutes! An end user calls stating the system doesn't work...they claim they didn't change anything, and a proposal on the system is due out the door by noon, today. Is it a user error, virus attack or sabotage? CIT will never lie and cannot be tricked!

Universal Atomic Disintegrator

The Universal Atomic Disintegrator (UAD) solves two difficult problems—identification and decomposition. Decomposition of a file to it's smallest indivisible parts (universal atomic disintegration using classical Greek language meanings) is a difficult problem. First the program must have infallible identification of the file in order to decompose it. This is not a problem for UAD, which identifies the file by direct examination of it's contents.

MVFilter

Put simply, MVFilter disinfects OLE documents (Microsoft Word, Excel and PowerPoint) of macro viruses (both VBA and Word Basic). It does this in the same way that all antivirus programs disinfect macro viruses, by removal of the macro. The difference is that MvFilter was designed as a tool, and as such, it can be used for compartmentalization purposes in addition to it's reactive disinfection role.

Tools Available With The Turbo Upgrade

VFind™ Daemon

The VFind Daemon provides user applications virus scanning and detection services at a high level of performance. Running as a daemon process, it eliminates the need to re-initialize the scan engines on each request. All files are processed as they are received, improving response time and minimizing the effect of virus scanning on the main application.

VFind Daemon file scanning and virus detection services are accessible to any application running on a user's system. It's multi-threading capability enables it to scan requests from multiple applications concurrently. Applications can access VFind Daemon services through an easy-to-use message interface. The Simple Virus Scanning Protocol (SVSP) is a text-based, request/response interface that gives applications full access to VFind Daemon services. SVSP includes commands that enable the program to set scanning options on a per-request basis and to specify the file to be scanned. Requests can be tagged so that the subsequent responses can be matched. This allows the application to submit multiple scan requests and be able to match the asynchronous responses. A client program is also provided to further simplify accessing and using VFind Daemon.

VFind Daemon can also support the interfaces for other available virus scanning daemons, for example: ClamAV's and clamd. This makes it possible to incorporate VFind Daemon into an existing system with minimal software changes and enables applications to migrate towards utilizing VFind's additional capabilities as required.

The multi-threading capability enables VFind Daemon to scale gracefully and take advantage of systems with multiple processors. The thread number used by VFind Daemon is configurable and can be set to match the available computing power.

Tools Available with VSTK Professional

Avatar

Avatar maintains the system Baseline Configuration. It does so by executing system security policies that act as an intrusion detection and response system. The most important function of Avatar is response - if the system Baseline Configuration is modified for any reason, it will be detected by Avatar and returned to the correct Baseline Configuration. The value of Avatar's response system is that it enforces discipline via non-subjective automated process, which can execute many times per day.

Loopback Head & Loopback Tail

Loopback Head & Loopback Tail (LBH & LBT) ensure that unchanged (but infected) files are re-analyzed by VFind™. LBH reads filenames from a user-customized database; LBT uses the VFind™ output to create a database suitable for use with LBH.

Java Disassembler

The Java Disassembler (JDis) The only sure-fire method of scanning java code for viruses is to break down the byte code to associate constant pool structures with their operations. JDis quickly and efficiently disassembles Java Byte Code for a VFind™ scan, which is essential when confronting the latest Java-based Trojan Horse virus.

BHead

Bhead is a simple tool the solves complex issues. Unix systems do not have a convenient way of scanning for boot sector viruses, and scanning an entire drive just to detect a boot sector virus wastes time - Bhead reduces the byte stream to the portion of the drive to allow the boot sector to be scanned.

View Component Reference Chart


Products
Support
Purchase

About

Certifications

Testpros

©Copyright 2012 CyberSoft, Inc. All rights reserved.