Included Tools
VFind™
VFind™ is the malware scanner and pattern analysis tool in the ToolKit, and is unlike any other anti-malware program in
existence. It was the first anti-virus scanner for UNIX, the first heterogeneous scanner and the first scanner to
incorporate a full virus description language, VDL. VFind™ determines the file type by direct examination of the file's contents.
This makes VFind significantly more powerful than other anti-malware products, that only examine files with the “.com” and “.exe”
extensions.
The VFind™ Security ToolKit Family of computer security products offers so much more than just virus scanning, with
these tools. Our VSTK family of products supports all UNIX type operating systems including UNIX, Linux
(all versions), Solaris, AIX, HPUX, and others. CyberSoft is able to support any operating system upon request.
Our anti-malware includes a virus scanner with a fully published, and accessible, pattern analysis
language, as well as a cryptographic integrity tool for baseline management. The VFind ToolKit provides tools to deal with
hidden threats, self-repair tools and more. Our products are easily integrable with any other program.
VFind Real-Time Scanner
Actively monitor directories for changes by extracting, inspecting, and scanning new and modified files in real-time.
Cryptographic Integrity Tool
The Cryptographic Integrity Tool (CIT) detects malware, hackers, sabotage and baseline configuration violations
from any source. Using cryptographic change detection, we are able to reduce help desk turnaround time from hours to minutes.
An end-user calls stating the system doesn't work...they claim they didn't change anything, and a proposal is due
out the door by noon. Is it a user error, an attack, or sabotage? CIT will never lie and cannot be tricked!
Universal Atomic Disintegrator
The Universal Atomic Disintegrator (UAD) solves two difficult problems — identification and decomposition.
Decomposition of a file to it's smallest indivisible parts is a difficult problem. First the program must have
infallible identification of the file in order to decompose it. This is not a problem for UAD, which identifies
the file by direct examination of it's contents.
Visual Scan
CyberSoft has always provided advanced graphical user interfaces, for those users who want the ease of a GUI under
Unix/Linux and Microsoft Windows. CyberSoft is committed to meeting all technological demands and remaining on the
forward edge of technology. This is our 5th version of a GUI; having advanced from X-windows XView, Motif, TCL/TK,
HTML to our latest offering with Qt.
Visual Scan provides more functionality, than ever before, while maintaining an easy to understand and intuitive
interface with advanced features. Features include scanning, log file management, quarantining, scheduling,
automatic updates, and system integrity management; all from one interface.
Visual Scan is cohesive and well integrated, therefore making it easy to get started and leverage VSTK's core functionality
to work for you.
MVFilter
Put simply, MVFilter disinfects OLE documents (Microsoft Word, Excel and PowerPoint) of macro viruses (both VBA and
Word Basic). It does this, in the same way that all anti-virus programs disinfect macro viruses, by removal of the macro.
The difference is that MVFilter was designed as a tool, and as such, it can be used for compartmentalization purposes
in addition to it's reactive disinfection role.
Loopback Head and Loopback Tail
Loopback Head & Loopback Tail (LBH & LBT) ensure that unchanged (but infected) files are re-analyzed by VFind™. LBH reads
filenames from a user-customized database; LBT uses the VFind™ output to create a database suitable for use with LBH.
Java Disassembler
The Java Disassembler (JDis): The only sure-fire method of scanning Java code for viruses is to break down the byte code
to associate constant pool structures with their operations. JDis quickly and efficiently disassembles Java Byte Code for
a VFind™ antivirus scan, which is essential when confronting the latest Java-based Trojan Horse virus.
BHead
Bhead is a simple tool that solves the complex issues. UNIX systems do not have a convenient way of scanning for boot sector
viruses, and scanning an entire drive just to detect a boot sector virus wastes time. BHead reduces the byte stream to
the portion of the drive to allow the boot sector to be scanned.
AVA
AVA is a system which provides automated, accurate, and rapid responses to cyber threats in the event of a cyber attack or
other major event. Additionally, it provides continuous monitoring of the cyber landscape, identifying new threats and automatically
adapting malware definitions to identify them. This service is always included with your active maintenance and support
subscription.
Tools Available with Turbo
VFind™ Daemon
The VFind Daemon provides user applications, virus scanning, and detection services at a high level of performance. Running
as a Daemon process, it eliminates the need to re-initialize the scan engines upon each request. All files are processed as
they are received, improving response time and minimizing the effect of malware scanning on the main application.
VFind Daemon file scanning and virus detection services, are accessible to any application running on a user's system. It's
multi-threading capability enables it to scan requests from multiple applications concurrently. Applications can access
VFind Daemon services through an easy-to-use message interface. The Simple Virus Scanning Protocol (SVSP) is a text-based,
request/response interface that gives applications full access to VFind Daemon services. SVSP includes commands, that enable
the program to set scanning options on a per-request basis and, to specify the file to be scanned. Requests can be tagged so
that the subsequent responses can be matched. This allows the anti-malware application to submit multiple scan requests, and allows it
to match the asynchronous responses. A client program is also provided to further simplify accessing and using VFind Daemon.
VFind Daemon can also support the interfaces for other available malware scanning Daemons, such as: ClamAV's and clamd.
This makes it possible to incorporate VFind Daemon into an existing system with minimal software changes, and enable
applications to migrate towards utilizing VFind's additional capabilities, at the leisure of the user.
The multi-threading capability allows VFind Daemon to scale gracefully and take advantage of systems with multiple
processors. The thread number used by VFind Daemon, is configurable and can be set to match the available computing power.
Avatar™
Avatar maintains the system baseline configuration. It does so by executing system security policies, that act as an intrusion
detection and response system.
The most important function of Avatar is response. If the system baseline configuration is modified for any reason, it will
be detected by Avatar and returned to the correct baseline configuration.
The value of Avatar's response system is that it enforces discipline via non-subjective automated process, which can execute
many times per day.
