Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
From: Pavel Machek
Date: Sunday, August 17, 2008 - 3:58 pm

Hi!


...can and will use it as an IPC. So we need to modify some
applications.

Rather than modify all the applications using mmap (you can't tell if
the other side is going to use it for shared memory... right?), we
could simply modify all the Windows-facing applications using mmap.


Can you automatically tell if applications are using mmap for IPC?

BTW in another mail you wanted to include /var/log/syslog from
scanning. You should not be doing that if syslog is exported to
Windows systems. Of course, you can get away with scanning syslog when
Windows client tries to read it, which should be acceptable...
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux inte ..., David Collier-Brown, (Wed Aug 6, 4:31 am)
Sidebar to [malware-list] [RFC 0/5] [TALPA] Intro to a lin ..., David Collier-Brown, (Wed Aug 6, 4:40 am)
Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinter ..., David Collier-Brown, (Mon Aug 11, 9:11 am)
Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterf ..., Pavel Machek, (Sun Aug 17, 3:58 pm)