importing my PGP public key

Posted by jmunhoz on June 20, 2006

In my opinion, the simplest way to retrieve keys is fetching them from a keyserver. In GNU Privacy Guard you can import/update the new keys using the –keyserver and –search-keys switches.

Take into account that my public key is available from pgp.mit.edu and, although all the major keyservers mirror each other and you could probably get it from the keyserver of your choice, this one seems to be pretty reliable ;)

Please, feel free to mail signed and encrypted mails or ask for my fingerprint!

memory workarounds on Vista Beta 2

Posted by jmunhoz on June 15, 2006

Today i read some marketing stuff about the new Microsoft Vista Beta 2’s security enhancements and i must say they’re going to be effective countermeasures against virus, worms and overall malware.

I think the previous statement is ok because Microsoft decided to implement old and well tested opensource technology. With Vista Beta 2 ships security technology named ASLR, /GS, SAL, DEP, /SAFESEH, etc. They are different names for well-known fixes. The new NT revision contains numerous heap improvements too. At least four new (and well-known) enhancements are included:

  1. Checksumming heap blocks
  2. Xoring block elements with a random number
  3. Randomizing heap base addresses
  4. Xoring function pointers with a random number

If you want to get a quick mapping between the previous Microsoft technology and the original (six years old!) open technology available in Linux, OpenBSD, etc. then you should start reading this link. It contains good information about this tested and free technology with related projects (PaX, Exec Shield, W^X, NX bit, etc).

ClamAV ISO 9660 built-in support

Posted by jmunhoz on June 01, 2006

Some people asked me about the last ClamAV patch supporting ISO 9660 and its installation details. Building the source is easy although some people reported problems patching different versions. This post contains some information covering the process and version numbers.

The first step is downloading the source. You must download and patch the repository version, engine version devel-20060419, and not the last stable version ClamAV 0.88.2 or previous versions. This is a VERY important step ;)

Check out the unstable repository source …

cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/clamav co clamav-devel

When you own the source you’ll want to customize it with this patch. It will add transparent ISO 9660 built-in support for ClamAV (libclamav & clamscan) providing transparent scanning and better performance for ISO files.

jmunhoz@devel:~/clamav-devel$ patch -p0 < clamav_iso9660_bs.patch
patching file clamscan/clamscan.c
patching file clamscan/manager.c
patching file clamscan/options.c
patching file libclamav/Makefile.am
patching file libclamav/clamav.h
patching file libclamav/filetypes.c
patching file libclamav/filetypes.h
patching file libclamav/others.c
patching file libclamav/others.h
patching file libclamav/scanners.c
patching file libclamav/iso9660/iso9660.c
patching file libclamav/iso9660/iso9660.h

Compile and install the patched version ...

jmunhoz@devel:~/clamav-devel$ aclocal
jmunhoz@devel:~/clamav-devel$ automake
jmunhoz@devel:~/clamav-devel$./configure --prefix=/home/jmunhoz/clamav --disable-clamav
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
...
jmunhoz@devel:~/clamav-devel$make;make install

Test the new (patched) version ...

Without ISO 9660 support ...

jmunhoz@devel:~/clamav/bin$ ./clamscan image.iso
image.iso: OK

----------- SCAN SUMMARY -----------
Known viruses: 51884
Engine version: devel-20060419
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 0.879 sec (0 m 0 s)

With ISO 9660 support ...

jmunhoz@devel:~/clamav/bin$ ./clamscan --iso9660 image.iso
image.iso: Trojan.Hortiga.Cli FOUND

----------- SCAN SUMMARY -----------
Known viruses: 51884
Engine version: devel-20060419
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.04 MB
Time: 0.885 sec (0 m 0 s)

jmunhoz@devel:~/clamav/bin$

Another minor change for this new version is the switch --exclude-dir. It implements a quick hack to support directory exclusion. Options --include, --include-dir and --exclude are not implemented.

To enable the previous option you have to add the switch --exclude-dir

jmunhoz@devel:~/clamav/bin$./clamscan --iso9660 --exclude-dir='DIR1|DIR2' image.iso

The previous example doesn't scan paths containing 'DIR1' or 'DIR2' strings. Another regular expressions will work fine too.

For the record, another combination example is switching off archive support (zip, gz, etc.) with the --no-archive option.

jmunhoz@devel:~/clamav/bin$./clamscan --iso9660 --exclude-dir='DIR1|DIR2' --no-archive image.iso

Remember, this patch is alpha code. Apply it on your own risk.

Happy hacking!


Bad Behavior has blocked 6 access attempts in the last 7 days.