Welcome to SafeInternetEmail

News

• Home
• About Us
• Demo
• About SIE
• Support

CyberSoft News For June 2001

Client Success Stories

by CyberSoft, Inc. All rights reserved. Please feel free to forward copies of this newsletter provided the newsletter to your colleagues

Your Computer Security and Virus Solutions Provider Since 1988

"We Make It Work"

** If you are having a problem reading HTML, please email me and I will be happy to send you a plain text version! **

TOPICS

1. Hot, New Release: CyberSoft's Wave * Easiest to install & use *
2. How "To Do" Section: Jim Roach
3. Let's "Talk" About CyberSoft's "SafeInternetEmail"
4. Questions Most Often Asked & Answers
5. Client Success Stories
6. Message From The President: Peter Radatti
7. A Word From Our Virus Wrangler: Barbara Higgins
8. How to Contact Us

Hot, New Release: CyberSoft's "Wave" Antivirus

Wave is a new desktop virus scanner and security software package based upon tried-and-true CyberSoft technology, as embodied in the VFind Security Toolkit that is presently protecting vital computer systems all over the world.

Wave works on all Microsoft Windows and 32 bit systems.

To find out more information about Wave, to obtain documentation of the Wave GUI, or to receive information about the latest modifications and bug fixes, please email us at Info@cybersoft.com.

How "To Do" Section

This is an interactive shell script. It will search for infected files. When an infected file is found, the user is queried as to whether or not this file is to be moved. If and only if the user responds with a 'y' for yes is the file moved to the QUARANTINE directory.

This shell script should be used with caution. If any system files are moved, the user may not be able to reboot the computer or perform system administrative actions.

#!/bin/sh # # vfmv (VFind Move) Version 1.0 # Copyright 1998-2001 by Peter V. Radatti. All rights reserved.

echo "Vfind interactive disinfector by quarantine. Example Program" echo " " echo "This program works by moving files suspected of being infected with" echo "a computer virus to a directory named QUARANTINE." echo " " echo "Please note that if you move any important system files it may" echo "cause the system to crash or not reboot." echo " " echo "NOTE: This script will scan any existing QUARANTINE directories."

echo "You need to say no to a move request on an already Quarantined file." echo " "

#### # The environment variable BIN_DIR may need modifying for each installation ####

BIN_DIR=/usr/bin export BIN_DIR

#### # Lets make sure the quarantine directory exists ####

if [ ! -d ./QUARANTINE ]; then mkdir ./QUARANTINE 2>/dev/null

#### # We don't want anyone poking around in the quarantine directory except for the owner ####

chmod 700 ./QUARANTINE fi

#### # Find each of the infected files ####

for subname in `find / -type f -print | egrep -v '^(/dev/|/proc/)' \ | ${BIN_DIR}/vfind --quiet=2 \ | grep "##==>>>>" | grep "FILE:" | awk -F: '{print $2}'`

do # Tell the user the name of the infected file and give # them the option to move it echo "Infected filename is: $subname" ${BIN_DIR}/vfecho-n "Move it now? (y/n): " read ansr while [ "$ansr" != "y" -a "$ansr" != "n" ] do ${BIN_DIR}/vfecho-n "Please answer y or n : " read ansr done if [ "$ansr" = "y" ] then /bin/mv $subname ./QUARANTINE/$subname if [ "$?" != "0" ] then echo "An error attempting to remove this file has occurred." echo "This may be caused by the file having already been erased" echo "or a file permission problem. Please review the file" echo "later. PROCESSING CONTINUES" fi fi

if [ "$ansr" = "n" ] then echo " " echo "File not moved -- continuing" echo " " fi done

# Lets make sure that everything in the quarantine directory stays there.

cd ./QUARANTINE /bin/rm -f INDEX-QUARANTINE 2>/dev/null ls -l > INDEX-QUARANTINE chmod 500 *

# We are done. Wrap it up. echo "Job Complete. Quarantined files contained in ./QUARANTINE"

Let's "Talk" About CyberSoft's "SafeInternetEmail"

CyberSoft, Inc., the creator of the VFind Security ToolKit, is proud to announce its latest service, SafeInternetEmail.Com

SafeInternetEmail.com is a service that protects your email from viruses, spam, and harassing email. Not only does this work on Windows (all versions) but it also works on MSDOS, Apple Macintosh, all Unix Systems, Linux, Java thin clients, and even Web Enable Cell Phones!!

What's so simple is that there are no downloads, no software, no manuals, and no maintenance! All you have to do is give us your domain name, we set it up, and we maintain it either at our site or your site and you maintain control (large sites only)!

We have decided to give all of our clients a ONE MONTH FREE TRIAL! No obligations, no commitments! Just give us a month and you will be convinced that SafeInternetEmail is right for you!

Questions Most Often Asked & Answers

Q: Where does your product get installed if I choose the default installation on a Unixplatform? A: /user/lib/vstk

Q: When running Trojan Horse Detector (THD) what kind of files should be included in the alarm file? A: Any files that you do not want on your system. (E.G.. games, pictures, mpegs, Et C.)

If you have any technical questions that you would like for us to answer, please email us at support@cyber.com.

Client Success Stories:

"As an Internet Administrator whose main servers are Sun Unix systems, I always seem to be fighting that never ending battle of keeping Crackers off my computers. Even with the security patches and router access control, one of those perps got lucky. If it wasn't for your Cybersoft Cryptographic Integrity Tool (CIT), I would never have known that my /etc/rc* boot files were modified. CIT has really made my life easier administering my system. Besides saving my proverbial skin that day...I look at thatoutput everyday to give me an indication of what is going on the whole system. Great Tool!"

If you have any successful stories that you would like to share with us, please email me at medalis@cyber.com.

(Note: If you wish to remain unanimous, please indicate. We reserve the right to respect everyone's privacy!)

Message From The President

Just like Hollywood, we expect to release some great summertime block busters. The first blockbuster will be a new version of VFind. This version will use significantly less memory and should also run faster. New versions of VFind will be released all summer long. These new versions will concentrate on speed, memory and control features.

The second block buster will be a new version of CIT. This new version will take about the same amount of time to run as the current version but when used with VFind, the "wall clock" time should be significantly reduced.

The third block buster will be a new version of the MVFilter program.MVFilter is used to disinfect macro viruses from OLE files. One of the new features is the ability to remove "ghost viruses" left in an OLE file by anti virus products other than ours. We don't leave ghosts!!

Look for additional notices about enhancements to the other tools in addition to the release of new tools in our forthcoming issues.

A Word From The Virus Wrangler

Why are Macrovirii "Haunted"?

I've been contacted many times by users wondering why some products detect macrovirii which are supposed to be clean. Upon examination of the virus, one can find a simple reason—the macro virus has not actually been "cleansed" of the virus code. Rather, its initiator string, required to activate the virus, has been removed by the "cleaning" process of an antivirus product rendering it inert but still leaving the actual code behind which is detected intact. In order to avoid detection of a "ghost" (a false positive), an antivirus product has to ignore the virus code in the file body if the initiator is determined to be missing. No initiator, no threat, no detection!!

Similarly, some files can be determined to be "infected" when theyare not because the antivirus product doesn't look for the initiator string in the first place. This accounts for document and html files being pinged as infected. If the antivirus product searches through a file and is using a string which is in text, document, or html format, that string will detect a similar string within the document or html file and register as "infected". The use of strings to detect the macro initiators prevents this sort of false detection.

Editor's Note

To subscribe or unsubscribe, please email me at support@cyber.com

How To Contact Us:

Phone: Voice: 610-825-4748
Fax: 610-825-6785
Mondays - Fridays: 8 A.M. - 5 P.M. EST

Email:
General Email Address: info@cyber.com
Sales Email Address: sales@cyber.com
Tech Support Address: support@cyber.com

Mail: 1508 Butler Pike, Conshohocken, PA 19428

View CyberSoft On-line Magazine Archive