Swen Detection code

  • Thread starter logistix at cathoderaymission.net
  • Start date
L

logistix at cathoderaymission.net

Writing pop3 filters in python seems to be a pretty popular activity
today. ;)

So far it looks like the actual executable attachment isn't mutating
like subject lines, from and to fields are. I wrote some code that
scans message bodies for content-types that shouldn't be executable
(such as midis and wavs) and also scans content-types that should be
executable for the virus signature.

I just included the whole base64 encoded virus in the source file so
it's too large to post to usenet. The code is available at:

http://www.cathoderaymission.net/~logistix/python/detectSwen.py

(I'll also email if anyone requests).

This code does NOT interface with pop or hit your mailserver. It only
provides a predicate function for virus signature detection. It also
doesn't do anything with bad bounces where the attachment has been
stripped.

As usual, use care when automatically deleting emails.

It'd also be a bad idea to do something like
file("test.exe","wb").write(base64.decodestring(virusSig))) ;)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top