.

tools to savn network for viruses

<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Fri Dec 12, 2008 1:03 am

tools to savn network for viruses

Hi,
  I am looking after the tool which scan latest viruses,worm and malware with out getting installed in clients.
Tools which will scan network with IP range just like angry IP scanner.
Please help to get such tool.

Thanks in advance
<<

jimbob

Post Fri Dec 12, 2008 7:09 am

Re: tools to savn network for viruses

I'm not aware of any AV product that works without being installed on the client. I can think of some ways you could detect malware on your network...

  • Run the AV scanner against a shared file system e.g. the windows C$ share.
  • Use a network-based IDS e.g. snort to look for virus/trojan signatures on the network
  • Scan hosts for malware services e.g. trojan ports, mail/irc relays

None of these are going to stop the clients getting infected, this will only detect infection after the event.

Jimbob
<<

adamj

User avatar

Newbie
Newbie

Posts: 17

Joined: Wed Jan 23, 2008 11:49 pm

Location: Maryland

Post Fri Dec 26, 2008 12:40 am

Re: tools to savn network for viruses

The only reason that Angry IP scanner can work is that it is looking for what services are listening on the target host/s.
A lot of viruses/malware don't listen on the target host/s; and I would guess that most worms are not following usual protocols, so scanning infected hosts with listening ports is not going to give you reliable results.
There's at least one tool I know of which does what you want, but it only does it for one worm: eEye/Retina's Sapphire SQL Worm Scanner.  I think they did one for Nimda also. 
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Fri Dec 26, 2008 10:08 pm

Re: tools to savn network for viruses

You could also use something like Kaspersky's online scanner

http://www.kaspersky.com/virusscanner

Not the worlds best option, but possibly better than  nothing.
<<

elcapitan

User avatar

Newbie
Newbie

Posts: 28

Joined: Mon Apr 28, 2008 10:16 am

Post Fri Dec 26, 2008 11:37 pm

Re: tools to savn network for viruses

nmap should be capable of doing this with the nmap scripting engine (NSE). Might be a steeper learning curve than some of the vendor tools out there.

I'm about to checkout the new nmap text, let me know if you peruse it. It looks good.

If you're looking for specific exploits or certain traffic, you can always resort to some fancy Ethereal filters. I used that when some of the clients I had were infected with the Welchia/Nachi/MSBlast worm.
Last edited by elcapitan on Fri Dec 26, 2008 11:39 pm, edited 1 time in total.
CISSP, Security+, CEH, OPP, et alii

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software