EduSweep 2: Sneak Peek 3
Itís nearly beta time, folks! Now that I have a little time free to work on my projects again thereís some good work going on behind the scenes and another component gets ticked off as finished. Today thatís the File Inspector - a new tool in this release.
Iíve lost count of the number of files Iíve come across and thought ďWhat on earth is that doing there? Where did it come from!?Ē. All too often, harmless-looking files are renamed copies of dangerous scripts or programs. For example, what if My Coursework.doc is actually a copy of lophtcrack.exe or even a virus?
Often, you can do a little detective work of your own but the file inspector makes light work of it. With a single click you can access owner information, view created, modified and last access dates and, most importantly, whether the file is what it seems to be. During development Iíve worked with Marco Pontello to incorporate his TrID file analyser into EduSweep. Together with my own EduEngine 2, the file inspector can tell you if everything isnít as it seems.
The inspector will show you, among other things:
* The extension that the file currently has - e.g .docx
* The extension that EduEngine and TrID think that it should really have - e.g. .exe
* The MIME type, as detected by Internet Explorer (application/x-zip-compressed)
* The most likely file format - e.g. Microsoft Word Open XML Document
When these have been detected, analysis notes will be presented which highlight any discrepancies and give the file an overall threat rating, allowing you to take appropriate action. Soon this technology will be integrated further, allowing the main engine to detect suspicious files for a truly intelligent scanner.