Script Spy

[bizzel]

I'm still hacking away at my helpdesk project but in the meantime I've been working on another program - somewhat like ANFS. Script Spy is a scanner for malicious scripts designed for use on medium/large networks. It features an efficient scanning engine and integration with ClamAV.

I'll be putting in a few niceties, such as the ability to find hidden scripts (eg. a .bat renamed to a .jpg), virus scanning of found scripts with ClamAV and automatic signature updates. Unlike my helpdesk, I'll have Beta quality code available in a couple of weeks time.

[plexer]

looks good.

Ben

[Dos_Box]

Ooooh. Handy.

[kmount]

Looking forward to giving that a whirl, good job.

[Sylv3r]

Sounds good.

Thanks

[bizzel]

Well I had a really quiet day at work (something that's happily becoming more common!) so I've been hacking away at the code. I've managed to almost double the speed of the scanning code and it's quite a lot more stable now. Using regular expression matching I've got the scanning engine hitting 4GB a second on a Pentium M 1.7 with 1GB RAM. That's also on a 4200rpm disk!

Obviously that will vary depending on the disk speed and whether you're scanning over the network as opposed to locally. Either way, I'm sure this is several times faster than using the built-in Windows search, not to mention that it scans for all specified filetypes in 1 run.

I've also optimised the threading so the GUI remains nicely responsive throughout. Hopefully I should have a working copy for you to try by the end of the week.

[bizzel]

Well the end of the week came and went and, like all programming deadlines, this one wasn't met. I've had a lot of difficulties with the scanning engine due to an interesting quirk of the .net framework when it comes to handling folder security.

I haven't given up though, the scanning is faster than ever. All that remains now is to squash a few bugs (I've already fixed a lot) and complete the front end. In order to make it as reliable as possible, I'm debugging it on a clone of my filesystem which I've deliberately corrupted. No deadlines this time, it's done when it's done.