64 lines
2.2 KiB
Plaintext
64 lines
2.2 KiB
Plaintext
|
|
V I R S O R T 1.1 beta
|
|
|
|
|
|
Why you need Virsort ?
|
|
|
|
You collect virii and the collection growed up to a few thousand samples
|
|
and each week you get another few hundred samples?
|
|
Than you have the problem to analyse and sort them into directories
|
|
spending hours while doing do.
|
|
VIRSORT takes this work away from you. It analyzes a scan list from the popular
|
|
anti-virus program F-Prot by Fridrik Skulason and compares the incoming
|
|
virii against your own. After doing so it sorts out the dupes and copies the
|
|
new virii in separate directories.
|
|
|
|
How to use:
|
|
|
|
1. Make an F-Prot list of your virii and don't forget to add the /nowrap
|
|
command line parameter.
|
|
2. Copy this list in the same directory as virsort.exe
|
|
3. Type virsort -b <fprot.list> to create a database and you'll get some
|
|
few files:
|
|
|
|
virsort.dat = The database
|
|
unsort.log = Suspicious files not identified 100% (sort them in
|
|
manually
|
|
new_vir.log = The new virii
|
|
trojans.log = Trojan horses
|
|
variants.log = New or modified virii
|
|
possible.log = Possibly infected files
|
|
|
|
4. Type in virsort -s <database> <target-directory> <- no backslash at
|
|
the end and virsort will create new directories and copies the viruses
|
|
into them.
|
|
|
|
You can use the -sd switch instead to move the files into the target
|
|
directory, othwise they'll be copied.
|
|
Note: The dupes are not removed. I'll fix this in future versions of
|
|
my software.
|
|
|
|
5. You get a new collection?
|
|
Make a F-Prot file and type
|
|
virsort -c <new-fprot-log> <output-file>
|
|
|
|
The output file contains the new virii list in binary format.
|
|
Go to step 4 to sort them in.
|
|
|
|
Virsort asks you for updating your database now.
|
|
If you type 'y' the incoming virii are added to your database
|
|
and the old database is deleted.
|
|
|
|
I can't garantee that there are no bugs in it, if you recognize some
|
|
please let me know.
|
|
This software is published as Public Domain, so you can spread it to
|
|
everybody who wants it, but you are not allowed to take a fee for it.
|
|
Further and improved versions will be published as Shareware.
|
|
|
|
Please apologize any spelling mistakes.
|
|
|
|
Christian Julius
|
|
Germany
|
|
email: chj@ing.ruhr.de
|
|
|