Components of the VFind™ Security Toolkit Family of ProductsVFind™ is the virus scanner and pattern analysis tool in the toolkit, and is unlike any other virus scanner in existence. It was the first antivirus scanner for UNIX, the first heterogeneous virus scanner and the first scanner to incorporate a full virus description language, CVDL. Unlike most virus scanners, it actually searches for attacks in a file based upon what the file actually is. Most virus scanners assume that the filename is a description of the file type. VFind™ determines the file type by direct examination of the file's contents. This makes VFind significantly more powerful than a virus scanner that only searches in files with the “.com” and “.exe” filename extensions.
The Cryptographic Integrity Tool (CIT) detects virus, hacker, sabotage and baseline configuration violations from any source, using cryptographic change detection, reducing help desk turnaround time from hours to minutes! An end user calls stating the system doesn't work...they claim they didn't change anything, and a proposal on the system is due out the door by noon, today. Is it a user error, virus attack or sabotage? CIT will never lie and can not be tricked!
The Universal Atomic Disintegrator (UAD) solves two difficult problems - identification and decomposition. Decomposition of a file to it's smallest indivisible parts (universal atomic disintegration using classical Greek language meanings) is a difficult problem. First the program must have infallible identification of the file in order to decompose it. This is not a problem for UAD, which identifies the file by direct examination of it's contents.
Put simply, MVFilter disinfects OLE documents (Microsoft Word, Excel and PowerPoint) of macro viruses (both VBA and Word Basic). It does this in the same way that all antivirus programs disinfect macro viruses, by removal of the macro. The difference is that MvFilter was designed as a tool, and as such, it can be used for compartmentalization purposes in addition to it's reactive disinfection role.
Avatar maintains the system Baseline Configuration. It does so by executing system security policies that act as an intrusion detection and response system. The most important function of Avatar is response - if the system Baseline Configuration is modified for any reason, it will be detected by Avatar and returned to the correct Baseline Configuration. The value of Avatar's response system is that it enforces discipline via non-subjective automated process, which can execute many times per day.
Network Traffic Interceptor (NTI) allows for effective virus scanning of encrypted data on a network - it scans all traffic going into or out of a system, and can be executed on both the local workstation and on servers. Unless data is decrypted prior to scanning, any viruses that may exist will be hidden by the encryption algorithm along with the intentional hiding of data. NTI deals with SSL encryption and SMIME encryption. This technology is so sensitive that it can only be exported to certain countries.
VFind™ Daemon provides user applications virus scanning and detection services at a high level of performance. Running as a daemon process eliminates the need to re-initialize the scan engines on each request. Without the overhead of nitialization, files are processed as they are received, improving response time and minimizing the effect of virus scanning on the main application.
The Trojan Horse Detector (THD) answers the question - ”how do you find a chameleon Trojan horse attack when there are no contents to scan?“ The chameleon Trojan horse attack works because a user is able to redirect a system command to a program of the same name in a different location. The chameleon may or may not have contents...
The Loopback Head & Loopback Tail (LBH & LBT) ensure that unchanged (but infected) files are re-analyzed by VFind™. LBH reads filenames from a user-customized database; LBT uses the VFind™ output to create a database suitable for use with LBH.
The Java Disassembler (JDIS) The only sure-fire method of scanning java code for viruses is to break down the byte code to associate constant pool structures with their operations. JDIS quickly and effeciently disassembles Java Byte Code for a VFind™ scan, which is essential when confronting the latest Java-based Trojan Horse virus.
Bhead is a simple tool the solves complex issues. Unix systems do not have a convenient way of scanning for boot sector viruses, and scanning an entire drive just to detect a boot sector virus wastes time - Bhead reduces the byte stream tto the portion of the drive to allow the boot sector to be scanned.
The Miniweb Server is a compact web server based on the HTTP 1.1 standard. It supports the HEAD, GET, POST, and PUT access methods, the .htaccess file for access security, and SecureSocket Layer (SSL). The Miniweb Server is implemented on all platforms supported by VSTK, except those on which POSIX threads are not available(HPUX-10, IRIX-6.2-MIPS, and OSF-ALPHA).
VGUI allows access to VFind™, CIT, Avatar, and other functions of our toolkits by way of virtually any web browser homed to the Miniweb Server running on the target machine. The user can scan the system for viruses via VFind™, baseline the system via Avatar, and check system integrity via CIT. The VGUI allows even a non-UNIX user access to the great majority of the VSTK tools. Most functions can be executed by one or two simple button clicks.
Now available for download is the comprehensive training guide on how to use the VFind™ Security ToolKit Family of products to their full potential. Get insight into the many features of the VSTK line, along with learning some basic theories on computer security. Find out how the VSTK products can help you do more than just catch viruses.
Questions or comments about this website? Please contact the webmaster. 
© Copyright 2007 CyberSoft, Inc. All rights reserved.
