• Home
• Products
  •     The VSTK Family
    •         What's New
    •         VSTK
    •         VSTK Professional
    •         VSTK Enterprise
    •         Upgrade to Turbo
    •         Component List
  •     Wave AntiVirus
  •     Services
  •     Product Testing
  •     Free 30-Day Demo
  •     Software License
• Support
  •     Login to MyCyberSoft
  •     FAQ
  •     System Compatibility
  •     White Papers
  •     Known Bugs & Limitations
  •     Training Manuals
  •     Help Ticket
  •     Types of Threats
• Purchasing
  •     Master Price List
  •     Dealer Network
• About Us
  •     About CyberSoft
  •     Why CyberSoft?
  •     Legal Info & Patents
  •     Mission Statement
  •     Partners
  •     Testimonials
  •     Cyber.com
  •     Affiliations
  •     508 Compiance
  •     E.E.O./Affirmative Action
  •     Privacy Statement
• Newsletter
  •     Latest Newsletter
  •     Newsletter Archives
  •     Subscribe
• Contact
  •     Contact Form
  •     Careers at CyberSoft

VFind™

VFind™ is the virus scanner and pattern analysis tool. It is unlike any other virus scanner in existence. It was the first antivirus scanner for Unix, the first heterogeneous virus scanner, and the first scanner to incorporate a full virus description language, CVDL. Unlike most virus scanners, it actually searches for attacks in a file based upon what the file actually is. Most virus scanners assume that the filename is a description of the file type. VFind™ determines the file type by direct examination of the file's contents. This makes VFind™ significantly more powerful than a virus scanner that only searches in files with the ".com" and ".exe" filename extensions for Microsoft executable viruses because it is not reliant upon a filename which in a hostile environment (such as a virus attack) could be wrong. Without this additional functionality, a mere filename change can be used as a form of stealth attack. In addition, this allows VFind™ to examine data in a byte stream in which filenames may not exist. This can be a significant feature if your computer is network attached.

VFind™ is also heterogeneous. This is critical in a server environment. Often a server will contain executable programs for network attached client systems of a different architecture. A very common example of this is a Unix server providing network disk services to Microsoft NT workstations. In this case, the Unix system can harbor viruses for the NT system even though it is itself immune to that attack. VFind™ solves this problem by simultaneously searching for Unix, Microsoft (MSDOS, boot sector, Win-32 and OLE Macro), Macintosh, Amiga and Java viruses.

VFind™ also includes the CVDL system. This system allows the user to define new attacks or any other type of information that can be examined by advanced pattern analysis. One such use for the CVDL system is to search for words or phrases that are not allowed on a system. These phrases could be proscribed as part of a organization policy such as sexual harassment or it could be part of a compartmentalization policy for handling classified information or for restricting what programs may reside on a computer by direct examination. It also allows for reactive processing of espionage attacks in which data is being moved within a system. Finally, CVDL allows for very fast updates of the VFind™ tool to search for new attacks without the need for replacement of the binary executable.