lbt - CyberSoft’s Loopback Tail Tool
Synopsis
Description
Options
Usage
Input
Output
Files
See Also
Bugs
Copyright
lbt [ -c, --copyright ] [ -h, -?, --help ] [ -v, --version ] lbt [ -db=name, --database=name ] [ -a, --append ] [ -r=num, --restrict=num ]
CyberSoft, Inc.’s Loopback Tail Tool is part of the VFind Security ToolKit. lbt is used along with lbh to ensure that unchanged but infected files are reanalysed by vfind. lbh will read filenames from a database. This database can be created anyway the user wishes so long as it is a flat text file that contains one filename per line. lbt is provided as part of the VSTK to use vfind output to create a database suitable for use with lbh. lbt will read data from the standard input stream and write it to the standard output stream. lbt will create a database if the -db=name option is specified.
-c, --copyright Display copyright information and then exit. All other options will be ignored. -h, -?, --help Display usage message and then exit. All other options will be ignored. -v, --version Display version information and then exit. All other options will be ignored. -db=name, --database=name Use name as the database. Without this option, lbt will enter passthru mode (read from stdin and write to stdout). -t dir, --tmpdir dir Set the directory lbt uses for its temporary database file to dir. Without this option, uad will use the default temp directory appropriate to the operating system. -a, --append When a pre-existing database is specified, the append option causes new entries to be appended to the end of the database, otherwise, lbt will overwrite the database. -r=num, --restrict=num The restrict option allows lbt to use the choke method (as described in vfind) to limit output as described in the table below.
Num Chevron Meaning
--------------------------------------------
1 ##==> Informational Message
2 ##==>> VFind Warning
3 ##==>>> Serious VFind Condition
4 ##==>>>> Possible Virus Detection
lbt reads output from vfind and depends on vfind’s uniform chevron output.
Example:
find / -type f | cit | lbh -db=lb.db | \
uad -s -ssw | vfind -ssr | lbt -db=lb.db -a
lbt can be used with the -r=num option to choke vfind’s output. The choke method is discussed in detail in the vfind man page.
(none)
find(1), cit(1), vfind(1), uad(1), lbh(1).
Please report all bugs to support@cyber.com. Make sure to include the version of lbt, the platform and OS, the script or command used, the complete output showing the bug, a short description of the problem, and contact information.
Copyright 1999-2000 by CyberSoft, Inc. All rights reserved.
| CyberSoft, Inc. | lbt (1) | October 2000 |