'PDF'에 해당되는 글 16건
- 2014.07.08 SnortDLP - an open source DLP solution utilizing snort
- 2013.10.24 PDFDot v0.23 : PDF 분석 및 시각화 도구
- 2013.09.30 ClamAV 0.98 has been released!
SnortDLP a.k.a. "Pig Pen" is an open source data loss prevention project that utilizes Snort to detect the exfiltration of sensitive data.
Web based application
- Written in PHP and utilizes a MySQL backend for cross operating system portability
- Administrative login to protect unauthorized access
- Determines a unique fingerprint for
- free text
- individual documents
- each document in a repository of sensitive documents
- database tables (future)
- Supports plain text documents (including doc, ppt, etc) and emails
- Generates Perl-compatible regular expressions (PCREs) and automatically adds a custom snort rule for each document or file
- Detects and alerts administrators through a Snort interface
- Flagging and carving out zip/pdf files based on file headers
- Office 2007 (docx, pptx, xlsx) support
- PDF support
- Email integration
출처 : https://code.google.com/p/snortdlp/
출처 : www.nurilab.com
ClamAV 0.98 includes many new features, across many different components
of ClamAV. There are new scanning options, extensions to the libclamav API,
support for additional filetypes, and internal upgrades.
- Signature improvements: New signature targets have been added for
PDF files, Flash files and Java class files. (NOTE: Java archive files
(JAR) are not part of the Java target.) Hash signatures can now specify
a '*' (wildcard) size if the size is unknown. Using wildcard size
requires setting the minimum engine FLEVEL to avoid backwards
compatibility issues. For more details read the ClamAV Signatures
- Scanning enhancements: New filetypes can be unpacked and scanned,
including ISO9660, Flash, and self-extracting 7z files. PDF
handling is now more robust and better handles encrypted PDF files.
- Authenticode: ClamAV is now aware of the certificate chains when
scanning signed PE files. When the database contains signatures for
trusted root certificate authorities, the engine can whitelist
PE files with a valid signature. The same database file can also
include known compromised certificates to be rejected! This
feature can also be disabled in clamd.conf (DisableCertCheck) or
the command-line (nocerts).
- New options: Several new options for clamscan and clamd have been
added. For example, ClamAV can be set to print infected files and
error files, and suppress printing OK results. This can be helpful
when scanning large numbers of files. This new option is "-o" for
clamscan and "LogClean" for clamd. Check clamd.conf or the clamscan
help message for specific details.
- New callbacks added to the API: The libclamav API has additional hooks
for developers to use when wrapping ClamAV scanning. These function
types are prefixed with "clcb_" and allow developers to add logic at
certain steps of the scanning process without directly modifying the
library. For more details refer to the clamav.h file.
- More configurable limits: Several hardcoded values are now configurable
parameters, providing more options for tuning the engine to match your
needs. Check clamd.conf or the clamscan help message for specific
- Performance improvements: This release furthers the use of memory maps
during scanning and unpacking, continuing the conversion started in
prior releases. Complex math functions have been switched from
libtommath to tomsfastmath functions. The A/C matcher code has also
been optimized to provide a speed boost.
- Support for on-access scanning using Clamuko/Dazuko has been replaced
with fanotify. Accordingly, clamd.conf settings related to on-access
scanning have had Clamuko removed from the name. Clamuko-specific
configuration items have been marked deprecated and should no longer
There are also fixes for other minor issues and code quality changes. Please
see the ChangeLog file for details.
The ClamAV team (http://www.clamav.net/team)