病毒检测方法
1、靜態文件檢測
利用文件頭部相應屬性的Md5值作為特征進行網絡數據文件的檢測,一般用于網關產品。
2、動態文件檢測
將病毒文件運行到虛擬系統中,利用文件的動作行為檢測是否為病毒,如殺毒軟件。
利用文件頭部相應屬性的Md5值作為特征進行網絡數據文件的檢測,一般用于網關產品。
2、動態文件檢測
將病毒文件運行到虛擬系統中,利用文件的動作行為檢測是否為病毒,如殺毒軟件。
判斷文件或URL是否為惡意的主要開源網站為:virustotal.com,包含41款殺毒軟件,功能非常強大,速度非常快1分鐘之內完成掃描,virscan.com包含36款殺軟但掃描速度慢一般需要5-15分鐘。
其它網站:
http://sectools.org/tool/
http://www.malwarebytes.org/products/malwarebytes_pro/
http://www.malwarebytes.org/products/malwarebytes_pro/
http://www.malwaredomains.com/Antivirus products
- Agnitum (Agnitum)
- AhnLab (V3)
- Antiy Labs (Antiy-AVL)
- Aladdin (eSafe)
- ALWIL (Avast! Antivirus)
- AVG Technologies (AVG)
- Avira (AntiVir)
- BitDefender GmbH (BitDefender)
- ByteHero Information Security Technology Team (ByteHero)
- Cat Computer Services (Quick Heal)
- Commtouch (Command Antivirus)
- ClamAV (ClamAV)
- Comodo (Comodo)
- Doctor Web, Ltd. (DrWeb)
- Emsi Software GmbH (Emsisoft)
- Eset Software (ESET NOD32)
- Fortinet (Fortinet)
- FRISK Software (F-Prot)
- F-Secure (F-Secure)
- G DATA Software (GData)
- Hacksoft (The Hacker)
- Hauri (ViRobot)
- Ikarus Software (Ikarus)
- INCA Internet (nProtect)
- Jiangmin
- K7 Computing (K7AntiVirus)
- Kaspersky Lab (Kaspersky)
- Kingsoft (Kingsoft)
- McAfee (VirusScan)
- Microsoft (Malware Protection)
- Norman (Norman Antivirus)
- Panda Security (Panda Platinum)
- PC Tools (PCTools)
- Rising Antivirus (Rising)
- Sophos (SAV)
- Sunbelt Software (Sunbelt antivirus)
- SUPERAntiSpyware (SUPERAntiSpyware)
- Symantec AntiVirus
- TodalDefense (TotalDefense)
- Trend Micro (TrendMicro, TrendMicro-HouseCall)
- VirusBlokAda (VBA32)
File characterization tools & datasets
- Androguard (Anthony Desnos)
- Cuckoo Sandbox (Claudio Guarnieri)
- ExifTool (Phil Harvey)
- Magic descriptor (Linux)
- NSRL information (NIST's National Software Reference Library)
- PDFiD (Didier Stevens)
- pefile (Ero Carrera)
- PEiD (Jibz)
- Sigcheck (Mark Russinovich)
- ssdeep (Jesse Kornblum)
- TrID (Marco Pontello)
Website/domain scanning engines & datasets
- Alexa (Amazon)
- AlienVault (AlienVault)
- Antiy-AVL (Antiy Labs)
- Avira Checkurl (Avira)
- BitDefender (BitDefender)
- CLEAN MX (CLEAN MX)
- Comodo Site Inspector (Comodo Group)
- C-SIRT (Cyscon SIRT)
- Dr.Web Link Scanner (Dr.Web)
- EXPOSURE: Exposing Malicious Domains (iseclab.org)
- G-Data (G Data)
- Google Safebrowsing (Google)
- hpHosts (Malwarebytes)
- K7AntiVirus (K7 Computing)
- Malc0de Database (Malc0de)
- Malware Domain Blocklist (Malware Domain Blocklist)
- Malware Domain List (DNS-BH Malware Domain List)
- MalwarePatrol (MalwarePatrol)
- Minotaur (NovCon Solutions)
- Netcraft (Netcraft)
- Opera (Opera)
- Palevo Tracker (Abuse.ch)
- ParetoLogic URL Clearing House (ParetoLogic)more info
- Phishtank (OpenDNS)
- SCUMWARE (Scumware.org)
- SecureBrain (SecureBrain)
- Sophos (Sophos)
- SpyEye Tracker (Abuse.ch)
- Sucuri SiteCheck (Sucuri)
- Trend Micro Site Safety Center (Trend Micro)
- urlQuery (urlQuery.net)
- VX Vault (VX Vault)
- Websense ThreatSeeker (Websense)
- Webutation (Webutation)
- Wepawet (iseclab.org)
- WOT (Web Of Trust)
- Yandex Safebrowsing (Yandex)
- Zeus Tracker (Abuse.ch)
- Zvelo (Zvelo)
File characterization tools & datasets
- Androguard (Anthony Desnos)
- Cuckoo Sandbox (Claudio Guarnieri)
- ExifTool (Phil Harvey)
- Magic descriptor (Linux)
- NSRL information (NIST's National Software Reference Library)
- PDFiD (Didier Stevens)
- pefile (Ero Carrera)
- PEiD (Jibz)
- Sigcheck (Mark Russinovich)
- ssdeep (Jesse Kornblum)
- TrID (Marco Pontello)
總結
- 上一篇: 使用SpringBoot编写电脑商城项目
- 下一篇: 杰理之FM 模式单声道或立体声选择设置【