You are correct that this post is misnamed in using the word 'Protection' - it should have been 'Warning'.
There is little you can currently do to prevent a perl script running with sufficient permissions to write to
files writing to files! You can detect this though, which was the point.
Detecting damage is a worthwhile endeavour as you can run a script like:
#!/usr/bin/perl -w
# clean.pl
# this code will remove the viral infection when run in same dir
# as a virus if you add the viral code to the data section
local $/;
$signature = <DATA>;
1 while $signature =~ s/\n$//g;
$signature = quotemeta $signature;
while (<*>) {
next unless $_ =~ m/\.(pl|cgi|pm)$/;
open (FILE, "<$_") or die "Unable to check $_ for infection";
$check_if_infected = <FILE>;
close FILE;
if ($check_if_infected =~ s/^$signature//) {
open (CLEAN, ">$_") or die "Unable to disinfect $_";
print CLEAN $check_if_infected;
close CLEAN;
print "Uninfected $_\n";
}
}
__DATA__
# Viral code goes here as the viral signature
Whist neither of these pieces of code 'prevent' infection by either your code, mine or any of the others,
if you add these two pieces of code together you can detect and repair which is about the best you
can hope for without writing some very OS invasive antiviral software. Noton Antivirus slows my dos box
by a measured 50-60% for most tasks as it is continually vetting executing threads. |