Mark, > Needless to say, there are a significant number of what > I would call "questionable" files on the box. Some of > them I can quickly identify, albeit not authoritatively > at this point, (e.g. httpodbc.dll), but others I cannot. I'd like to suggest something...that you not only MD5 these files, but also generate a SHA-1 hash for each. Also, you can perform other analysis/queries on the files, such as attempting to derive vendor information from executables, as w/ finfo.pl (http://patriot.net/~carvdawg/perl.html). Given compression and packing routines available, it's unlikely that you'll find any sort of comprehensive database of MD5 hashes. If you're looking for assistance, or just want another set of eyes on the files, I'd be willing to take a look at them. Thanks, Carv __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:21:11 PST