On Mon, 11 Aug 2008 11:01:57 +0200 Itschak Mugzach <[EMAIL PROTECTED]> wrote:
:>malicious code = non normative code, a code that makes things not allowed or :>planned intentionally or not. If you can define what "normative" is, you can scan for the other. :>Moving literals into record is suspected, not always a malicious code. Why? I do not understand your use of the term "malicious". You seem to be referring to possible bugs. :>On 8/11/08, Binyamin Dissen <[EMAIL PROTECTED]> wrote: :>> On Mon, 11 Aug 2008 09:30:57 +0200 Itschak Mugzach <[EMAIL PROTECTED]> :>> wrote: :>> :>I know some products that checks program complexity, and even those who :>> look :>> :>into specific command usage. But this time I am looking for a product to :>> :>analyse mainframe traditional language (Cobol, PLI, etc) for malicious :>> code. :>> :>I have some ideas like the usage of string command, Input that come :>> outside :>> :>a file record, etc. :>> :>What are you using to analyse your code? :>> Define "malicious code". :>> Why is "input that come outside a file record" malicious? -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
