On 9/23/21 02:10, Kenneth Porter via MIMEDefang wrote: > I'm already running ClamAV and I block on file extensions. Is there any way > to recognize executables by content and block them? I just saw this article > on a coming attack vector through Windows Subsystem for Linux (WSL) in which > the payload is an ELF binary that then downloads and spawns a Windows binary. > > <https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/> > > The hard part would be defining "executable" but that could be extensible. > File::LibMagic is the way to go, it will check the file using magic(5) and report info about the file format. Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. MIMEDefang mailing list [email protected] https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
