Homepage
cabney
cabney at cyberpass.net
Wed May 16 06:16:06 CDT 2001
~sdpm~
On Wed, 16 May 2001, Bob Kleemann wrote:
> It's looking like we have a virus here, text of the attachment:
Can anyone tell me what it's doing? (I get dizzy reading VB)
Uh, here you can look at it with this:
=8<====
#! /usr/bin/perl -w
use strict;
my ( $OutLookVirusF, $bad_by_definition, $yehrite );
$OutLookVirusF = shift;
die "File not found\n" unless -f $OutLookVirusF;
open V, "< $OutLookVirusF" or die ("problem opening $OutLookVirusF: $!\n");
while ( <V> )
{
my $line = $_;
if ( $line =~ /Execute DeCode/i ) {
my ( $pre, $post );
$line =~ /^(.*)"(.*)"(.*)$/;
($pre, $yehrite, $post) = ($1,$2,$3);
$bad_by_definition .= "${pre}__ICKENC__${post}";
} else {
$bad_by_definition .= $_;
}
}
close V, or die ("problem closing $OutLookVirusF: $!\n");
$yehrite = pack "C*", map {
($_==15) ? 10 :
($_==16) ? 13 :
($_==17) ? 32 :
($_==18) ? 9 :
$_-2
} unpack "C*", $yehrite;
$bad_by_definition =~ s/__ICKENC__/\'$yehrite\'/;
print $bad_by_definition;
=8<====
CA
--
There was a time
A wind that blew so young
For this could be the biggest sky
And I could have the faintest idea
~sdpm~
The posting address is: san-diego-pm-list at hfb.pm.org
List requests should be sent to: majordomo at hfb.pm.org
If you ever want to remove yourself from this mailing list,
you can send mail to <majordomo at happyfunball.pm.org> with the following
command in the body of your email message:
unsubscribe san-diego-pm-list
If you ever need to get in contact with the owner of the list,
(if you have trouble unsubscribing, or have questions about the
list itself) send email to <owner-san-diego-pm-list at happyfunball.pm.org> .
This is the general rule for most mailing lists when you need
to contact a human.
More information about the San-Diego-pm
mailing list