Hello, You might want to try the windows version of ClamAV. I haven't tried it personally, but it may be a suitable alternative to stinger.
There are many types of P2P. You can find evidence of them with most vulnerability scanners such as Nessus. Most NIDS also have rules to look for P2P apps as well. If you have budget for a commercial solution, our Passive Vulnerability Scanner lets you find P2P software through direct network sniffing. It also finds most server and client vulnerabilities, ports that are open or used to browse, NAT devices and so on. The URL for it is here: http://www.tenablesecurity.com/products/pvs.shtml Ron Gula, CTO Tenable Network Security http://www.nessus.org http://www.tenablesecurity.com http://blog.tenablesecurity.com At 09:30 PM 10/12/2006, Johnny Wong wrote: >Hello, > >I am part of the incident response team in my organization. Part of our daily >task is to respond the virus/worm incidents by remote scanning the suspected >machines. We have been using Stinger.exe from McAfee to do this. The pros of >using Stinger are (1) it's lightweight, (2) it's command-line executed hence I >could use Psexec with it. However, Stinger.exe hasn't been updated since May >06, and we have encountered situations where it failed to detect newer worm >variants. Can anyone point me to other lightweight virus/worm scanners out >there? > >Secondly, we have been having problems with P2P software running in our >networks. Time and again we have to use network logs to trace P2P-enabled >machines and tell the owners of these machines to uninstall the offending >software. Is there a scanning tool out there that can detect the presence of >P2P software on a machine? > >Thank you all, > >J Wong >Singapore ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
