Assuming you were scanning line for line. There is a bunch of system tools to automate scanning through multiple files. If the trojan was enclosed in <blink></blink> you could run grep "<blink>" ./*
To find it. If you found a relation in the malicious source, you could easily grep for common traits. -----Original Message----- From: Alexandros Papadopoulos [mailto:apapadop@;cmu.edu] Sent: Tuesday, October 15, 2002 10:22 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: sendmail trojan -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 09 October 2002 12:50, jnf wrote: > hi, ive got a question, it seems several oss programs of late have been > trojaned at the provider level- which leads me to wonder if this is a > message 'read your source', which made me wonder, are these trojans > obvious? as in if you just scanned over the source would you see them? if > anyone has a copy of some of the source that is trojaned, or knows where i > could find some, it would be appreciated. thnx > > j Frankly, even if the trojan was enclosed in <blink></blink> statements, in 80,000 lines of code it would be lost. It's not feasible for one single coder to proofread everything he/she compiles. You have to implicitly trust the coder/maintainer/distributor, I see no other way. - -A - -- http://www.andrew.cmu.edu/~apapadop/pub_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9rPeGgmAMwQt1gmURAtA0AJ9/N81Hyu100xokVq0c2vXZALt/egCfdGFd DAoKH5PmL2GPQk6aFJt4B0w= =7MAJ -----END PGP SIGNATURE-----