On mer, 2008-02-27 at 21:02 +0000, brian m. carlson wrote:
> What does this do that file(1) does not?
>
> lakeview ok % file setup.exe
> setup.exe: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX
> compressed
>
It search for executables files that doesn't have the right extension.
Main goal is to find malicious win32 executables on compromised systems.
You can do that with file but have to script a lot.
$ find /target ! -iname "*.exe" -exec file '{}' ';' | egrep "MS-DOS
executbale"
This simple example does not take the whole bunch of possible extensions
into account nor the possibles different descriptions that "file" have
for win32 executables.
missidentify will certainly do a better and faster job on real systems
with thousand of files.
--
Christophe Monniez
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
