V3Genie system: an automated multi-scanner system
Kyu-beom HwangAhnlab
Corporate stream: Friday 26 Sept 2003, 15.40-16.00.
V3Genie system: an automated multi-scanner system
There are nearly no days that we don't receive new virus reports. AV researchers have been doing
a pretty good job on catching up with new reports and the releasing of their respective updates.
When the urgent new updates are released from AV vendors, there is usually a discussion about
the naming. For some security administrators, the necessity arose to identify the different
names between the AV vendors. Like the security administrators, AV researchers have been facing
the same headaching problems. To avoid the unnecessary conflict on names, we often refer to each
other by using tools such as VGrep. Some researchers code their own tool not only to get the
names information but also to utilize such data for technical support.
V3Genie is intended for this purpose. V3Genie utilizes the already released 'boxed' products and
get information from the installed - and updated - AV software from various vendors. V3Genie is
different from the traditional script oriented automated scanners. The automation of
script-oriented command line scanner automation requires the administrator to keep follow up
with updates - some manually, even - for the scanners can't utilize the built-in update
functions. V3Genie operates the installed program's built in feature - utilizing its GUI - for
tasks such as updating, configuring, and scanning.
V3Genie accepts various input methods, i.e. FTPs and/or Emails. PGPed files can ensure the
secured transaction of the files and reports between the reporter/researcher and the V3Genie
Systems Server to some degree. The reports generated by V3Genie include parsed log files from
each of the AV programs installed on the system.
This can be useful for both new viruses and naming comparisons for known viruses alike. Also,
if integrated with the Honey pot, this can benefit both researchers and administrators for they
can tell whether the newly accepted packet is worth taking time to look into even before checking
it out.
Unlike other efforts to automate this process, V3Genie requires only a single system unit to
operate. This can reduce the cost and time spent on traditional automated scanner systems.
