Kyu-beom Hwang Ahnlab
V3Genie system: an automated multi-scanner system
There are nearly no days that we don't receive new virus reports. AV researchers have been doing a pretty good job on catching up with new reports and the releasing of their respective updates. When the urgent new updates are released from AV vendors, there is usually a discussion about the naming. For some security administrators, the necessity arose to identify the different names between the AV vendors. Like the security administrators, AV researchers have been facing the same headaching problems. To avoid the unnecessary conflict on names, we often refer to each other by using tools such as VGrep. Some researchers code their own tool not only to get the names information but also to utilize such data for technical support.
V3Genie is intended for this purpose. V3Genie utilizes the already released 'boxed' products and get information from the installed - and updated - AV software from various vendors. V3Genie is different from the traditional script oriented automated scanners. The automation of script-oriented command line scanner automation requires the administrator to keep follow up with updates - some manually, even - for the scanners can't utilize the built-in update functions. V3Genie operates the installed program's built in feature - utilizing its GUI - for tasks such as updating, configuring, and scanning.
V3Genie accepts various input methods, i.e. FTPs and/or Emails. PGPed files can ensure the secured transaction of the files and reports between the reporter/researcher and the V3Genie Systems Server to some degree. The reports generated by V3Genie include parsed log files from each of the AV programs installed on the system.
This can be useful for both new viruses and naming comparisons for known viruses alike. Also, if integrated with the Honey pot, this can benefit both researchers and administrators for they can tell whether the newly accepted packet is worth taking time to look into even before checking it out.
Unlike other efforts to automate this process, V3Genie requires only a single system unit to operate. This can reduce the cost and time spent on traditional automated scanner systems.