This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.

For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Recommend Anti-Virus TCL?

Old posts that have not been replied to for several years.
Locked
User avatar
Stealthx
Halfop
Posts: 68
Joined: Fri Oct 01, 2004 3:37 am
Location: StealthBox

Recommend Anti-Virus TCL?

Post by Stealthx »

Just an enquiry, anyone got any nice and simple virus script to introduce? I've try out all the TCLs in egghelp.org and it doesn't suit my needs. I'm looking for a TCL which cycle the channel to check for on-join sending virus. Any recommend? Thank you. :wink:

Was wondering:

1) Whether AntiDCCSend.TCL by SkAtErS works on cycling a channel? If not, how does the bot check which user is actually sending out virus?

2) How could I set it to only 2 channels for the virus checking channel by Virus Detecter by Stratsi? (It's only works for all channels right now)

Code: Select all

set bantime 20
set cycletime 10
set msg_user 1

timer $cycletime cycle
proc cycle {} {
 global cycletime
 foreach c [channels] {
  putserv "PART $c"; putserv "JOIN $c"; timer $cycletime cycle
 }
}

bind ctcp - DCC got_dcc
proc got_dcc {nick uhost handle dest key arg} {
 global gobtnick bantime msg_user cycletime
 set filename [string tolower [lindex $arg 1]]
 if {[string match "*.exe" $filename] || [string match "*.bat" $filename] || [string match "*.vbs" $filename] || [string match "*.ini" $filename]} {
 set host "*!*[string range $uhost [string first "@" $uhost] end]"
 utimer 15 [newban $host VirusScan "Infected with $filename virus" $bantime]
 foreach c [channels] {
  putkick $c $nick "You're infected with $filename virus"
 } 
 if {$msg_user} {putmsg $nick "You're infected with a virus ($filename). For more information please join #nohack or visit http://www.nohack.net"}
 }
}
+ Stealth Box +
Top
User avatar
awyeah
Revered One
Posts: 1580
Joined: Mon Apr 26, 2004 2:37 am
Location: Switzerland
Contact:
Contact awyeah

Post by awyeah »

For setting it to a limited number of channels you can do

Code: Select all

foreach c [channels] {
  putserv "PART $c"; putserv "JOIN $c"; timer $cycletime cycle
 }
}

foreach c {#chan1 #chan2} {
  putserv "PART $c"; putserv "JOIN $c"; timer $cycletime cycle
 }
}
Or join and part them at the same time and recall the timer.

Code: Select all

timer $cycletime cycle

proc cycle {} {
 global cycletime
 putserv "PART #chan1"; putserv "JOIN #chan1"
 putserv "PART #chan2"; putserv "JOIN #chan2"
 timer $cycletime cycle; return 0
}
When the bot performs a cycle and some person tries to send a file to the bot, if it contains one of the extensions mentioned in the script the bot will kick and ban that user for sending an infected file probobaly containing a trojan/virus.

Use this I cleaned up the script a bit.

Code: Select all

bind ctcp - DCC got_dcc 

proc got_dcc {nick uhost hand dest key arg} {
 global bantime msg_user
 if {([string match "*.exe" $arg]) || ([string match "*.bat" $arg]) || ([string match "*.vbs" $arg]) || ([string match "*.ini" $arg])} {
 newban [lindex [split uhost "@"] 1] virus "Infected with a virus" $bantime
 foreach chan [channels] {
  if {([onchan $nick $chan])} {
  putserv "KICK $chan $nick :You're infected with a virus." }
 }
 if {($msg_user == 1)} { putserv "PRIVMSG $nick :You're infected with a virus. For more information please join #nohack or visit http://www.nohack.net" }
 }; return 0
}
·­awyeah·

==================================
Facebook: jawad@idsia.ch (Jay Dee)
PS: Guys, I don't accept script helps or requests personally anymore.
==================================
Top
User avatar
caesar
Mint Rubber
Posts: 3778
Joined: Sun Oct 14, 2001 8:00 pm
Location: Mint Factory

Post by caesar »

Using the same bot to check and ban is certanly an bad ideea. Just ignores it and you get back from the place you've started. Use two bots, one to check and one to ban. The one that checks dosen't sit on your channel, it joins it with a random nick and ident then leaves, tells to the banning bot the uhosts and it dose the dirty job. Check ppslim's No!Spam TCL Script.
Once the game is over, the king and the pawn go back in the same box.
Top
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:
Contact demond

Post by demond »

caesar wrote:Using the same bot to check and ban is certanly an bad ideea. Just ignores it and you get back from the place you've started. Use two bots, one to check and one to ban. The one that checks dosen't sit on your channel, it joins it with a random nick and ident then leaves, tells to the banning bot the uhosts and it dose the dirty job. Check ppslim's No!Spam TCL Script.
actually, there's a solution which uses a "checker" client forked by the antispam script, therefore no second bot is needed

check out spambuster.tcl

it doesn't ban for onjoin DCC SEND, but could be easily patched to do so
Top
User avatar
awyeah
Revered One
Posts: 1580
Joined: Mon Apr 26, 2004 2:37 am
Location: Switzerland
Contact:
Contact awyeah

Post by awyeah »

Well... as far as the limitation of this script goes, only 1 bot is needed. You can use more enhanced scripts which utilize hub and leaf bots instead of this to make them detect spammers more effectively.
·­awyeah·

==================================
Facebook: jawad@idsia.ch (Jay Dee)
PS: Guys, I don't accept script helps or requests personally anymore.
==================================
Top
Locked

Return to “Archive”