Next time I'll save a file like that and send it to you.
Thanks. My email addy is the README.TXT included in JPG-SCAN.ZIP.
I am looking at your web page and just downloaded the file.
I got a question. I thought about this right off the bat.
If I get a .JPG or .GIF that does contain malware, and edit it with a
graphic editor (I normally use an older version of Paint Shop Pro),
will the malware still exist in the file after I edit it? For
example, lets say I get a pic of a dog, and it has "red eye". So I
open the file with PSP, and darken the red in the eye, and save the
repaired picture. After I save it, will the malware remain, or did my
editing destroy it? To fix the red eye, I probably changed 10 pixels
at most. But what else did I change? Did I destroy the malware
(assuming it had some).
Clearly, you have in mind one of the more sophisticated steganographic
methods where the code is "mixed in with" the image. Altering the
brightness slightly has been suggested as a possible method of
neutering the malware in that case. But where are you going with
this? Toward a _practical_ and sure-fire method of batch processing
all image files to clean them? Lotsa luck proving it out for all
possible steganographic methods
I'm asking, because if I get a suspicious picture, it's easy enough to
open it in my photo editor, and simply change one pixel along the
border, or in a cloud, or any inconspicuous place, and save the photo.
If the editing destroys any malware, that would be an easy way to
solve the problem. (if it works that way). I have played with enough
graphics that I know how to change any picture and no one will notice.
As I implied, I'm not aware of any general sure-fire methods along
those lines that can be proven to work in all possible cases.
In the case of the type of image files JPG-SCAN is designed to detect,
the image itself is not "infested". The malicious code is simply
appended to the end of the file. Now, it so happens that if Irfanview
(a freeware image viewer) is used to simply Save the file, it strips
off the appendage, thus neutering the file. But from a practical
POV, it's far better to use my JPG-SCAN program instead of batch
processing all your image files through Irfanview. For one thing,
my scanner doesn't alter your legit JPG files in any way. Irfanview
does. If you choose 100% quality, the file sizes increase by a
large factor without increasing image quality.
So, the idea of using a converter (it's called) is one that's not
easy to follow up on in a practical or simple way. Much work
and theoretical proofs would have to be done. It would be a
enormous task.
Art
http://home.epix.net/~artnpeg