Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

TSQL Virus or Bomb? Expand / Collapse
Author
Message
Posted Friday, December 5, 2003 12:00 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, November 30, 2006 8:57 PM
Points: 31, Visits: 1
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/jgama/tsqlvirusorbomb.asp


Post #18921
Posted Monday, December 29, 2003 12:39 AM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Friday, September 6, 2013 2:16 AM
Points: 693, Visits: 124
There is a slight chance that the script which searches for EXEC-s will not function correctly: if the procedure is larger than 4000 characters and the word "EXEC" starts in a @current_text and ends in another one.

Razvan





Post #90138
Posted Monday, December 29, 2003 2:31 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Thursday, July 24, 2014 1:52 PM
Points: 290, Visits: 52
There's no such word as "virii". It's "viruses".



John Scarborough
MCDBA, MCSA
Post #90139
Posted Monday, December 29, 2003 3:55 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, March 23, 2009 9:44 AM
Points: 179, Visits: 22
Hello.

I'm looking forward to playing with the 'Validate SP's and UDF's with checksum' over the next couple of weeks and I was wondering if there's a way to use this logic against Jobs and DTS packages?

Everett


Everett




Everett Wilson
ewilson10@yahoo.com
Post #90140
Posted Monday, December 29, 2003 8:37 PM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Friday, September 26, 2014 7:52 AM
Points: 6,624, Visits: 1,873
quote:
There's no such word as "virii". It's "viruses".


In scientific and medical arenas, virii tend to be used. With that said, some computer folks use virii instead of viruses. If you do a Google search you'll see it's quite accepted.


K. Brian Kelley, GSEC
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #90141
Posted Monday, December 29, 2003 8:47 PM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Friday, September 26, 2014 7:52 AM
Points: 6,624, Visits: 1,873
quote:
I'm looking forward to playing with the 'Validate SP's and UDF's with checksum' over the next couple of weeks and I was wondering if there's a way to use this logic against Jobs and DTS packages?


Yes. Generating a checksum or a hash is a standard way of checking change on most anything, to include files. For instance, you can configure products like BindView to generate a hash on critical files (such as those in C:\WINNT\) and at a later time compare the hash results to see if changes have happened. So pretty much you can do this on anything... generate the checksum or hash and then compare at a later time. For jobs you may a look at the sysjobsteps table. For DTS packages, look at sysdtspackages if stored in SQL Server.


K. Brian Kelley, GSEC
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #90142
Posted Tuesday, December 30, 2003 9:36 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, March 23, 2009 9:44 AM
Points: 179, Visits: 22
Thanks for the information. This is shapping up to be a nice tool.


Everett




Everett Wilson
ewilson10@yahoo.com
Post #90143
Posted Thursday, February 12, 2004 8:39 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, November 30, 2006 8:57 PM
Points: 31, Visits: 1

Hi Razvan,

Thank you for letting me know about that problem. You are right and there are two solutions in TSQL: one is to store the entire code in a text record in a temp table and search from there. This is slow and with lots of code envolved. The second idea is to search for EXEC in each 8kb block, then search for E at the end of one block and XEC at the beginning of the next one, and son on.
Unfortunatelly, I don't have the time to work on it now but I will do it.

Peace,
Joseph Gama




Post #100184
Posted Saturday, February 21, 2004 6:34 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, November 30, 2006 8:57 PM
Points: 31, Visits: 1

Hi Razvan,

I finally got the code and I will post it soon, the problem was solved.

Peace

Joseph Gama




Post #101601
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse