1

I'm attempting to check for malware, spam and any kind of injection/exploitation on a sql dump that has been provided and was wondering what kind of tools are there already in place to help with this?

Edit:

As suggested by an admin I should expand this question out to include the scenario I'm facing. Well it basically comes down to a customer sends me a sql dump of their database to import and before proceeding I wish to be able to verify that there is no SQLi or user injection in the SQL and not datasets.

Update: Sometimes I wonder about areas of the InfoSec community's decision not to take things like this serious. However that stated, I did locate some resources that come close but not enough:

Since none of these work for this goal I will be authoring and releasing the code to the public on my github page. I'll post further details here and at http://dwightaspencer.com/ once I have a public beta ready.

Community
  • 1
Dwight Spencer
  • 267
  • 2
  • 9
  • You want to check the contents of your sql data for malware, spam, as well as injected code? Tall order. When you say that you have attempted it, can you be more specific? This question is a bit vague. – schroeder Jun 28 '14 at 23:42
  • Do you mean binary data stored in MySQL? –  Jun 28 '14 at 23:43
  • @edvinas.me No I do not mean binary data, that would be easy enough to just split out of the dump and run agenst clamav/maldet. I'm meaning the code itself.

    While I can see the spam part would be a tall order, but that can be done with a well defined/tuned bayesian setup. Which again would be diving into the datasets then running against maldel/clamav/spamassassin.

    I'm more concerned about scanning for exploit code and injections in the sqldump and which tools are available to detect these at this point than policing/sanitizing datasets.

     – Dwight Spencer Jun 29 '14 at 00:22

0 Answers0