Monday, March 24, 2008

Neat way to hover in .NET

I figured out a neat way to set an onMouseOver and onMouseOut property to a gridview with alternating colors. This way, you don't have to figure out background colors and such.

//Add onMouseOver/onMouseOut Functionality
if ((e.Row.RowIndex % 2) == 1)
{
e.Row.Attributes.Add("onmouseover", "this.style.backgroundColor = 'Grey'");
e.Row.Attributes.Add("onmouseout", "this.style.backgroundColor = 'White'");
}
else if ((e.Row.RowIndex % 2) == 0)
{
e.Row.Attributes.Add("onmouseover", "this.style.backgroundColor = 'Grey'");
e.Row.Attributes.Add("onmouseout", "this.style.backgroundColor = 'LightGrey'");
}

The % (modulus) returns any remainders of the e.Row.RowIndex being divided by 2. If there is a remainder, then it is odd, if not, even. You now know what color your rows BG should be on the onMouseOut. Nifty.

EDIT: The if statements really aren't clear and they actually do the opposite of what they look like they are doing. If e.Row.RowIndex % 2 returns a remainder, it returns false (0). If it doesn't return a remainder, it returns true (1).

Sunday, March 2, 2008

Detecting virii, false-positives, and getting signatures

I help out the ClamAV dev team as much as I can when I find a virus/trojan/PUA/worm that is not detected by ClamAV, but is detected by others. The first thing I usually do is stick the infected file(s) on a thumb drive and transfer the files over to my laptop. It runs Linux, so there is no real chance of it becoming infected. I upload the file(s) to both http://virusscan.jotti.org and http://www.virustotal.com and have them scan the file. They use many different AV programs to scan the file and will send the results to any AV distributor that had either incomplete or no detection of the malware at hand. After that, I have the (generic) name of the malware, who recognises it, and a sample of it. I will take these samples and upload them to ClamAV so the dev team can get a signature out for the malware as soon as possible. Sometimes though, I do run into false-positives, which is when the AV at hand falsely detects a virus in a clean file. When this happens, I do the same first step as I do with an undetected piece of malware. Upload it to either Jotti or VirusTotal and see how it is detected and by whom it is detected. If it is just ClamAV, I will just email the list, give them my findings, and be on my merry. For the rest, the information will be sent to them from VirusTotal or Jotti, so I need not worry.