home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip Hitware 3
/
Chip_Hitware_Vol_03.iso
/
chiphit3
/
win95
/
tool
/
tbavirus
/
addendum.doc
next >
Wrap
Text File
|
1995-10-06
|
4KB
|
101 lines
Addendum.Doc
============
You will find the following information in this file:
1) Renaming Anti-Vir.Dat
2) The TbScanX Application Program Interface
3) Determining the presence of the TBAV TSR's.
1) Renaming Anti-Vir.Dat
========================
Most of the TBAV utilities use a 'fingerprint' file named Anti-Vir.Dat.
These files are generated by TbSetup. Some users are afraid that a virus
might anticipate and delete the Anti-Vir.Dat files, and have requested
to make the name configurable.
To our opinion, renaming the Anti-Vir.Dat filename isn't the ultimate
solution: since the TBAV utilities have to find out the name somehow, a
virus could use the same method too and find out the Anti-Vir.Dat
filename too. Secondly, it would be confusing for novice users,
especially after a boot from a diskette, as the TBAV utilities will by
default assume that the fingerprint files are named Anti-Vir.Dat.
Third, if you use TbCheck, it will warn you automatically when the
Anti-Vir.Dat file is deleted, so there is actually no need to hide the
reference files.
However, if you feel you really must use a different name for security
reasons, you can do so by changing the keyword "AvFile" in the [TBAV]
section of the TBAV.INI file. All TBAV utilities will use the specified
name automatically. The support for this keyword is limited, so the
keyword can not be set from within the TBAV menu. Use an ASCII editor to
enter this keyword in the [TBAV] section.
Although all TBAV utilities will correctly use the specified filename,
they will continue to use the name 'Anti-Vir.Dat in the error messages
and on the screen, for consistency with the user manual.
NOTE! If you boot from a diskette once in a while to scan your system,
make sure that you have a TBAV.INI file on your diskette with the same
filename specification!
2) The TbScanX Application Program Interface
============================================
Before you can use any of the TbScanX API functions, make sure you have
enabled the API services by specifying 'API' on the TbScanX invocation
line!
The interface consists of some multiplex calls (int 2Fh). Register AH
should contain CAh. Register AL contains the function request number.
AL=0 InstallationCheck
BX='TB'
Return value:
AL=FFh TbScanX installed
BX='tb'
AL=4 ScanFile
DS:DX Name of the program file to be scanned.
Return value:
No Carry flag set No signature found in file.
Carry: Signature found in buffer!
ES:BX ASCIIZ-name of virus (null terminated)
Registers altered:
AX,BX,CX,DX,SI,DI,BP,ES
3) Determining the presence of the TBAV TSR's
=============================================
TbMon - ThunderBYTE Installed Device Checker.
TbMon returns an errorlevel, depending on the installed ThunderBYTE
devices.
Next, a list is given with ThunderBYTE installable devices and their
respective errorlevels (in hexadecimal and decimal notation):
TbScanX 01h / 001
TbCheck 02h / 002
TbMem 04h / 004
TbFile 08h / 008
TbDisk 10h / 016
TbLog 20h / 032
The errorlevel returned by TbMon is the cummulative sum of the
errorlevels of the installed devices. For example, if you have TbScanX
and TbMem installed, TbMon will return errorlevel 5 (001+004 = 005).
Another example: if you have all utilities loaded, TbMon will return
errorlevel 63 or 3Fh (063 = 001+002+004+008+016+032). If none of the
devices is installed, TbMon will return zero.