home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!noc.near.net!hri.com!spool.mu.edu!yale.edu!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: aryeh@mcafee.com (McAfee Associates)
- Newsgroups: comp.virus
- Subject: Comments OS2SCAN (Was: Re: OS2-stuff) (OS/2)
- Message-ID: <0017.9212212018.AA02123@barnabas.cert.org>
- Date: 19 Dec 92 00:21:30 GMT
- Sender: virus-l@lehigh.edu
- Lines: 100
- Approved: news@netnews.cc.lehigh.edu
-
- Hello Alfred Jilka,
-
- You write:
- [...when looking at OS2SCAN...]
- >1) You state in the documentation, that there are several switches, which do
- >not exist in the OS2 versions. But if you invoke "OS2SCAN /? " you will see
- >all switches available under DOS. You should update these pages of help.
-
- I thought these were fixed in the production version of the program, in case
- not, it will be fixed in the next release.
-
- >2) After scanning is finished, the program asks constantly if I want more
- >help. "OS2SCAN C: D:" does not ask for help, does it?
-
- Does this occur if you run OS2SCAN with the /NOPAUSE switch? If not, then
- OS2SCAN is simply prompting you because it has displayed 24 lines of text
- on the screen and does not want to erase anything with a new page unless you
- tell it to.
-
- >3) Watching the filenames that pop up for short, I got the impression, that
- >OS2SCAN does not scan *.DLL, *.DRV, *.ADD files. You can correct this either
- >with /A or /E switch. But these do belong to the standard executables and it
- >should not be necessary to think about these. Probably there are more ex-
- >tensions to be included.
-
- Right now, there are no OS/2-specific viruses. The main advantage of
- OS2SCAN (et al) is to be able to scan OS/2 HPFS systems for DOS viruses.
- Support for these will be added in a subsequent release.
-
- >4) Did you think of the built-in undelete-function ? I hope the /D switch
- >works correct. You need to overwrite first, and then delete the file to en-
- >sure it does not survive as a deleted shadow.
-
- That's how it works in VIRUSCAN--I believe that this is not exactly
- possible under OS/2, but something like it is done to prevent virus-infected
- files from being undeleted. If OS2SCAN can not delete a file, it will
- display a message warning that it can not overwrite-and-delete the file.
-
- >5) A minor problem, but still annoying for OS2ers: VALIDATE should become a
- >genuine OS2 program. For shure it does not need a fancy outfit, but why do I
- >have to start a DOS session, just see the results of VALIDATE ? If I in-
- >voke VALIDATE from an OS2-window a DOS window is created and closed immediatel
- y
- >after it finished. I know, I could change the settings, but why do I have to
- >do this for a single check ?
-
- An OS/2 specific version of VALIDATE, OS2VAL.EXE, is available with the
- programs. Did you download a beta-test version or production version of
- OS2SCAN? Beta versions came with DOS VALIDATE (VALIDATE.COM), production
- versions come bundled with the OS2VAL.EXE program.
-
- >6) Another nice thing I miss is a background-scanner, that checks all in-
- >coming files, be they from floppy or modem or whatever. Probably you can't
- >check what the floppy is reading, but you can do a check on all newly
- >appeared files on HD. I admit, that I still have no idea, how to check files
- >executed from floppy. But at least all or specified drives could be scanned
- >every n miutes or on request.
-
- We are looking into the feasibility of doing this now. Unlike DOS, there
- are only a couple of books available on writing device drivers for OS/2,
- currently.
-
- >7) Maybe a kind of *.INI file could help to maintain the settings like drives
- >and directories to scan and a userdefineable list of extensions and other
- >often used options instead of writing them directly into OS2SCAN. I know of
- >the parameterfiles you can create, but wouldn't look an interactively created
- >setup (like the one you have in WSCAN) much nicer ?
-
- OS2SCAN creates an OS2SCAN.INI file when run with the /SAVE switch that
- contains all that. That was not available in the beta version.
-
- >
- >8) SCAN for DOS rel.9.0 V99 (most recent on Dec. 12th, 1992) does not do any-
- >thing within a OS2 DOS-box. Neither windowed nor fullscreen. Although I read
- >the readme.1st and *.DOC, where I found a suggestion to use the /MAINT switch
- >and/or the /AD option, it either told me it can not access my HPFS-drives
- >(no options or /AD) or that D: is incompatible with /MAINT (/AD /MAINT) or no
- >errors were reported for scanning drive C: (scan c: /maint), but nothing was
- >scanned (no disk-access) and the program returned almost immediately.
-
- We're looking into this now. Should be fixed in the next release.
-
- >9) In Virlist I found a passage for the fam*-viruses where no information
- >is provided about their behaviour. Is this correct ? And if so, why ?
- >I thought, that Mutation Engine is a .OBJ-file to be linked with viral coding.
- >So DAME itself would not be a virus to be listed this way in VIRLIST.TXT.
- >It would be better to introduce a new column for viruses using MtE.
- [...deleted...
-
- I'll have a technician from tech support contact you in email about this.
-
- Regards
-
- Aryeh Goretsky
- Technical Support
- - --
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- McAfee Associates, Inc. | Voice (408) 988-3832 | INTERNET: aryeh@mcafee.COM
- 3350 Scott Blvd, Bldg 14 | FAX (408) 970-9727 | IP# 192.187.128.1
- Santa Clara, California | BBS (408) 988-4004 | CompuServe ID: 76702,1714
-
