emigh@ncsugn.ncsu.edu (Ted H. Emigh) (03/02/88)
A couple of years ago, I wrote a program that can be used to help detect Trojan horse programs. I announced it to the net and sent a couple of copies to people. In light of the renewed interest in detecting viruses, etc, I am announcing it again. I do not know if it is on SIMTEL20. If there is interest, I will send copies, or post if there is enough interest. The program was written using Turbo Pascal 3.0, and the source is available. The following is the first couple of paragraphs from the description of the program. FILECRC is a program to help detect when files have been corrupted. FILECRC creates a list of all the files on the default drive along with creation date, file size, and a CRC (cyclic redundancy check) for each file. When FILECRC is run a second time, the new list is compared with the old list. For any file, it is possible that: 1) The file is completely unchanged from the previous time. The file name (and directory entry) are the same at the two times, and it has not been modified. 2) The file has been modified in the normal manner, so that the directory entry has a new time of creation. Files of this sort are counted, but no special treatment is given to them. 3) The file has been deleted in the time since the first time FILECRC was run. Files of this sort are counted, but no special treatment is given to them. 4) A new file has appeared that was not on the disk at the time of the previous run of FILECRC. Files of this sort are counted, and a list is placed in the file FILES$$$.NEW. While it is usual to find new files on the disk, this gives an easy way to keep track of what files are new, and where they are located. This is important when using public domain programs to make sure they are not creating new files without you knowing about it. 5) The directory entry for a file is the same for both of the times the program was run, but the file was modified in some way. This should not occur in normal practice, so the program writes a message to the terminal, and a list of these files is placed in the file FILES$$$.MOD. This can occur when you use NORTON UTILITIES, or other such programs to modify the disk directly, bypassing the normal DOS handling of the files. It also can happen when programs 'run wild' (this is what prompted me to write this program in the first place). Running the program prior to each backup will assure you that you are not backing up files that have been corrupted. Also, in program development, running the program before and after a test run of your program can assure you that your program has not messed up the disk. -- Ted H. Emigh, Dept. Genetics and Statistics, NCSU, Raleigh, NC uucp: mcnc!ncsuvx!ncsugn!emigh internet: emigh%ncsugn.ncsu.edu BITNET: NEMIGH@TUCC @ncsuvx.ncsu.edu:emigh@ncsugn.ncsu.edu
mvolo@ecsvax.UUCP (Michael R. Volow) (03/02/88)
[stuff about program that records filespecs and crc's on entire HD and compares these across time and reports changes} Sounds like a good idea. Please post. Michael Volow, M.D. Dept of Psychiatry, Durham VA Medical Center, Durham, N.C. 27705 919 286 0411 mvolo@ecsvax.UUCP