mcafee@NETCOM.COM (Aryeh Goretsky) (05/22/91)
padgett%tccslr.dnet@mmc.com (Padgett Peterson) writes: >A JERUSALEM infection was encountered in which the .EXE was properly >diagnosed but an infected .OVL was missed despite being checked as >part of the default. Use of the /A swich resulted in the infected .OVL >being detected. Since the .EXE will always be infected also, there is >no real danger, however, if an infection occurs that may also infect >.OVL files (see the VIRLIST.TXT file iside the SCANxx.ZIP file), a >rescan using the /A switch following a CLEAN activity is recommended. This has been verified and will be fixed in the next release of VIRUSCAN. Since the Jerusalem (and sundry variants) infects overlays in addition to .COM and .EXE files, it's always a good idea to run SCAN (and CLEAN) with the /A option, or use the /E option and list the extensions you would like to add. > I do not know if this is particular to the Jerusalem-related >viruses or if others are affected also. It's particular to the Jerusalem-related virus string. > We have reported this to McAfee associates and a fix or >explination should be forthcoming. Incidently, the infection appears >to be the original sUMsDos version. The next release (incorporating the fix) is scheduled for mid-June but will probably be released earlier because of this. Aryeh Goretsky McAfee Associates Technical Support "Just 10 minutes from Great America" - -- McAfee Associates | Voice (408) 988-3832 | mcafee@netcom.com 4423 Cheeney Street | FAX (408) 970-9727 | (Aryeh Goretsky) Santa Clara, California | BBS (408) 988-4004 | 95054-0253 USA | v.32 (408) 988-5190 | mrs@netcom.com ViruScan/CleanUp/VShield | HST (408) 988-5138 | (Morgan Schweers)