rahardj@niven.cc.umanitoba.ca (Budi Rahardjo) (04/20/91)
Beware when using CLEAN76 virus remover.
A friend of mine had his hard disk infected by "liberty" virus and asked
me to find a virus remover. I gave hive "clean76" (which I got from cbip).
After removing the virus, some of his programs don't work :
- Windows won't run
- Procomm complains something about "mising overlay with PLINK86 ..."
A good thing is that he still has the originals, just have to reinstall
them. This brings me questions :
- is this a known bug in clean76 ?
- Will the newer version be distributed on c.b.i.p ?
(I recall somebody (from McAffee ?) suggested that it shouldn't be
distributed on c.b.i.p ). If not, then I should dig ftp sites (suggestion ?)
note: wuarchive.wustl.edu has older version ("clean75")
-- budiff76@vaxb.acs.unt.edu (04/21/91)
In article <1991Apr21.003419.25529@watserv1.waterloo.edu>, pfratar@watserv1.waterloo.edu (Paul Frattaroli - DCS) writes: > > Yes, McAffee issued a statement about not using {scanv,vshld,clean}76 > because there are problems. New versions I think will come out soon. > So use {scanv,vshld}75 and clean74b for now. I think those are the > versions that were mentioned in the posting. Anyone care to correct > me if I'm wrong? > > .....Paul > ps: Use clean74b because the posting said there was something wrong > with clean75 as well if I'm not mistaken. > Pardon me, but the problem was with version 76. The recommended versions are SCAN 76-C, VSHLD 76-C and CLEAN 75. And these are the ones that are currently available in the SIMTEL arvichives and the mirror server in wuarchive.wustl.edu. Hope this helps, - Jhinuk. Jhinuk Chowdhury FF76@VAXB.ACS.UNT.EDU
pfratar@watserv1.waterloo.edu (Paul Frattaroli - DCS) (04/21/91)
In article <1991Apr20.150454.8713@ccu.umanitoba.ca> rahardj@niven.cc.umanitoba.ca (Budi Rahardjo) writes: > [stuff deleted] >- is this a known bug in clean76 ? >- Will the newer version be distributed on c.b.i.p ? > (I recall somebody (from McAffee ?) suggested that it shouldn't be > distributed on c.b.i.p ). If not, then I should dig ftp sites (suggestion ?) > note: wuarchive.wustl.edu has older version ("clean75") > >-- budi Yes, McAffee issued a statement about not using {scanv,vshld,clean}76 because there are problems. New versions I think will come out soon. So use {scanv,vshld}75 and clean74b for now. I think those are the versions that were mentioned in the posting. Anyone care to correct me if I'm wrong? ....Paul ps: Use clean74b because the posting said there was something wrong with clean75 as well if I'm not mistaken. -- Paul "vi joe" Frattaroli - Department of Computing Services University of Waterloo Waterloo, Ontario Canada N2L-3G1 < pfratar@watshine.UWaterloo.CA > < pfratar@watserv1.UWaterloo.CA > [129.97.128.171] [129.97.129.140] NeXT Mail: < pfratar@magpie.UWaterloo.CA > [129.97.32.42]
groot@idca.tds.philips.nl (Henk de Groot) (04/25/91)
In <1991Apr20.223343.46273@vaxb.acs.unt.edu> ff76@vaxb.acs.unt.edu writes: >In article <1991Apr21.003419.25529@watserv1.waterloo.edu>, pfratar@watserv1.waterloo.edu (Paul Frattaroli - DCS) writes: >> >> Yes, McAffee issued a statement about not using {scanv,vshld,clean}76 >> because there are problems. New versions I think will come out soon.... >Pardon me, but the problem was with version 76. The recommended versions >are SCAN 76-C, VSHLD 76-C and CLEAN 75. And these are the ones that are >currently available in the SIMTEL arvichives and the mirror server in >wuarchive.wustl.edu. I am surprised that not everyone is sick and tired of McAffee's products, they seem to be buggy over and over again! I use F-PROT which proved to be much more stable, is according to reports in comp.virus better in finding variants of virusses, is better is finding viruses anyway, has the ability to add signatures if a new nasty comes out, it's a lot cheeper (private use is free of charge), it only runs a little slower when scanning all files but f-driver is faster than vshield. And.. F-PROT is much more flexible than SCAN & Co. FPROT is available on many archive-sites. I'm not in anyway involved with the product, but I'm sick of seeing the messages on buggy {scan, clean,vshld} release {xx} over and over again. (that FPROT is non-american is not an issue i hope....) Sorry if I hurt anyones feelings but the discussion seems to pop up every release of the SCAN package.. Henk. -- / / Henk de Groot | Department: PG 9000i - System Services /---/ __ __ / V2/A12-A13 | Internet : groot@idca.tds.philips.nl / / (-_ / / /( Tel: +31 55 432099 | == PHILIPS INFORMATION SYSTEMS == Disclaimer: I only speak for myself, not for my employer!
mrs@netcom.COM (Morgan Schweers) (04/26/91)
Some time ago groot@idca.tds.philips.nl (Henk de Groot) happily said: >In <1991Apr20.223343.46273@vaxb.acs.unt.edu> ff76@vaxb.acs.unt.edu writes: > >>In article <1991Apr21.003419.25529@watserv1.waterloo.edu>, pfratar@watserv1.waterloo.edu (Paul Frattaroli - DCS) writes: >>> >>> Yes, McAffee issued a statement about not using {scanv,vshld,clean}76 >>> because there are problems. New versions I think will come out soon.... > >>Pardon me, but the problem was with version 76. The recommended versions >>are SCAN 76-C, VSHLD 76-C and CLEAN 75. And these are the ones that are >>currently available in the SIMTEL arvichives and the mirror server in >>wuarchive.wustl.edu. > >I am surprised that not everyone is sick and tired of McAffee's products, >they seem to be buggy over and over again! I use F-PROT which proved to be >much more stable, is according to reports in comp.virus better in finding >variants of virusses, is better is finding viruses anyway, has the ability >to add signatures if a new nasty comes out, it's a lot cheeper (private >use is free of charge), it only runs a little slower when scanning all >files but f-driver is faster than vshield. And.. F-PROT is much more >flexible than SCAN & Co. Greetings, Howdy! I'll admit that this message is probably pretty self-serving, but (being that I'm one of the programmers working on SCAN/CLEAN) here's my thoughts. (They *DON'T* reflect the opinions of the company.) If you have a recommended feature for SCAN/CLEAN, feel free to drop by our BBS and leave a message. We've added a lot of features in the recent versions on the basis of users clamoring for them. For example, there is the /NOPAUSE (don't pause every screenful), /NOBREAK (don't allow the CTRL-BREAK key during scanning), and the /EXT option for scanning with external scan strings. Our scan strings are in straight hexadecimal, so anyone can create a string to scan for. In regards to bugs, if you have a bug with a release version of SCAN or CLEAN, feel free to tell me. You can also send bug reports to Aryeh Goretsky at aryehg@tacom-emh1.army.mil. (It forwards to his normal mail address which isn't supported by some mailers.) I appreciate hearing about legit bugs. Especially if you can reproduce them, and send me files which will cause them. I try to write bugfree code. We test as best we can, but our products are only as good as our best beta testers. This is why I, at least, welcome bug reports from the net. I tend to find that net.readers have a good idea of what *SHOULD* be happening, especially when it isn't. I will be posting up the next release of SCAN/CLEAN to comp.binaries.ibm.pc when it comes out. I don't mind it being released, but I *REALLY* would prefer that someone asks us before doing it. (If someone had asked, for example, last time then we would have been able to warn about the problem. *sigh*) The bug mentioned about the Liberty, however, is one I'm not familiar with. It sounds to me as if you had files which used internal overlays and the CLEAN program proceeded to remove the virus, and everything after it in the file. In effect, truncating at the beginning of the virus. The problem may have been, however, that there was additional windows code after that. Most virus removers have code which checks for internal-overlay files and warn you that the virus cannot be safely removed from those files. The Liberty did not have that code, unfortunately. *sigh* It's things like this that I need to know. Many thanks to the author, who has been (unfortunately) lost in the tracks of response-time. Current versions: SCANV76C, VSHIELD76C, CLEAN75. >Henk. > >-- > / / Henk de Groot | Department: PG 9000i - System Services > /---/ __ __ / V2/A12-A13 | Internet : groot@idca.tds.philips.nl >/ / (-_ / / /( Tel: +31 55 432099 | == PHILIPS INFORMATION SYSTEMS == > Disclaimer: I only speak for myself, not for my employer! -- Morgan Schweers +----- Nope. Nope, nope. No, my company doesn't agree with everything I say. Yep, what I say is particularly my own opinion. Yep, my net.address is mrs@netcom.com or ms@gnu.ai.mit.edu. -- mrs@netcom.com -----+
ash@syacus.acus.oz.au (Ash Nallawalla) (05/08/91)
groot@idca.tds.philips.nl (Henk de Groot) writes: >>> Yes, McAffee issued a statement about not using {scanv,vshld,clean}76 >>> because there are problems. New versions I think will come out soon.... >>Pardon me, but the problem was with version 76. The recommended versions >>are SCAN 76-C, VSHLD 76-C and CLEAN 75. And these are the ones that are >I am surprised that not everyone is sick and tired of McAffee's products, FWIW, CLEAN77, SCAN77 etc have apparently been released a few days ago. I saw copies on Fidonet BBSs here in Oz. "sick and tired" is perhaps a bit too strong--I'm just annoyed that viruses were invented :-)