p1@arkham.wimsey.bc.ca (Rob Slade) (06/18/91)
Noted an interesting interaction between two antivirals the other day, and finally tracked it down. If VIRx 1.4 is run before SCAN 77, SCAN will "detect" the presence of the 3445 and Doom 2 viri in memory and refuse to run. ============= Vancouver p1@arkham.wimsey.bc.ca | "If you do buy a Institute for Robert_Slade@mtsg.sfu.ca | computer, don't Research into (SUZY) INtegrity | turn it on." User Canada V7K 2G6 | Richards' 2nd Law Security | of Data Security
kforward@kean.ucs.mun.ca (Ken Forward) (06/19/91)
p1@arkham.wimsey.bc.ca (Rob Slade) writes: > Noted an interesting interaction between two antivirals the other day, > and finally tracked it down. If VIRx 1.4 is run before SCAN 77, SCAN > will "detect" the presence of the 3445 and Doom 2 viri in memory and > refuse to run. Tried this out for myself; no 3445 or Doom 2, but Taiwan3 [T3] was "found" in memory. Has anyone experienced any other false positives with this combination ? Cheers, - --------------------------------------------------------------------------- Kenneth Forward | "...don't plant your bad days, MUN Dept of Physics | they grow into weeks..." kforward@kean.ucs.mun.ca | -Tom Waits- - ---------------------------------------------------------------------------
c-rossgr@microsoft.COM (06/20/91)
>From: p1@arkham.wimsey.bc.ca (Rob Slade) > >Noted an interesting interaction between two antivirals the other day, >and finally tracked it down. If VIRx 1.4 is run before SCAN 77, SCAN >will "detect" the presence of the 3445 and Doom 2 viri in memory and >refuse to run. Sigh. Color me dumb. I forgot to call the zap_virus_strings() routine under certain conditions, so I left a lot of strings in memory. It looks like the McAfee scanner uses some of the same strings we do... This has been fixed in the next release of VIRx, due out in a few days. Lots of other good stuff in the new one, too. Ross - ------------------------------ Date: Wed Jun 19 18:53:21 1991 From: c-rossgr@microsoft.COM Subject: joshi & vsum & f-prot & ll format (PC) >From: treeves@magnus.acs.ohio-state.edu (Terry N Reeves) > >Vsum still says no utility will remove joshi and that low >level format is required... Vsum is totally wrong. Virex-PC has been able to cure Joshi for quite a while (> six months, at least). > Is their a utility Ms Hoffman? perhaps yuou just don't want to >admit it because McAffe's can't? (i have not tried McAffee but I >assume she'd say if his did.) Interesting idea.... Ross
c-rossgr@microsoft.COM (06/21/91)
>From: kforward@kean.ucs.mun.ca (Ken Forward) > >p1@arkham.wimsey.bc.ca (Rob Slade) writes: >> Noted an interesting interaction between two antivirals the other day, > >Tried this out for myself; no 3445 or Doom 2, but Taiwan3 [T3] was >"found" in memory. Has anyone experienced any other false positives >with this combination ? It goes to show that the viral strings used in Program A might also be used in Program B. The string database is large enough that it probably spanned more than a few DOS buffers: depending on what buffers were used by subsequent code, different portions of the string database might be left in different areas of memory, thereby those who share our strings will have different "hits" at different times. The new cut of VIRx with new strings added (a bunch) and some bug fixes is due out any second... Ross