p1@arkham.wimsey.bc.ca (Rob Slade) (03/15/91)
A query from a local BBS: Message #1690 - Anti-virus forum Date : 12-Mar-91 10:42 From : Stan Pickthall SP> He said that there are viruses that attach themselves to the SP> scan program itself and will not be discovered by a SP> self-scan. So he said it is not really safe to scan from SP> your hard drive, but that you must scan from a SP> write-protected floppy to be ABSOLUTELY SURE you are safe. Yes, the prof was quite correct. File infecting viri are not choosy about which files they infect, and will do it to "scanners" as easily as normal programs. SCAN does have an "internal" self check, but if a "stealth" virus is active in memory, it will defeat any kind of integrity check. Indeed, some viri actively "target" certain antiviral programs, although I do not know of any current ones that target SCAN. SP> PS If it is necessary to scan from a floppy, the next SP> question is: Am I safe to unzip the files?? Or can a virus SP> attach itself while I am unzipping?? Good question, and the answer is, yes, you can infect a file while you are unZIPping it. If you have a file infecting virus in memory (active), it can infect any file it likes, including one that you have just downloaded, unzipped or copied from floppy. Some infect in that way, others do not. The standard procedure in cases like this, is to boot from a known "clean", write protected floppy. That assures that you have nothing resident in memory. Then perform your unZIPping with a "known clean" copy of PKUNZIP. If you do not "know" the copy is clean, it is best to "cold boot" after the unzipping. Note that this does *not* garantee that the unzipped file is safe, but it removes any infection from memory before you start. SCAN does a self check and memory check before it starts, so you should catch any "known" virus that way, and the "new" ones are very uncommon to begin with. The odds are that you will be safe using this procedure. ============= Vancouver p1@arkham.wimsey.bc.ca | You realize, of Institute for Robert_Slade@mtsg.sfu.ca | course, that these Research into (SUZY) INtegrity | new facts do not User Canada V7K 2G6 | coincide with my Security | preconceived ideas