csw76@seq1.keele.ac.uk (J.C. Kohler) (01/25/91)
Hi there, I installed the new version of F-PROT (1.14) today and I encountered a small problem. When I tried to do a F-XLOCK *.* in my WordPerfect directory, there were many files which it couldn't protect. Especially the file WP.EXE, which is the most important one, and the one that is the most frequently run was not lock-able. I'm using a Dutch version of WP 5.1, does anybody has an ideay why F-XLOCK can't lock them, it displays an error message, which contains something about a illegal header. Many Thanks in advance Christian ==== [J.] Christian Kohler Keele university, United Kingdom JANET : csw76@uk.ac.keele.seq1 INTERNET : csw76%keele.ac.uk@nsfnet-relay.ac.uk BITNET : csw76%keele.ac.uk@ukacrl UUCP : ..!ukc!keele!csw76
frisk@rhi.hi.is (Fridrik Skulason) (01/30/91)
csw76@seq1.keele.ac.uk (J.C. Kohler) writes: >I installed the new version of F-PROT (1.14) today and I encountered a >small problem. When I tried to do a F-XLOCK *.* in my WordPerfect >directory, there were many files which it couldn't protect. This problem is a side-effect of the correction of another problem. Here is what happened: The "length" of EXE files can be defined in two ways - the actual (physical) length of the file, and the length according to the header. Case in point: Turbo C++ is an 800K file, but according to the header it is only 165K long. When it is executed, only 165K are loaded into memory, but the program may later load parts of itself as necessary. Using F-XLOCK (to add automatic detection of infection of unknown viruses) involves adding a small module to the end of the file. If Turbo C++ was F-XLOCKed in this way, it would not run, as the resulting length of the file was 800K (according to the header), and the file just could not be loaded into memory. For this reason, I decided to prevent F-XLOCK from adding the module to EXE files, if the actual length was different from the length, according to the header. But, in many cases the difference between the two "lengths" is small, and adding the module has no undesirable effect - I plan to change F-XLOCK a bit in the next version, and will try to improve this. - -frisk