DOUGB@comsys.byu.edu (Douglas Barlow) (01/08/91)
> Date: Tue, 08 Jan 91 13:52:32 +0000 > From: Mr Gordon S Byron <gsb1@forth.stirling.ac.uk> > Subject: Auto-scanning Virus Vaccine? (PC) > > I am interested in finding a DOS antivirus program which would > automatically scan disks as they are inserted. ideally, something like > SAM II on the Mac. I noticed a reference to a program called McAfee's > scan. Is that an auto-scan antivirus program? Only one problem with that idea: How can the machine tell when a disk is inserted? There isn't any type of sensor in IBM floppy drives like in the Mac. Doug Barlow
cjimenez@anyware.es (Carlos Jimenez) (01/10/91)
>> From: Mr Gordon S Byron <gsb1@forth.stirling.ac.uk> >> >> I am interested in finding a DOS antivirus program which would >> automatically scan disks as they are inserted. ideally, something like >> SAM II on the Mac. I noticed a reference to a program called McAfee's >> scan. Is that an auto-scan antivirus program? > >Only one problem with that idea: How can the machine tell when a disk >is inserted? There isn't any type of sensor in IBM floppy drives like >in the Mac. > >Doug Barlow I can sugest this idea: If you install a TSR that capture Int 13h Function 02h (BIOS Read sector) and this TSR scans virus signs in each read of the boot sector of the floppy disk you automatically detects boot viruses in the first access to the removable media (DOS will read the boot sector of the removable media, i.e floppy disk, on the first access to floppy because needs to know which is the format of the disk for access him). You can add another interrupt routine that capture Int 21h Function 4Bh or 3Dh (EXEC or OPEN) and before to execute or open some file, the TSR scans it for known sign of viruses. This is the basis for TSR vaccines like VSHIELD or F-PROT. If you wish more details you can write me to cjimenez@anyware.es Carlos Jimenez R+D Manager Phone: +34 1 556 92 15 ANYWARE Information Security +34 1 556 92 16 General Peron, 32 Fax: +34 1 556 91 58 28020 Madrid (SPAIN) EUnet: cjimenez@anyware.es
PFKLAMMER@CUDENVER.BITNET (Pete Klammer/303-556-3915) (01/11/91)
>> From: Mr Gordon S Byron <gsb1@forth.stirling.ac.uk> >> >> I am interested in finding a DOS antivirus program which would >> automatically scan disks as they are inserted. ideally, something like >> SAM II on the Mac. I noticed a reference to a program called McAfee's >> scan. Is that an auto-scan antivirus program? > >Only one problem with that idea: How can the machine tell when a disk >is inserted? There isn't any type of sensor in IBM floppy drives like >in the Mac. > >Doug Barlow Isn't the write-protect sensor status available for polling? If you constantly (once per clock tick) check the write-protect detector, you could see the "shadow" of the diskette sleeve (write protected or not) as the disk is inserted or removed. I.e., if the detector toggles in any way, a diskette has been either inserted or removed. - --poko "Eesti vabaks/free Estonia!" Pete Klammer (303)556-3915 FAX(303)556-4822 CU-Denver Computing Services, AHEC Box#169 / PKLAMMER@CUDENVER.bitnet 1200 Larimer St, NC2506, Denver CO 80204 / {uucp...}!boulder!pikes!pklammer P.O. Box 173364, Denver CO 80217-3364 / pklammer@cudnvr.Denver.Colorado.EDU
frisk@rhi.hi.is (Fridrik Skulason) (01/13/91)
> I am interested in finding a DOS antivirus program which would > automatically scan disks as they are inserted. Why? Doing this seems a bit silly to me, to say the least. Consider the following: On PCs we have basically two types of viruses - Boot secor viruses and program viruses. Assuming we could in all cases detect if a new disk has been inserted, which cannot (I think) be done on the original PC, but only on XTs, ATs and late computers (see INT 13H, function 16H), let's just look at the benefits: It must be kept in mind that the PC does not automatically execute code from the diskette when it is inserted. One some other machines, (for example Amiga) this is done, so an anti-virus program there HAS to check the disk as soon as it is inserted. Boot viruses could be detected by automatic scanning of all disks as they are inserted, but it would be easier just to check the boot sector when Ctrl-Alt-Del is pressed. File viruses could be found as well, but this would take untolerably long time in the "worst case" - a disk full of LZEXE-packed programs, which would have to be unpacked before scanning. I doubt many would tolerate that delay whenever a disk is inserted. Just scanning the programs when they are executed seems by far preferable to me. Also - unlike Mac and Amiga, the PC does not generate any signal when a disk is changed - you would need a resident program continously checking the Diskette Change Line Status. - -frisk - -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |
woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal) (01/14/91)
DOUGB@comsys.byu.edu (Douglas Barlow) writes: > Only one problem with that idea: How can the machine tell when a disk > is inserted? There isn't any type of sensor in IBM floppy drives likee > in the Mac. Fastback senses when a disk is inserted. There is a flag that is used to determine if a disk has been removed or inserted. A program such as this can certainly query that flag. No problem Cheers Woody
vail@tegra.com (Johnathan Vail) (01/15/91)
PFKLAMMER@CUDENVER.BITNET (Pete Klammer/303-556-3915) writes: >Only one problem with that idea: How can the machine tell when a disk >is inserted? There isn't any type of sensor in IBM floppy drives like >in the Mac. >Doug Barlow Isn't the write-protect sensor status available for polling? If you constantly (once per clock tick) check the write-protect detector, you could see the "shadow" of the diskette sleeve (write protected or not) as the disk is inserted or removed. I.e., if the detector toggles in any way, a diskette has been either inserted or removed. If I remember correctly the drve has to be selected. Even if this is possible and isn't precluded by door open, etc., it definately won't work while another drive is selected and being used. jv "Live Free or Die, Death is the lesser of the two evils" -- General John Stark _____ | | Johnathan Vail | n1dxg@tegra.com |Tegra| (508) 663-7435 | N1DXG@448.625-(WorldNet) ----- jv@n1dxg.ampr.org {...sun!sunne ..uunet}!tegra!vail
magnus%thep.lu.se@Urd.lth.se (Magnus Olsson) (01/17/91)
woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal) writes: >Fastback senses when a disk is inserted. There is a flag that is used >to determine if a disk has been removed or inserted. A program such >as this can certainly query that flag. No problem Yes, but to do this, it has to keep the drive in question selected all the time, drive motor running. Would you really want to have drive A: going all the time your computer was up? And how could the program check if a disk was inserted in another drive (only one drive can be active at a time)? Magnus Olsson | \e+ /_ Dept. of Theoretical Physics | \ Z / q University of Lund, Sweden | >----< Internet: magnus@thep.lu.se | / \===== g Bitnet: THEPMO@SELDC52 | /e- \q