IA96@PACE.BITNET (IA96000) (12/13/89)
Recently I had the chance to discuss the inner workings of VALIDATE.EXE,
(no..not VALIDATE.COM), with the authors. This program has been around
for almost two years now, and has just under gone a dramatic change.
In the past, it has detected changes in a file by reading the entire
file, and using two proprietary formulas, calculated two CRC's for
each file tested. VALIDATE.EXE is fast and capable of processing
over 64,000 characters a second.
The new version takes an entirely different approach. While I cannot
go into intimate detail, basically it reads in large blocks of the
file, takes a "snapshot" and continues. The block size varies depending
on file size and available memory. If EMS or Extended memory is detected
the program will increase the size of the blocks being read, up to the
optimal size of a 1 megabyte block.
Each "snapshot" taken is then processed. The contents of "snaphots"
vary, depending on the type of file being processed (com, exe, ascii),
the size of the file, and several other factors, including the total
number of snapshots taken.
As processing continues, two authentication strings are built. These
are then encrypted, and converted to hex format for display.
There are two versions of this program. The DOS version is capable of
reading and processing over 113,000 characters a second.The OS/2
version of validate was designed to run under PM and takes full
advantage of the advanced OS/2 functions. It has the ability to run
several threads at the same time and does so whenever possible. The
raw processing speed of the OS/2 version is not as fast as the DOS
version, but the use of threads speeds the entire program up. Just
thought you might like to know about this program. It will be available
in both versions through SIMTEL in the near future.
I have been asked to pass the following message along verbatim:
Start of message =================
From: SWE
To: VIRUS-L Subscribers
Re: Free disk offer
After processing and filling requests for over 570 EAGLSCAN (tm)
disks, we are now withdrawing our offer. Each and every request has
been filled, and all disks are on the back via US mail.
SWE did not expect any where near the response we received and
it has been a major project to produce these disks for you. So be it,
we made the offer, and we learned our lesson.
Any disks received after December 13, will not be processed until
we open again, after the holidays. We will fill any requests starting
January 4, when we return from holiday.
Thank you for your requests and have a happy holiday.
End of message ===============