Alan_J_Roberts@Sun.COM (10/27/89)
This message is forwarded from John McAfee:
=============================================================================
SCANV45 causes false alarms when used with a number of Jerusalem
Virus detectors/eradicators. What has happened is this: I returned to an
earlier version of string identification for this virus in order to avoid
conflicts with a number of newer Jerusalem detectors. Apparently, however,
the string identifiers used in earlier versions (being unencrypted) were
picked up on by other authors (perfectly legitimate) and used in their
own detectors. There are over 30 such detector/eradicator programs in use
now. I stgrongly urge all such authors to do one of two things: Choose
your own strings, or encrypt them if you use strings from older versions of
SCAN. Otherwise, your programs will be flagged as viruses not just by my
scanner, but by everyone who chooses those same strings. The problem is
worsened now cause I use multiple strings for some viruses (to avoid
cracking) and either one of the multiple strings will cause an alarm if
that string is chosen by others and not encrypted. If authors do not like
the idea of encryption, then ASCII representations can be used (like IBM
uses). THis will allow your users to see the strings that you have chosen
but will not cause false alarms. We must all remember that multiple
authors are trying to fight the virus problem, and we should do everything
possible to avoid conflicts with each other's programs.
John McAfee