CHRISTOPHER%GACVAX1.BITNET@VMA.CC.CMU.EDU (10/24/89)
Are there any programs currently available that will check for viruses within an archive file? I am familiar with the SHEZ program and how it can be used with VIRUSCAN to scan archives, but SHEZ un-arcs the archive file before running VIRUSCAN. My question is, does a program exist or could one be developed that searched for signs of an archived and infected program? I can see two big problems with this immediately. First, each different archiving algorithm will archive a virus (call it X) differently. An ARCed X will be different from a ZIPed X will be different from a ZOOed X, etc. Secondly, say that virus X attaches itself to the end of COM files. Will the output (archived file) of an archiving algorithm translate virus X into the same byte sequence every time? For example, program A is infected and becomes AX. Is arc(AX) (archived AX) the same as arc(A) + arc(X) and is arc(BX) the same as arc(B) + arc(X)? I inquire because I have archived programs/software, and I would like to know if programs in archives are infected without de-archiving them (at last count I had over 100 .ARC files) and then SCANing them as SHEZ does. Christopher Kane <CHRISTOP@GACVAX1.BITNET>