CHESS@YKTVMV.BITNET (10/23/89)
(This is in reply to Alan Roberts' warning about the Dark Avenger and scanners in VALERT-L.) The recommended procedure for using the IBM Virus Scanning Program includes, I'm pretty sure, cold-booting the machine from a trusted boot diskette before running the scanner. This will keep the "spreads to all files on the disk" from happening, since it will mean that the virus isn't in control when the scanner runs. It's also a bit of a pain, but it may be worth it. If another virus like the Dark Avenger appears, and you run a scanner that doesn't know about it, without cold-booting first, you could end up with an entire disk full of infected files, and not even know it! This isn't really a bug in the scanners that needs to be "fixed". Any program that opens many many files can have the same effect when an infect-on-open virus is active. This includes virus scanners, anti-virus programs that compute check-values for your executables to let you know what's changed, backup programs, GREP-like programs, and so on. It would certainly be a nice enhancement if the scanners also scanned RAM before going to the disk, but even that won't solve the general problem (since an infect-on-open virus not known to the scanner can still be spread to the entire disk, unless you cold-boot before scanning). DC