frisk@rhi.hi.is (Fridrik Skulason) (09/19/89)
Some time ago I sent out several copies of my F-PROT anti-virus package.
Those copies were only beta-release, and not intended for general
distribution, although they were uploaded to SIMTEL by mistake. Now I have
fixed all the problems reported to me and added a number of new features.
F-PROT will be made available soon, but it is now in final testing at
around 20 sites here in Iceland.
I am still speculating on how to distribute it. Is the idea of shareware,
where you will automatically receive the next major update for a
contribution of $15 (or equivalent) acceptable ?
I would be very interested in knowing how much interest there is for
this set of programs. If you would like to see it distributed on SIMTEL,
comp.binaries.ibm.pc etc, please let me know. (A short reply saying just
"yes" will do). If there seems to be sufficient interest in this program,
it will made available later this month.
F-PROT includes a number of anti-viral programs, including:
1) A device driver that provides full protection against
most viruses. The program will check every program run
for infection by any of the following viruses:
April 1. (sURIV 1.0 and sURIV 2.0)
Cascade (1701, 1704)
DataCrime
DataCrime-II
405
Friday 13. (Miami, Munich)
Fu Manchu
Icelandic (incl. Saratoga)
Jerusalem (incl. sURIV 3.0)
Lehigh
Traceback
Vienna (DOS 62)
In addition the program will also provide protection against
the following boot sector viruses:
Ping-Pong (Italian)
Brain
Stoned (New Zealand)
Den Zuk
Alameda/Yale
Typo
It is also able to stop (but not identify) new boot sector viruses.
The viruses listed above are responsible for over 99% of
infections.
The best part is that this program only occupies around 1K of
memory, and is totally invisible unless an attempt is made to run
an infected program.
2) A program that will look for infections and remove them. This
program can handle all the viruses listed above, and in addition
it will detect infections by the following viruses:
Pentagon
Swap
Nichols
Agiplan
2730
These viruses are very rare, but code to remove them will
be added as soon as I obtain a copy of them.
The following viruses have been reported, but are extremely rare
and certainly not a serious threat (yet).
Dbase
Oropax
Ohio
RAP
MIX1
Code to detect and remove them will be added as soon as possible.
3) A program that will modify any .EXE or .COM file and add code
to it, so that the program will check itself for infection by
ANY virus when run. This will provide full protection against
any new program viruses. This addition to the program will not
interfere with normal execution.
4) A TSR program that will watch out for suspicious activity:
Attempts to write to the FAT.
Formatting of the hard disk.
Making Read-Only .EXE or .COM files Read/Write.
Writing to a .EXE and .COM file
Other similar programs exist, but this one is also able to:
.... stop viruses that bypass INT 21 when performing
DOS functions (like the Icelandic virus does).
.... prevent all four methods used in the TRYOUT program
in Dr. Solomon's Anti-Virus Toolkit from working.
As far as I know, no other similar program can do this.
5) A number of utilities:
Memory-mapping program
Inoculation program
Checksum program
Disk locking program
+ a few more.
- --------------------------------------------------------------------
Fridrik Skulason University of Iceland
frisk@rhi.hi.is
Guvf yvar vagragvbanyyl yrsg oynax .................jec@rutgers.edu (09/30/89)
Yes, there's probably enough interest to warrant posting the program. But will you be able to keep it current, and get the current version to registered users as fast as the virus? John - --- USnail: John Carter, AT&T, 401 W. Peachtree, FLOC 2932-6, Atlanta GA 30308 Video: ...att!nesac2!jec ...attmail!jecarter Voice: 404+581-6239 The machine belongs to the company. The opinions are mine.