hsu_wh@jhunix.HCF.JHU.EDU (William H Hsu) (06/06/90)
Several weeks ago, I posted a message on comp.virus and
several comp.sys.mac newsgroups requesting bibliographic sources
on Macintosh toolbox programming. I'd like to thank everyone who
responded; now that I have a copy of Dr. Fred Cohen's thesis, a
lot of my questions about detection have been answered.
I am using THINK C 4.0 (Macintosh) as my development
package. I would like to know of any source code that is
publicly available that pertains to virus detection, disinfection
(removal), and/or file repair. I believe that I will get farther
by adding to and modifying base code (preferably in C) than by
starting from scratch, since I have never seen any kind of
disinfection code. I have come up with a rough algorithm, and
have a few ideas as to how I could change an existing scanning
program to perform as planned.
I would also appreciate it if someone could send me a list
of bibliographic sources on coding anti-viral utilities. So far,
I have read only work by John McAfee and Dr. Fred Cohen.
Finally, could someone please send me information on where
it is possible to obtain the diassembled code of two or more
clones of variant Macintosh viral strains (such as nVIR/"Hpat",
WDEF, Scores?) and single versions of invariant strains (e.g.,
MacMag, ZUC, ANTI, INIT 29, MDEF/Garfield) for testing purposes?
I am working at the Johns Hopkins University's Computer Science
department.
Please send replies to: hsu@cs.jhu.edu,
HSU_WH@JHUVMS.HCF.JHU.EDU