friedman@mbcl.rutgers.edu (04/05/91)
The lab I work in has owned SAM 2.0 for several months. We have found that one of the problems with this program is the apparent haphazard manner by which updates are distributed. Some friends have told me that they get cards with the information they need to update the Virus Clinic and SAM CDEV. We only find out about the updates when we see a posting. Apparently, the author, Paul Cozza, is unreachable as he has people who post messages for him. I would think (IMHO) that in addition to posting notices, which might be missed on the newsgroups, a more reliable alternative would be to place the info in various archives so that one might periodically check that they have kept their SAM's up to date. Rich Friedman@mbcl.rutgers.edu PS The last virus I got new codes for was about 6 months ago. If anyone could pass along the list of codes I might have missed, I would appreciate. Rich
hermens@ted.cs.uidaho.edu (04/08/91)
I received updates for SAM 2.0 right up to the time that SAM 3.0 was made available. I have no complaints. In fact, Mr. Cozza is reachable and I have submitted information about SAM 2.0 to him. Leonard In article <369.27fc4f76@mbcl.rutgers.edu> friedman@mbcl.rutgers.edu writes: >The lab I work in has owned SAM 2.0 for several months. We have found that one >of the problems with this program is the apparent haphazard manner by which >updates are distributed. Some friends have told me that they get cards with >the information they need to update the Virus Clinic and SAM CDEV. We only >find out about the updates when we see a posting. Apparently, the author, Paul >Cozza, is unreachable as he has people who post messages for him. > >I would think (IMHO) that in addition to posting notices, which might be missed on the >newsgroups, a more reliable alternative would be to place the info in various >archives so that one might periodically check that they have kept their SAM's >up to date. > >Rich >Friedman@mbcl.rutgers.edu > >PS The last virus I got new codes for was about 6 months ago. If anyone could >pass along the list of codes I might have missed, I would appreciate. >Rich
werner@rascal.ics.utexas.edu (Werner Uhrig) (04/08/91)
Rich Friedman wrote: > The lab I work in has owned SAM 2.0 for several months. We have found > that one of the problems with this program is the apparent haphazard > manner by which updates are distributed. Some friends have told me > that they get cards with the information they need to update the Virus > Clinic and SAM CDEV. We only find out about the updates when we see a > posting. Apparently, the author, Paul Cozza, is unreachable as he has > people who post messages for him. Rich, this kind of bad-mouthing is totally uncalled for and I think you owe both SAM-author Paul Cozza and the people who, on a volunteer basis, try everything in their power to keep net-users well-informed and updated on virus-matters. I imagine that the way you get update information normally, is to be a registered user (you are a registered user, right?) and to order (and pay for) updates which you are interested in. While I am not a SAM-user myself, I imagine that your manual contains information where to inquire about getting postcards announcing updates.... ....but if you give me (a few of) your lab's registration numbers I will make a personal effort to look into the status and I will report back right here what I can find out. > I would think (IMHO) that in addition to posting notices, which might > be missed on the newsgroups, a more reliable alternative would be to > place the info in various archives so that one might periodically > check that they have kept their SAM's up to date. I fail to find anything "humble" IYHO and while I welcome as much as anyone that people create archives and make information available, I am under the impression that you may be the perfect example how little good that does ...(or have you scanned the VIRUS-L archives lately for how often and how fast the net has usually been informed about new SAM-updates?) > Rich > Friedman@mbcl.rutgers.edu ---Werner
friedman@mbcl.rutgers.edu (04/08/91)
I Got off the phone with Symantec this morning. They had us in their files, but don't know why we didn't get the update cards. BTW I checked with our PostMaster, and we don't seem to be getting Virus-L. He is working to clear this up. Now all I have to do is talk my boss into upgrading to SAM 3.0 and this problem will be solved. -Rich Friedman@mbcl.rutgers.edu
petechen@porthos.rutgers.edu (Peter Chen) (04/08/91)
friedman@mbcl.rutgers.edu writes: >Apparently, the author, Paul >Cozza, is unreachable as he has people who post messages for him. ........ >Rich >Friedman@mbcl.rutgers.edu >PS The last virus I got new codes for was about 6 months ago. If anyone could >pass along the list of codes I might have missed, I would appreciate. >Rich A couple days ago, I sent a message to Paul Cozza regarding exactly such a listing. And I got a reply from him within a day, so I wouldn't say he is unreachable. Pete Chen Here is the list he sent me: -------------- Here are a list of the definitions that have been posted: *********** ZUC Virus Name: ZUC Resource Type: CODE Resource ID: 1 Resource Size: Any Search String: 4E56FF74A03641FA04D25290 (hexadecimal) String Offset: Any *********** Garfield (or MDEF), both strains A & B Virus Name: Garfield Resource Type: MDEF Resource ID: 0 Resource Size: Any Search String: A9A92F0CA9AA2F0CA9B0 (hexadecimal) Search Offset: Any *********** Steroid Trojan horse Virus Name: Steroid Trojan Resource Type: INIT Resource ID: 148 Resource Size: 1080 Search String: ADE9 343C 000A 4EFA FFF2 4A78 (hexadecimal) String Offset: 96 *********** CDEF Virus Name: CDEF Resource Type: CDEF Resource ID: 1 Resource Size: 510 Search String: 45463F3C0001487A0046A9AB (hexadecimal) Search Offset: 420 *********** ANTI B Virus Name: ANTI Resource Type: CODE Resource ID: 1 Resource Size: Any Search String: 000A317CFFFF000CA033303C0997A146 (hexadecimal) Search Offset: Any (or, for later versions of SAM, -886 will also work) *********** Garfield C (or MDEF C) Virus Name: Garfield (or MDEF) Resource Type: MDEF Resource ID: 0 Resource Size: 556 Search String: 4D4445464267487A005EA9AB (hexadecimal) Search Offset: 448 ************ Virus Name: ZUC B (or ZUC 2) Resource Type: CODE Resource ID: 1 Resource Size: Any Search String: 7002A2604E752014A0552240 (hexadecimal) Search Offset: Any ************
werner@cs.utexas.edu (Werner Uhrig) (04/10/91)
In article <379.28005f7f@mbcl.rutgers.edu> friedman@mbcl.rutgers.edu writes: >I Got off the phone with Symantec this morning. They had us in their files, >but don't know why we didn't get the update cards. Assuming that they sent such a card... it might be an interesting test to drop a card into the mail, addressed to the address they used (to see IF that one reaches you - make sure to put a note on the card asking whoever gets the card to give you a call) >BTW I checked with our PostMaster, and we don't seem to be getting Virus-L. rec.virus carries the VIRUS-L traffic (VIRUS-L is a BITnet list, which can be received as email also with the appropriate request (I think the request-address is LUKEN@LEHIIBM1.BITNET) >Now all I have to do is talk my boss into upgrading to SAM 3.0 and >this problem will be solved. I would still miss a public apology to Paul and Symantec for your "ranting" as well as a public "thank you" for the gracious offer of help you received from Paul by email .. -- (Internet) werner@cs.utexas.edu (BITnet) werner@UTXVM (UUCP) ..!uunet!cs.utexas.edu!werner
aslakson@cs.umn.edu (Brian Aslakson) (04/10/91)
werner@cs.utexas.edu (Werner Uhrig) writes: > rec.virus carries the VIRUS-L traffic (VIRUS-L is a BITnet list, which This explains a lot. Brian Just kidding
idddev@well.sf.ca.us (Innovative Data Design) (04/11/91)
Several of us here are registered SAM 2.0 users. Some of us receive the postcard updates of new viruses, some of us don't. The most recent notice, which I received today, is about virus that SAM 2.0 can't detect, but that SAM 3.0 can. Angus MacDonald; idddev@well.sf.ca.us Opinions expressed in this message are solely my own.
drz@po.CWRU.Edu (David R. Zinkin) (04/12/91)
SAM 2.0 can't detect the HC virus because it can't accept user definitions for viruses which reside in the data fork of a file. SAM 3.0 *does* allow such definitions, so that if you can't get the most recent version of the Virus Definitions file, you can still update the search capabilities. -- Dave -- David Zinkin (drz@po.cwru.edu) * I hear, and I forget. Rochester General Hospital/Radiology * I see, and I remember. CWRU Psychology and Chemistry (WR '92) * I do, and I understand. CWRU Macintosh User Group * -- Ancient Proverb
friedman@mbcl.rutgers.edu (04/12/91)
I have gotten some pretty interesting responses/comments to my original posting on some problems I have (had) with SAM 2.0. Many were constructive. I would also like to thank Paul Cozza for responding to me. I guess one of the problems has to do with the fact that while we receive over 1000 newsgroups, we do not receive virus-l nor rec.virus. We were relying on the postings to the infomac for our updates and many slipped by us. I personally do not feel like periodically making a long distance phone call to Ca. to read a BB where Symantec lists the updates. Paul mentioned, virus-l is archived at [KRVW@CERT.SEI.CMU.EDU@INTERNET#]. However, I guess if you don't keep up with this archive, you will get swamped trying to read a lot of the files at once. I would like to make one suggestion to the people at Symantec as to how they can make our updating easier, add numbers to the cards you mail out. A friend who shared his set was missing a few updates that other people had and passed on to me. We were not certain if these were from cards which gotten lost in the mail or if these represented older updates which hopefully were sent out before he purchased SAM and were incorporated into his version. With numbered cards it would be a simple to ascertain if you had missed an update. BTW, yes I know that with SAM 3.0 you won't need to rely on the cards, that you can do the updating by downloading the info from the Symantec BBS, however, once again you need to have a modem and make a long distance phone call. Another problem would be, how will you know when a new listing will be there that requires you to do a download? -Rich friedman@mbcl.rutgers.edu