sandy@dino.cs.umass.edu (Sandy Wise) (10/29/90)
My family purchased a new Mac Classic this weekend and I did the installation. The system runs 6.0.7 and Word 4.0. After a while, I got around to installing GateKeeper... (I should know better... GateKeeper first!) Anyway... GateKeeper detects an attempt by Word to add resource (DRVR, 2) to System... Word doesn't do that on my SE... Sure looks like a virus to me! Disinfectant 2.3 checks everything as clean... Is this a new strain or does something interact badly with 6.0.7? /s -- Alexander Erskine Wise /\/\/\/\/\/\/\/\/\/\/\/\ Software Development Laboratory /\/\/\/\/\/\/\/\/\/\/\/\/\/\ WISE@CS.UMASS.EDU /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\ This situation calls for large amounts of unadulterated CHOCOLATE! /\/\/\
chrisj@ut-emx.uucp (Chris Johnson) (10/30/90)
In article <SANDY.90Oct28153027@dino.cs.umass.edu> sandy@dino.cs.umass.edu (Sandy Wise) writes: >My family purchased a new Mac Classic this weekend and I did the >installation. The system runs 6.0.7 and Word 4.0. After a while, I >got around to installing GateKeeper... (I should know better... >GateKeeper first!) > >Anyway... GateKeeper detects an attempt by Word to add resource (DRVR, >2) to System... Word doesn't do that on my SE... Sure looks like a >virus to me! > >Alexander Erskine Wise /\/\/\/\/\/\/\/\/\/\/\/\ Software Development Laboratory I believe the message you're getting is something like: "Gatekeeper has vetoed an attempt by 'application name' to violate Res(Sys) privileges against the file 'System' on disk 'disk name'. [ RsrcMapEntry(DRVR, 2) ]" As far as I know, you haven't found a new virus. What you *have* found is a peculiar change introduced in System 6.0.7. I don't know why it was made or what it does, but there's no evidence that it's a virus (it appears in all copies of 6.0.7 I've examined, including ones downloaded directly from AppleLink and apple.com). If there's anyone at Apple reading this group, I'd very much appreciate any information available on this change. For that matter, if anyone has an idea why the system might feel compelled to suddenly start calling RsrcMapEntry on the print driver in the System, send me email. Anyway, Gatekeeper Aid 1.1 is being readied for release on Saturday or Sunday (assuming no terrible bugs are uncovered during testing). 'Aid 1.1 was originally intended to deal with the recently discovered MDEF C virus, but I've also added code that works-around this RsrcMapEntry violation which 6.0.7 seems so intent on generating, so a solution is on its way. By the way, these RsrcMapEntry calls are only made while running under the Finder. They do *not* occurr when running MultiFinder. I've also noticed that they happen primarily when using the ImageWriter. I hope this is of some help, ----Chris (Johnson) ----Author of Gatekeeper ----chrisj@emx.utexas.edu
sandy@snoopy.cs.umass.edu (& Wise) (10/30/90)
In article <38869@ut-emx.uucp> chrisj@ut-emx.uucp (Chris Johnson) writes: > I believe the message you're getting is something like: "Gatekeeper has > vetoed an attempt by 'application name' to violate Res(Sys) > privileges against the file 'System' on disk 'disk name'. > [ RsrcMapEntry(DRVR, 2) ]" Exactly! Thank you Chris! Both for relieving my fears, and for producing an excellent product family in GateKeeper. /s -- Alexander Erskine Wise /\/\/\/\/\/\/\/\/\/\/\/\ Software Development Laboratory /\/\/\/\/\/\/\/\/\/\/\/\/\/\ WISE@CS.UMASS.EDU /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\ This situation calls for large amounts of unadulterated CHOCOLATE! /\/\/\