ts@uwasa.fi (Timo Salmi) (04/21/91)
Sun 21-Apr-91: Acquired the Japanese version of LHa .lzh archiving program version 2.12 from Japan. I used the patch of the author to include a version with an English help screen into the package. Since the documents are still in Japanese, I'll call the self-extracting file I made /pc/arcers/lha212jp.exe, and for the time being we'll retain also lha211.exe on our archives, since it has English documentation. Available in the usual manner from our site. ................................................................... Prof. Timo Salmi Moderating at garbo.uwasa.fi anonymous ftp archives 128.214.12.37 School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun
c60b-1eq@e260-1e.berkeley.edu (Noam Mendelson) (04/22/91)
In article <1991Apr21.074001.18243@uwasa.fi> ts@uwasa.fi (Timo Salmi) writes: >Sun 21-Apr-91: Acquired the Japanese version of LHa .lzh archiving >program version 2.12 from Japan. I used the patch of the author to >include a version with an English help screen into the package. > Available in the usual manner from our >site. Alternately, you can FTP the latest version of LHa directly from utsun.s.u-tokyo.ac.jp (133.11.11.11) under /fj/lha (you'll find the patch there too). Utsun is one of the first sites to receive new versions of LHa, as well as other things (archives of fj.sources and fj.binaries.msdos). -- +==========================================================================+ | Noam Mendelson ..!ucbvax!web!c60b-1eq | "I haven't lost my mind, | | c60b-1eq@web.Berkeley.EDU | it's backed up on tape | | University of California at Berkeley | somewhere." |
riddle@hoss.unl.edu (Michael H. Riddle) (04/23/91)
In <1991Apr22.032912.23254@agate.berkeley.edu> c60b-1eq@e260-1e.berkeley.edu (Noam Mendelson) writes: >In article <1991Apr21.074001.18243@uwasa.fi> ts@uwasa.fi (Timo Salmi) writes: >>Sun 21-Apr-91: Acquired the Japanese version of LHa .lzh archiving >>program version 2.12 from Japan. I used the patch of the author to >>include a version with an English help screen into the package. >> Available in the usual manner from our >>site. >Alternately, you can FTP the latest version of LHa directly from >utsun.s.u-tokyo.ac.jp (133.11.11.11) under /fj/lha (you'll find the >patch there too). Utsun is one of the first sites to receive new >versions of LHa, as well as other things (archives of fj.sources and >fj.binaries.msdos). I, for one, certainly appreciate Yoshi-San's contribution of the LH/LHA series of programs, but have one nagging concern. McAfee has identified over 501 virus strains now known for MS-DOS. Am I the only one who is concerned about infection potential in SFX.EXE-type files? I know /I'm/ not enough of a technician to look inside a self-extracting archive and check it out ahead of time. That makes me reluctant to unpack LHA212.EXE or any other such archive, no matter what the reputation of the alleged source. I get concerned about spoofing, etc, by persons unknown. I'm certain most readers remember the PKZ102.EXE virus problem, for example. Is there an alternative which will protect the rights of the authors to insist all files be sent, and yet allow inspection by various utilities before unpacking? Is there a method I'm not aware of? Does anyone have any comments? (Like I'm too paranoid, or maybe something useful?) Thanks, Mike -- <<<< insert standard disclaimer here >>>> riddle@hoss.unl.edu | University of Nebraska postmaster%inns@iugate.unomaha.edu | College of Law mike.riddle@f27.n285.z1.fidonet.org | Lincoln, Nebraska, USA
jochenw@ikki.informatik.rwth-aachen.de (Jochen Wolters) (04/23/91)
Hi Mike,
as far as I know, SFX-archives *can* be extracted by using the appropriate unpacker. I'm not sure, if
this will work with the archive in question, since it might be compressed with a method that has been
introduced to LHA from the version that's in the archive :-). Just try to extract it with LHA 2.11, for
instance.
Greetinx,
Jochen.
--
.....................................................................
Jochen Wolters jochenw@cip-s02.informatik.rwth-aachen.de
"What you C is not necessarily what you get..."c60b-1eq@e260-1g.berkeley.edu (Noam Mendelson) (04/24/91)
In article <1991Apr23.113026.2657@unlinfo.unl.edu> riddle@hoss.unl.edu (Michael H. Riddle) writes: >McAfee has identified over 501 virus strains now known for MS-DOS. Am I >the only one who is concerned about infection potential in SFX.EXE-type >files? > Is there a method I'm not aware of? Does anyone have >any comments? (Like I'm too paranoid, or maybe something useful?) The newer versions of LHa and PKZIP can extract their SFX files. I.e., if you get lha212.exe and want to unpack it using an LHa.exe you already have, just do 'lha x lha212.exe'. This works around the very important virus problem that you mentioned. No matter how reliable the source, a hacker can always seed it with a virus. Better to be safe than sorry. -- +==========================================================================+ | Noam Mendelson ..!ucbvax!web!c60b-1eq | "I haven't lost my mind, | | c60b-1eq@web.Berkeley.EDU | it's backed up on tape | | University of California at Berkeley | somewhere." |
ts@uwasa.fi (Timo Salmi) (04/25/91)
In article <1991Apr24.030220.15637@agate.berkeley.edu> c60b-1eq@e260-1g.berkeley.edu (Noam Mendelson) writes: : >The newer versions of LHa and PKZIP can extract their SFX files. I.e., >if you get lha212.exe and want to unpack it using an LHa.exe you already >have, just do 'lha x lha212.exe'. >This works around the very important virus problem that you mentioned. >No matter how reliable the source, a hacker can always seed it with a virus. >Better to be safe than sorry. Yes, better safe than sorry. I checked lha212.exe before making /pc/arcers/lha212jp.exe available from garbo.uwasa.fi, and noticed no problems. But let's bear nevertheless the following in mind: 16. ***** Q: Am I safe against viruses if download files from FTP sites? A: I'll give some information on this from an FTP moderator's point of view. The official stand is the following directly from one of our file lists: No liability is accepted for the consequences of using, or the inability to use, any of these files. No absolute guarantees are given that these programs are clean from nasties, although none have been in evidence. Please duly observe shareware rules wherever indicated. But remember that there are no absolute guarantees _whatever_ your sources are. There have even been cases of contaminated commercial products. So the safety factor will never be a 100 per cent whether you keep on downloading from ftp sites or not. At worst you can even catch a virus if you buy a new machine (this has been known to happen). On the other hand, the scare should not be exaggerated. It is certainly a good idea to employ two or three good virus testers / protectors such as McAfee's /pc/virus/scanv76c.zip and /pc/virus/fprot114.zip by Fridrik Skulason (or whatever are the latest version numbers). I have one small additional trick up in my sleeve. Put my dtetimal.exe in your autoexec.bat. If dtetimal gets contaminated, it will loudly inform you of the fact. Dtetimal is part of my /pc/ts/tsutil31.arc (or later) package at garbo.uwasa.fi archives. Also use /pc/sysutil/chksum.zip to always check at least your io.sys, msdos.sys, and command.com at boot time. You then have a better chance of being alerted if you use these measures. ................................................................... Prof. Timo Salmi Moderating at garbo.uwasa.fi anonymous ftp archives 128.214.12.37 School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun