Abstracts from files in info-mac/vir as of Sun Feb 20 00:46:26 PST 1994 #### TEXT 00what-to-use.txt **** Here are our current recommendations for virus-related tools. Such tools can be divided into three classes: those that prevent infections, those that warn you when an infection is present, and those that remove infection. This message only discusses non-commercial software. 1. Prevention Two excellent tools for prevention of viral infections are the Disinfectant extension (distributed as part of the Disinfectant application) and the Gatekeeper package. The Disinfectant extension is very easy to install and requires no user configuration. However, it is important to stay up-to-date with this tool, because it only recognizes viruses it has been taught about. Gatekeeper is an effective virus-prevention method for the more technically inclined. It requires some customization to work well in a particular environment. The benefit of Gatekeeper is that it provides some protection against some possible kinds of future virus, not just #### BINHEX alternate-sam-35-install.hqx **** From "gt3017c@prism.gatech.edu (William Homer Waits)" Tue Aug 24 17:03:34 1993 Date: Mon, 23 Aug 1993 22:55:39 -0400 From: gt3017c@prism.gatech.edu (William Homer Waits) Subject: SAM Installer Scripts In response to some complaints on the Internet regarding the un-intuitive installer script for Symmantec's popular virus program SAM* 3.5. Symmantec's script will not do an installation if you have replaced the original Virus Definition file. Go figure! I don't know about you, but I update mine when necessary on the original disks. I have created my own scripts which should work fine. I have System 7.1, and I know it works there, but I also have created a System 6 installer. It should work fine, but I have no place to test it. Only the target folders have changed. These scripts only recognize the Virus Definitions file on the Decontamination Disk, so make sure that is where you place your updated Definition file. If you decide to use these, please just e-mail me and let me know that you have used it. Also, let me know about any troubles you may have. I can be reached at the following addresses: gt3017c@prism.gatech.edu (until 6/94) or Heathen@aol.com SAM* is copyrighted by Symmantec Corp. I have no affiliation with them. Al Bloom, this one's for you! #### BINHEX disinfectant-33.hqx **** Date: Fri, 5 Nov 1993 14:17:58 -0700 (MST) From: Russ Pagenkopf Subject: New Disinfectant The latest and greatest Disinfectant version 3.3. Zaps two new viri that have been discovered on the East coast. #### BINHEX gatekeeper-129.hqx **** Date: Thu, 11 Nov 1993 16:07:52 -0600 From: chrisj@mbs.telesys.utexas.edu (Chris W. Johnson) Subject: Gatekeeper 1.2.9 Anti-Virus System --========================_38874034==_ Content-Type: text/plain; charset="us-ascii" Gatekeeper 1.2.9 is a set of Macintosh system extensions (INITs) and related control panels (cdevs) which, when active (i.e. allowed to install themselves during the boot process) offer protection against attacks by all known viruses (to the author at the time of this release). Gatekeeper also monitors computer activities for what are considered to be suspicious 'events' or 'operations', in an attempt to intercept what could be variants of known viruses or even completely new viruses. Since its initial release in January of 1989, Gatekeeper has repeatedly demonstrated its ability to stop the spread of viruses which were unknown during its design. Like any anti- virus system, however, it cannot guarantee complete protection. Of course, no claims or promises are made regarding Gatekeeper's effectiveness or suitability, and some functions and capabil- ities of Gatekeeper are non-trivial to use and may require a careful reading of the documentation. Gatekeeper 1.2.9 Release Notes 11-Nov-93 --------------------------------------------------- Gatekeeper 1.2.9 was created to deal with the CODE 1 and MBDF-B viruses. The latter, MBDF-B, was already dealt with by previous releases, but code was added to explicity identify the virus as the "B" strain instead of as an "unknown" strain. At the same time, some improvements have been made. These include the elimination of a known false-positive identification of the INIT 1984 virus, the further refinement of address sanity checking code (and its application in a couple of new places), the addition of some new privileges, the elimination of the conflict between version 1.2.8 and System 7 Tuner, and probably a couple more things I can't remember at the moment. :-) ----Chris --========================_38874034==_ Content-Type: application/mac-binhex40; name="gatekeeper-129.sit" #### BINHEX gatekeeper-130.hqx **** Date: Fri, 12 Nov 1993 16:38:22 -0600 From: chrisj@mbs.telesys.utexas.edu (Chris W. Johnson) Subject: Gatekeeper 1.3 (yes, two in as many days) --========================_36297202==_ Content-Type: text/plain; charset="us-ascii" Gatekeeper 1.3 is a set of Macintosh system extensions (INITs) and related control panels (cdevs) which, when active (i.e. allowed to install themselves during the boot process) offer protection against attacks by all known viruses (to the author at the time of this release). Gatekeeper also monitors computer activities for what are considered to be suspicious 'events' or 'operations', in an attempt to intercept what could be variants of known viruses or even completely new viruses. Since its initial release in January of 1989, Gatekeeper has repeatedly demonstrated its ability to stop the spread of viruses which were unknown during its design. Like any anti- virus system, however, it cannot guarantee complete protection. Of course, no claims or promises are made regarding Gatekeeper's effectiveness or suitability, and some functions and capabil- ities of Gatekeeper are non-trivial to use and may require a careful reading of the documentation. Gatekeeper 1.3 Release Notes 12-Nov-93 --------------------------------------------------- Gatekeeper 1.3 was created the day after 1.2.9 was released to fix a bug that caused all pre-7 systems to hang during startup, and crashed some System 7.x machines. For those of you wondering about the story behind the bug, and why 1.2.9 missed its scheduled release date by three days, it's pretty simple. When the new viruses appeared, I was in the middle of work on a new and improved Gatekeeper which was going to be version 1.2.9 in a couple of months. Unfortunately the work, while mostly complete, still wasn't quite finished at the time those viruses appeared. So I had to either (a) try to finish the new improvements very quickly, or (b) rip them all out and return, more or less, to the functionality of 1.2.8. I went for option 'b'. Unfortunately, while I was ripping out the nifty new code, I overlooked one file in one of the ten or so projects that currently combine to form Gatekeeper. Consequently, some of that new code which wasn't quite finished was built into one portion of version 1.2.9. Since it was mostly working, it passed all my in-house (actually "in-office" would be more accurate) tests prior to release, but failed when it finally met up with the real world. Why didn't I just go back to the archived 1.2.8 source? Because there were some bug fixes and various uncontroversial (but significant) improvements already in 1.2.9 which I certainly wanted to be part of any new release. So, here's 1.3; use it in good health. Please delete any copies of 1.2.9 that you may have laying around and spread the word that 1.3 is available. [Thanks, BTW, go to Brian Price for allowing himself to be dragooned into running some last minute tests.] ----Chris --========================_36297202==_ Content-Type: application/mac-binhex40; name="gatekeeper-13.sit" #### BINHEX mac-sig.hqx **** Date: 22 Apr 93 14:22:35 EDT From: Larry Beck <75300.1172@CompuServe.COM> Subject: MACSIG 04/22/93 This MACSIG file from Central Point Software is a self-extracting archive that contains a ReadMe file with further instructions. It also contains the new INIT M virus signature as well as other virus signatures back to July 1992. #### BINHEX mactools-antidotes-93-11-06.hqx **** Date: Sat, 6 Nov 1993 15:40:54 -0800 From: Chall Fry Subject: Mac_CPAV_Antidotes_11/5/93.hqx Info-Mac Moderators, Please place this file in /info-mac/virus. Thank you. Users, This file contains the latest antidote descriptions for Central Point Anti-Virus as of 11/5/93. It includes antidotes for the CODE-1 and MBDF-B viruses. The antidotes contained in this file may be used with both Anti-Virus 2.0 and Anti-Virus 3.0. Instructions for loading the antidotes into Anti-Virus are contained within. This file is compressed as a self extracting archive. --Chall Fry Central Point Software #### BINHEX merry-xmas-killer.hqx **** From LTAYLOR@CSBINA.CSUBAK.EDU Thu Sep 2 10:50:01 1993 Date: Wed, 1 Sep 1993 22:07:07 -0700 (PDT) From: LTAYLOR@CSBINA.CSUBAK.EDU Subject: "Merry Xmas" Killer I have recently experienced one of the most annoying Macintosh para- sites of all time -- the virus. Although only a HyperCard virus, "Merry Christmas" is an annoying little bugger to have, like any virus. Fortunately, I was able to spot it before it infected anything really important. I highly suggest that anyone with HyperCard download this file. It will scan your stacks for Merry Christmas and permanently zap it. Although small (less than 12K) it does its job very efficiently. Have fun with HyperCard! *Stiles ============================= cut here ============================= #### BINHEX merryxmas-vaccine-13-hc.hqx **** From: Joshua Yeidel Subject: Re: merryxmas vaccine (fwd) Date: Thu, 13 Jan 1994 15:13:56 -0800 (PST) I received this from the author, Bill Swagerty of Claris, with permission to send it "Wherever (I) Like". Where I Like is mac-gifts. Merryxmas Vaccine is a Hypercard stack that detects and eliminates the "merryxmas" Hypercard virus from Hypercard stacks. This is version 1.3, with the improvements indicated below. (The version on sumex-aim is 1.0.) Joshua Yeidel, Learning Systems | yeidel@tomar.accs.wsu.edu Information Technology | All standard disclaimers apply Washington State University | "Believe it if you need it, Pullman, WA 99164-1222 | or leave it if you dare..." 509/335-0441 | -- Robert Hunter ---------- Forwarded message ---------- Date: 13 Jan 1994 13:05:01 -0800 From: Bill Swagerty To: Joshua Yeidel Subject: Re: merryxmas vaccine >>Any chance you could send the 1.3 version...? I'll send it to you and let you send it wherever you like. Cheers, Bill Acknowledgements & Version History ---------------------------------- Version 1.3 oTo accommodate accidental mutations, the vaccine now removes everything from the virus code on down from the stack script of infected stacks. oStacks are assumed to be Finder locked if IsFinderLocked fails. Version 1.2 oMark Johnson for uncovering a weakness in the GetDir 2.2 XFCN with names that contain commas. oIndicator light now left red if one or more stacks could not be disinfected. Version 1.1 oA modification was made to accommodate the way Macintosh Pluses respond to the MonitorConfig XFCN. Version 1.0 oKen Dunham; LaGrande Middle School; 1108 4th St; La Grande OR 97850 (503) 963-1954 for bringing the virus to my attention. oBill Marriott for the straight HyperTalk progress bar as featured in the Claris TechInfo Journal / Winter 1993. RE>>merryxmas vaccine 1/13/94 12:59 PM #### BINHEX rival-defs-9304b.hqx **** Date: 22 Apr 93 09:22 GMT From: NONE.FRED@AppleLink.Apple.COM (France - nOne Corp, F Miserey,IDV) Subject: Re2: INIT-M Vaccine ready Bill, Will you please post the above "INIT-M Vaccine" for Rival below. Yours, Frederic ------------ #### BINHEX sam-defs-93-11-04.hqx **** Date: Fri, 5 Nov 1993 01:52:42 -0700 (PDT) From: Brian Amira Subject: NEW SAM Virus Definition Files 11/4/93! --0-162176128-752489685:#19023 Content-Type: TEXT/PLAIN; charset=US-ASCII Here they are, for the newly descovered viruses. Use in good health! Brian <|Brian M. Amira | Internet E-Mail: Brian@scs.unr.edu |> --0-162176128-752489685:#19023 Content-Type: APPLICATION/octet-stream; name="NEW-SAM-Virus-Files.sit.hqx" Content-ID: Content-Description: #### BINHEX sam-install-scripts-12.hqx **** From: gt3017c@prism.gatech.edu (William Homer Waits) Subject: SAM Install Scripts 1.2 Date: Sun, 9 Jan 1994 00:16:40 -0500 In response to some complaints on the Internet regarding the un-intuitive installer script for Symmantec's popular virus program SAM* 3.5. Symmantec's script will not do an installation if you have replaced the original Virus Definition file. Go figure! I don't know about you, but I update mine when necessary on the original disks. I have created my own scripts which should work fine. I have System 7.1, and I know it works there, but I also have created a System 6 installer. It should work fine, but I have no place to test it. Only the target folders have changed. These scripts only recognize the Virus Definitions file on the Decontamination Disk, so make sure that is where you place your updated Definition file. Also, it you are using System 7 or greater, SAM* Intercept and SAM* Intercept Jr. are both placed in the Extensions Folder. If you decide to use these, please just e-mail me and let me know that you have used it. Also, let me know about any troubles you may have. I can be reached at the following addresses: gt3017c@prism.gatech.edu or Heathen@aol.com My snail mail address is William Waits 1471 Ashwood Way Lawrenceville, GA 30243 SAM* is copyrighted by Symmantec Corp. I have no affiliation with them. Al Bloom, this one's for you! Version History -1.0 Initial Release -1.2 Added better icons to custom window Read Me file reflects more accurate data #### TEXT virex-viruses-detected.txt **** From: alanc@ocf.Berkeley.EDU (Alan Coopersmith) Date: Wed, 14 Jul 93 09:29:53 PDT Subject: Virex 3.x Virus Definitions The following text file lists viruses detected by all versions of Virex since 1.0. It also lists UDV codes for viruses discovered since version 3.5. The list came from the Datawatch forum on America Online. Disclaimer: I have no relation to Datawatch/Virex other than being a customer. If you have any problems with Virex, please contact Datawatch directly. -------------------------------------------------------------------------- Alan Coopersmith Internet: alanc@ocf.berkeley.edu U.C. Berkeley Open Computing Facilty America Online (AOL): AlanC Utah -------------------------------------------------------------------------- Virex Version Information and UDV Codes for Recently Discovered Viruses #### BINHEX virus-reference-212.hqx **** From: Kevin Harris Subject: No Subject! Date: Fri, 3 Dec 93 10:11:04 EST From: SPerspect@aol.com Date: Fri Dec 3, 1993 09:48 Subj: Virus Reference 2.1.2 Attached you will find our free utility, Virus Reference. Virus Reference is an online guide to Mac viruses and trojan horses. It includes complete details on symptoms and includes search capabilities. This update adds information on the CODE-1 and MBDF-B viruses discovered Nov. 4, 1993. Thank you, Software Perspectives