home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
High Voltage Shareware
/
high1.zip
/
high1
/
DIR31
/
TBAV611.ZIP
/
WHATSNEW.611
< prev
Wrap
Text File
|
1994-03-01
|
11KB
|
240 lines
Update report of Thunderbyte Anti-Virus utilities.
Prefixes:
'-' indicates a change that does not require user attention.
'->' indicates a modification that requires user attention, such as a
change in program invocation, etc.
*** NOTE ***
NetWork administrators, read the TBAV.Doc file for information about a
fast and reliable way to update all workstations automatically!
6.11 Product update
-------------------
General information:
-> NEW BBS NUMBER! The Thunderbyte support BBS in The Netherlands is
now a multi-line BBS, available via a new phone number:
+31 - 59 - 182 011
(Dutch Residents, dial 059 182 011).
All lines are available through just this ONE number. We will keep
on adding lines until the occupancy of the BBS remains within
acceptable limits.
- TBAV for DOS is now a NCSA certified product. The NCSA certifies
that TBAV (DOS) detects over 90% of NCSA Virus Library Version
9401. Exact score: 98.5%
"It's without a doubt the fastest anti-virus that we have ever
seen!", according to Robert C. Bales, director of the National
Computer Security Association.
- Some third party signature files for TbScan are available on
some BBSes. If you want to use these signatures, keep in mind
that most of the new viruses are detected by the next release of
TbScan anyway. Also remember that we are not responsible for the
quality of these third party signatures. If you use them, you
are on your own.
- On some BBSes illegal key generators for TBAV can be found.
Our key system however is very complex. The keys contain a lot
of information, most of it is not being used right now. Once in
a while we take some new information of the keys, derived from
the registered name, and use it randomly in our product to
initialize scan tables or calculate signature wildcard lengths.
Since we haven't checked for these key values before, they are
guaranteed to be wrong in illegal keys. If the values are fake,
the scanner won't notice, but simply fail to detect most viruses.
TBAV (menu shell):
- NEW! In the main menu, you will find a new entry:
"Virus information"!
Here you can get a description of all viruses in the signature
file, their behavior, what kind of damage they perform, how to
clean them, etc. (The information is not available for
non-registered users).
- If you press Escape on a text-prompt TBAV will no longer assume
that you don't want to alter the text, but assume that you want
to abort all menu's below it as well.
TbScan:
- TbScan was not always able to find a bootsector virus on a badly
damaged (and for DOS unreadable) disk. Now TbScan uses its own
low-level routines to locate a virus on an unreadable disk.
-> If TbScan doesn't scan because of the 'once' option, it now
returns with errorlevel 0 (no viruses found, no errors).
-> The unregistered version of TbScan now supports just 1 user
defined signature. This should be sufficient for evaluation
purposes, and reduces the amount of false alarms (and thus
support calls) from unregistered users.
TbSetup:
- Solved a bug of the 'alldrives' function, which could sometimes
cause non-existing drives to be processed.
TbScanX:
- Solved a bug in the EMS detection routine. With previous
versions it could occur that TbScanX tried to use EMS memory
when the EMS server had no swap segment available.
- Finally solved a bug in the XMS swap routine which caused
TbScanX to hang when the application's stack happened to be
in the XMS swap segment.
- Added a new switch: 'wild' (w). If you specify this switch,
TbScanX only searches for viruses which appear 'in the wild'.
All crap like laboratory viruses, viruses which require very
unlikely special environments, extremely obvious viruses,
garbage, etc. will not be searched for. This is the default
behavior of most other resident virus scanners anyway. It saves
a lot of memory and increases the scanning speed.
TbGenSig:
- Changed because of the encoded virus information embedded in the
signature file.
- Solved a bug in the counting of user defined signatures.
- Solved a bug causing the algorithmic detection routines to be
skipped when user defined signatures were added.
TbUtil:
- Added a new sub-option of option 'immunize': 'batch' (ba).
If you specify this option, TbUtil will not prompt to
insert a disk but assume that a disk has already been
inserted.
- Solved a bug in the TBAV partition code causing the Int 13h
check to fail in some cases.
Thanks to Piermaria Maraziti for pointing this out.
- Adding support to immunize the secondary harddisk. Instead of
'immunize c:' you may also specify 'immunize 1:' (for the first
harddisk) or 'immunize 2:' to immunize the second physical disk.
TbDisk:
- Increased the detection of direct disk writes.
Thanks to Martijn Leisink for pointing out a bug of TbDisk.
Viruses:
- Re-organized the High-Level-Language virus signatures.
High-Level-Language viruses are viruses written not in - as
usual - assembly language, but in another language. These
viruses now all have the prefix 'HLL'. The prefix may be
extended to indicate the nature of the virus: C = Companion, O =
Overwriting. This naming scheme is according to the CARO naming
convention.
- Also added detection for some 'garbage' files. These files do
not contain viruses at all, but unfortunately, for some reason
beyond our comprehension, they are used in some scanner tests. To
avoid an undeserved penalty, we have to detect this garbage too.
- Removed signatures:
Shoo Now detected by the MacGyver signature
- Changed signatures:
Satanbug Solved some false positives
4res Now also detects the EXE variants
Golgi Now also detects the EXE variants
Made Now detects a new variant
MacGyver Now also detects the SHOO variant
Poledne Now also detects the EXE variant
Silly_Willy Now also detects the EXE variants
LZR Renamed to Stoned.LZR
_2Kb Renamed to Neuville
Stupid_Criminal Renamed to Criminal
Ravage Renamed to MMIR
Das_Boot Renamed to MMIR.Das_Boot
Infernal Renamed to Trivial.Demand
Vienna.Commy Renamed to Commy
Haddock Renamed to Stupid
_1022 Renamed to PS-MPC.McWhale.1022
_2389 Renamed to Seat
Sonik_Youth Renamed to Traveling_Jack.854
Flower Renamed to Traveling_Jack.883
Tjack Renamed to Traveling_Jack.980.b
Define Renamed to Trivial.30.X
Heevahava Renamed to VCL.Heevahava
Heevahava.Encrypted Renamed to VCL dropper
Trivial.Popoolar Renamed to VCL.PopooLar
Yankee_Doodle.TP-44.Wobble Renamed to Yankee_Doodle.Wobble
Bobas Renamed to HLL.Bobas
Cookie Renamed to HLL.Cookie
HLL.3678 Renamed to HLLC.3678
HLL.3680 Renamed to HLLC.3680
Dupacel Renamed to HLLC.Dupacel
Halloween Renamed to HLL.Halloween
HHL.3960 Renamed to HLL.Pascal.3966
Pascal_7808 Renamed to HLL.Pascal.7808
RNA.1 Renamed to HLL.RNA.1
RNA.2 Renamed to HLL.RNA.2
Companion.16850 Renamed to HLLC.16850
Spawn.3824 Renamed to HLLC.3351
Even_Beeper.a Renamed to HLLC.Even_Beeper.a
Even_Beeper.b Renamed to HLLC.Even_Beeper.c
Globe_Companion Renamed to HLLC.Globe.7705
Halley Renamed to HLLC.Halley
Happy_Monday (uncompressed) Renamed to HLLC.Happy_Monday.A
Happy_Monday (LZ-EXE) Renamed to HLLC.Happy_Monday.B
Happy_Monday (PkLite) Renamed to HLLC.Happy_Monday.C
Laufwerk Renamed to HLLC.Laufwerk
_17690 Renamed to HLLO.17690
Naziphobia Renamed to HLLO.4870
C-Virus Renamed to HLLO.CVirus
DisDev Renamed to HLLO.DisDev
Ondra Renamed to HLLO.Ondra
Proptipus Renamed to HLLO.Protipus
Wonder Renamed to HLLO.Wonder
Pascal_3072 Renamed to HLLC.3072
- Added signatures:
_2161
Adine
AlphaStrike
Baba
Binary_Fission
Blood_Rage
Bolek
Buen_Dia
Capucia
DWI
Fax_Free.Lamer
FeelBad Also known as (Ritzen)
Freddy_Krueger
Gippo.Earthquake
Gippo.EpidemicWare
Gnat
HLLO.5444
Ibex
It-457 Garbage
Lythyum Garbage
Michelangelo_II
Milan Garbage
Never_mind
NewA
Paola
Peace_Man
PS-MPC.McWhale Dropper
Riihi
Sandy
Shift
Skew.458
Thriller
Unite
WW.2048