home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Network Support Library
/
RoseWare - Network Support Library.iso
/
btrieve
/
bs301.com
/
BSEARCH.DOC
next >
Wrap
Text File
|
1990-02-14
|
6KB
|
168 lines
BSEARCH.EXE
Copyright (C) David Harris, 1988
BSearch v3.01 w/CRC
Usage:
BSEARCH [<file_spec> [-<opt> [-<opt>...]]]
Options:
-D Delete files found
-X Delete files regardless of attributes
or:
-V<file_name> Virus check to file
-A<file_name> Append file change info to file
-F<file_name> Write file change info to file
-U Update when checksums differ
or:
-? or -H This message
/ may be used in place of -
A recent article I read (sorry, can't remember where) spoke of viruses
and how they could be prevented. It said the only sure-fire way was to
keep track of file sizes and CRC's for any file which is executable or
overlayable. Such files on DOS machines would be: COM, EXE, SYS, OVL,
and any other files which are binary executable. This makes sense,
if you realize a virus must run to spread.
Current products on the market either stay resident in memory and
watch for suspicious activity, or they look for specific "signatures"
of previously found viruses. I personnally hate loading too many
TSR's in memory and I don't want to be the "lucky" fellow who happens
on some new virus. Also, many current products that perform
checksumming only keep track of one checksum per file.
So, I wrote BSEARCH. The name stands for Binary SEARCH and stems
from the fact that the database of CRC's is a B-Tree (Binary Tree)
database. BSEARCH also has a few utilitarian uses as well. In
addition to virus watching, it can be used to find files on a hard
disk and, optionally, to delete thos files when it finds them. A
16-bit and a 32-bit CRC are used when checking for viruses.
In it's simplest form, bsearch will search for and list all files in
the current and any sub-directories. Simply type:
BSEARCH<cr>
<cr> means hit the Carriage Return (yes, the Enter Key)
To search for specific files type:
BSEARCH ab*.c?d
This will search for all files that begin with 'ab' and have a 'c' and
'd' in their respective places in the current AND sub-directories.
To specify a particular place to search from, type:
BSEARCH d:\*.exe
This will search ALL of drive d: for files having the .EXE extension.
To track the CRC's of all .EXE files on drive c:, type:
BSEARCH c:\*.exe -vc:\v\exe
this would store all filenames (with paths) and their file sizes and
CRC's into a file named EXE.db & EXE.idx in the c:\v directory. The first
time you run this, the index and database is created and the file
information is stored. Only on consecutive runs will you be able to
determine an infection. Basically, you will receive a message
alerting you to the fact that a file size or CRC has been changed.
The best way to run BSEARCH is to set a batch file that can be run
on a continual basis. The followin:
BSEARCH c:\*.com -vc:\v\comfiles -ac:\v\bsearch.log
would track file information on all .COM files on drive c: by storing
that information in a database named COMFILES on directory \v of
drive c: and would also report any problems to a file named
bsearch.log, appending to the file. If -f were used in place of -a,
the previous bsearch.log file, if any, would be overwritten. The
only other option that may help here is -u, which would automatically
update the file information if it changed. Following is a sample
batch file:
bsearch c:\*.com -vc:\v\com -ac:\v\vcheck.log %1
bsearch c:\*.exe -vc:\v\exe -ac:\v\vcheck.log %1
bsearch c:\*.ovl -vc:\v\ovl -ac:\v\vcheck.log %1
bsearch c:\*.sys -vc:\v\sys -ac:\v\vcheck.log %1
If this batch file were named vcheck.bat, you would run it by typing:
VCHECK
The %1 at the end of each line would duplicate the first option you
might type on the command line. For example:
VCHECK -u
Would have BSEARCH update any file changes in the database and would
be useful if, after reading your report, you decided the changes were
not virus infections (maybe you're a programmer and you recompiled a
file) and wanted the database to reflect the current information.
Examples:
To update all .exe file info, type:
bsearch c:\*.exe -vc:\v\exe -u
to update all wp.exe file info in all directories starting with \wp:
bsearch c:\wp\wp.exe -vc:\v\exe -u
Normally, information is written to the screen only. To also write
changes to a text file, use:
bsearch c:\*.exe -vc:\v\exe -fc:\logfile -u
OTHER USES FOR BSEARCH
Because BSEARCH is so quick at climbing directory trees, I added some
additional functions. First, as I have already described, BSEARCH is
a handy file finder. Just entering the filespec and nothing else
will display file information for all files meeting that filespec.
For example:
BSEARCH d:\WP\*.DOC
would list all files in d:\wp that end with .DOC
Additionally, BSEARCH can be used to delete the files it finds. Just
type:
BSEARCH d:\*.bak -d
To delete all .BAK files off drive D: This method will only delete
files NOT marked READ-ONLY, HIDDEN, or SYSTEM. To delete those files
also, use -x instead of -d, for example:
BSEARCH c:\*.sys -x
would delete all .SYS files off drive C:, including the DOS system
files located in the root directory.
Both delete options will prompt you before continuing, just in case
you didn't mean to use a delete option.
BSEARCH is NOT PUBLIC DOMAIN, but may be distributed and used FREE OF CHARGE.
BSEARCH may not be distributed with any commercial products without my prior,
written consent.
If you find BSearch of value, a contribution of $10 would be helpful.
Comments, complaints, suggestions may be sent to Compuserve E-Mail:
ID# 76060,3233
or Snail Mail:
David Harris
P. O. Box 2058
El Paso, TX 79951