Network Support Library

home *** CD-ROM | disk | FTP | other *** search

/ Network Support Library / RoseWare - Network Support Library.iso / btrieve / bs301.com / BSEARCH.DOC next >

Wrap

Text File | 1990-02-14 | 6KB | 168 lines

BSEARCH.EXE Copyright (C) David Harris, 1988 BSearch v3.01 w/CRC Usage: BSEARCH [<file_spec> [-<opt> [-<opt>...]]] Options: -D Delete files found -X Delete files regardless of attributes or: -V<file_name> Virus check to file -A<file_name> Append file change info to file -F<file_name> Write file change info to file -U Update when checksums differ or: -? or -H This message / may be used in place of - A recent article I read (sorry, can't remember where) spoke of viruses and how they could be prevented. It said the only sure-fire way was to keep track of file sizes and CRC's for any file which is executable or overlayable. Such files on DOS machines would be: COM, EXE, SYS, OVL, and any other files which are binary executable. This makes sense, if you realize a virus must run to spread. Current products on the market either stay resident in memory and watch for suspicious activity, or they look for specific "signatures" of previously found viruses. I personnally hate loading too many TSR's in memory and I don't want to be the "lucky" fellow who happens on some new virus. Also, many current products that perform checksumming only keep track of one checksum per file. So, I wrote BSEARCH. The name stands for Binary SEARCH and stems from the fact that the database of CRC's is a B-Tree (Binary Tree) database. BSEARCH also has a few utilitarian uses as well. In addition to virus watching, it can be used to find files on a hard disk and, optionally, to delete thos files when it finds them. A 16-bit and a 32-bit CRC are used when checking for viruses. In it's simplest form, bsearch will search for and list all files in the current and any sub-directories. Simply type: BSEARCH<cr> <cr> means hit the Carriage Return (yes, the Enter Key) To search for specific files type: BSEARCH ab*.c?d This will search for all files that begin with 'ab' and have a 'c' and 'd' in their respective places in the current AND sub-directories. To specify a particular place to search from, type: BSEARCH d:\*.exe This will search ALL of drive d: for files having the .EXE extension. To track the CRC's of all .EXE files on drive c:, type: BSEARCH c:\*.exe -vc:\v\exe this would store all filenames (with paths) and their file sizes and CRC's into a file named EXE.db & EXE.idx in the c:\v directory. The first time you run this, the index and database is created and the file information is stored. Only on consecutive runs will you be able to determine an infection. Basically, you will receive a message alerting you to the fact that a file size or CRC has been changed. The best way to run BSEARCH is to set a batch file that can be run on a continual basis. The followin: BSEARCH c:\*.com -vc:\v\comfiles -ac:\v\bsearch.log would track file information on all .COM files on drive c: by storing that information in a database named COMFILES on directory \v of drive c: and would also report any problems to a file named bsearch.log, appending to the file. If -f were used in place of -a, the previous bsearch.log file, if any, would be overwritten. The only other option that may help here is -u, which would automatically update the file information if it changed. Following is a sample batch file: bsearch c:\*.com -vc:\v\com -ac:\v\vcheck.log %1 bsearch c:\*.exe -vc:\v\exe -ac:\v\vcheck.log %1 bsearch c:\*.ovl -vc:\v\ovl -ac:\v\vcheck.log %1 bsearch c:\*.sys -vc:\v\sys -ac:\v\vcheck.log %1 If this batch file were named vcheck.bat, you would run it by typing: VCHECK The %1 at the end of each line would duplicate the first option you might type on the command line. For example: VCHECK -u Would have BSEARCH update any file changes in the database and would be useful if, after reading your report, you decided the changes were not virus infections (maybe you're a programmer and you recompiled a file) and wanted the database to reflect the current information. Examples: To update all .exe file info, type: bsearch c:\*.exe -vc:\v\exe -u to update all wp.exe file info in all directories starting with \wp: bsearch c:\wp\wp.exe -vc:\v\exe -u Normally, information is written to the screen only. To also write changes to a text file, use: bsearch c:\*.exe -vc:\v\exe -fc:\logfile -u OTHER USES FOR BSEARCH Because BSEARCH is so quick at climbing directory trees, I added some additional functions. First, as I have already described, BSEARCH is a handy file finder. Just entering the filespec and nothing else will display file information for all files meeting that filespec. For example: BSEARCH d:\WP\*.DOC would list all files in d:\wp that end with .DOC Additionally, BSEARCH can be used to delete the files it finds. Just type: BSEARCH d:\*.bak -d To delete all .BAK files off drive D: This method will only delete files NOT marked READ-ONLY, HIDDEN, or SYSTEM. To delete those files also, use -x instead of -d, for example: BSEARCH c:\*.sys -x would delete all .SYS files off drive C:, including the DOS system files located in the root directory. Both delete options will prompt you before continuing, just in case you didn't mean to use a delete option. BSEARCH is NOT PUBLIC DOMAIN, but may be distributed and used FREE OF CHARGE. BSEARCH may not be distributed with any commercial products without my prior, written consent. If you find BSearch of value, a contribution of $10 would be helpful. Comments, complaints, suggestions may be sent to Compuserve E-Mail: ID# 76060,3233 or Snail Mail: David Harris P. O. Box 2058 El Paso, TX 79951