home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Tech Arsenal 1
/
Tech Arsenal (Arsenal Computer).ISO
/
tek-12
/
zipvchk.zip
/
ZIPVCHK.DOC
< prev
next >
Wrap
Text File
|
1991-06-26
|
7KB
|
131 lines
PHANTASM Zip File Virus Checker
Version 1.00
6/26/91
Writtem by: Keith Luken
What is ZipVChk?
Well ZipVChk is a utility to scan zip files looking for a virus. It
scans the selected directory and creates a temporary work directory to
unzip the file(s) to and then invoke McAfee's SCAN to search for a virus.
It is very simple and basic in nature. I decided to write this utility when
I couldn't find anything on BBS's that would do this the way I wanted it
to. So instead of writing a hardcoded version for myself I decided to spend
the little extra time needed and make it generic for all to use. If you use
ZipVChk and like it please either send me a note or call my BBS and let me
know your comments! ZipVChk requires that you already have PKWare's PKUNZIP
and McAfee's SCAN. Running ZipVChk without any parameters will give you a
brief summary of command usage. It is important to note that in order to
keep ZipVChk small and fast I put very little error checking in it, thus
YOU MUST be sure that you have enough free disk space to handle your
largest ZIP file when it uncompresses! I do not modify your ZIP file in any
way. I simply create a temp directory called ZVC.$$$ and unzip each
file there one at a time. After unzipping each file I invoke SCAN. If Scan
detects a VIRUS it exits setting ERRORLEVEL 1. If I detect an ERRORLEVEL 1
I assume SCAN detected a virus. A file called ZIPVCHK.LOG is created in the
default drive/directory that contains the DATE/TIME and filename of the
file infected. If after scanning all the ZIP files a VIRUS was detected
then I post a flashing red message and sound a SIREN! It is up to you to
then verify the virus and take whatever action you wish.
When ZipVChk invokes PKUNZIP and SCAN it does so by removing most of
itself from memory. While ZipVChk is not large to start,by removing itself
from memory (all but 12K) this allows ZipVChk to run in even tight memory
constrained configurations. If ZipVChk detects EMS it will swap to EMS
since this happens very quickly. If no EMS is present or if you run ZipVChk
with the /NOEMS switch then ZipVChk will swap to disk even if EMS is
present. Thus if you find ZipVChk is not compatable with your EMS driver
you can run it with the /NOEMS switch to prevent problems.
When ZipVChk exits it sets the DOS ERRORLEVEL according to the same
convention that SCAN uses. Thus if a virus is detected then ZipVChk exits
setting ERRORLEVEL to 1. If not VIRUS is found then ERRORLEVEL will be 0.
If an internal error occurs or user aborts with CONTROL-C then ERRORLEVEL
is set to 2. ZipVChk can be aborted by hitting CONTROL-C (NOT CONTROL-BREAK).
Note that since ZipVChk may be swapped out and PKUNZIP or SCAN may be
running these programs will intercept the CONTROL-C, so you may have to hit
it a few times until it occurs wil ZipVChk is active.
When ZipVChk unzips files it uses the PKUNZIP -d swicth to unzip to
directories if saved as such. I then scan each directory created. After
scanning I delete the temp directory and any directories created by PKUNZIP.
ZipVChk will process and imbedded ZIP files. This means ZIP file
within a ZIP file (within a ZIP file, etc.) will be checked! IF a virus is
detected in any of the imbedded ZIP files then ZipVChk will update the
ZipVChk.LOG with the name of the imbedded zip followed by the name of the
MAIN PRIMARY ZIP file! If ZipVChk ends detecting a virus then consult the
ZipVChk.LOG file for the names of infected files! I think you will find
that ZipVChk is one of the most extensive thorough ZIP File Virus Checker
available!
It is HIGHLY recommended that you run SCAN against your complete
system before running ZipVChk! And be sure to make sure you have a
VALIDATED copy of SCAN that you are SURE is not infected! Also it should be
noted that whatever work path you give ZipVChk to use it will create a
directory alled ZVC.$$$ under that for a work directory. You should give
ZipVChk a work path that contains NO subdirectories under it!
That's about all of it! Simple enough! Following is the command switches
and their usage. I apologize for the way ZipVChk is called, but it is
necessary so that i can directly call PKUNZIP and SCAN. If I simply perform
a shell operation then command.com is loaded and I am then isolated from any
ERRORLEVEL's set. I do some minor checking of the command line switches, but
no alot. So VERIFY your spelling and typing before hitting ENTER!!! I assume
NO responsibility for your USE or MISUSE of this utility. It is provided
AS IS without any warranty either expressed or implied!!
ZipVChk /TEST:X:\BBS\UPLOADS /WORK:Y:\TEMP /SCAN:C:\TOOLS /ZIP:D:\ZTOOLS
/TEST: is the DRIVE and PATH that contains the ZIP files to test. Be
sure to include DRIVE!!!
/WORK: (Optional) is DRIVE and PATH of where ZipVChk will
temporarily unzip files to. If left out the VIRTEST.$$$
directory will be created under the directory containing the
ZIP files. YOU must make sure there is enough room to handle
your largest ZIP files uncompressed!!!
/SCAN: is DRIVE and PATH of where ZipVChk can locate SCAN.EXE
/ZIP: is DRIVE and PATH of where ZipVChk can locate PKUNZIP.EXE
(if left out then ZipVChk will use same path as /SCAN:)
/UTIL is a switch that can be used in place of /SCAN: and /ZIP:
Using this switch forces ZipVChk to look fro SCAN.EXE and
PKUNZIP.EXE in a C:\UTIL . This was put in to simplify
calling ZipVChk and if you should have this directory and you
put SCAN and PKUNZIP there then you can reduce command line
syntax needed.(ex. ZipVChk /TEST:U:\UPLOADS /UTIL)
/NOEMS tells ZipVChk to swap out to disk even if EMS is present
/ALL tells ZipVChk to create a file called ZipVChk.ALL which will
contain the name of each PRIMARY ZIP file processed for you
to reference.
If you have ANY commants or suggestions please feel free to contact me
at my BBS: PHANTASM BBS
908-291-4134 (HAYES ULTRA)
908-291-2302 (USR DUAL)
--HISTORY--
06/26/1991
----------
- Initial Release