home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware 1 2 the Maxx
/
sw_1.zip
/
sw_1
/
VIRUS
/
TBSCAN33.ZIP
/
TBSCAN.NEW
< prev
next >
Wrap
Text File
|
1992-03-10
|
33KB
|
793 lines
Update report of TBSCAN.
3.3
---
-> Errorlevel system changed. Automatic virus detection programs / batch
files might need to be changed.
TbScan now also searches for a signature file named ADDNSIGS.DAT. This
file is intended to contain emergency signature updates. It will be
distributed in an archive named ASIG*.ZIP immediately if a new signature
is defined. See the VIRSCAN.DAT file for more information.
Implemented register indirect branches. This to increase the reliability
any further.
TbScan now also warns if an EXE file has no stack. Many viruses simply
leave out a stack. The warning consist of a "s". Warning "o" is removed.
The TbScan package now contains TbScan.Sys, which is a tiny device driver
which solves some compatibility problems. If you had to use the -compat
option you may now instead install TbScan.Sys (only 64 bytes) to enable
TbScan to bypass some resident viruses and to speed up TbScan. Read the
manual for more details.
TbScan is now faster than ever due to another optimization and a new
disk cacher. TbScan will now allocate all available memory for cache
buffers, unless you specify the -compat option.
The option -nosnow has been changed, now you have to specify -nosnow
to avoid snow on CGA monitors. This because more recent CGA systems
don't "snow" already by themself.
Option -extract has been added. This option causes TbScan to display the
first 20 bytes of the entry-point of every program. This enables you to
define a temporary signature if you have a virus that is not yet
recognized. Consult the manual for a "do it yourself" guideline.
This option is available for registered users only...
Option -once now restores the screen and cursor at termination.
Option -data (-f) in the environment variable now works again.
3.2
---
TbScan now searches and accesses files using the file handle calls
instead of the FCB functions. This makes TbScan more compatible with
Local Area Networks. Although these handle functions perform a little
slower, some additional optimizations of TbScan compensate this.
Removed some bugs. Option -repeat now works again. TbScan now detects
errors in the data file again. Option -direct now works in combination
with a Thunderbyte card again. Ctrl-Z as terminator is allowed in the
data file.
Improved scanning of memory slightly.
The format of AVR modules has been changed. The current AVR format is 1.0.
The Washburn.Avr module has been enhanced and detects now more (probably all)
mutants of the washburn related viruses. It is now also faster.
TbScan now processes "dword branches" to detect High-Level-Language viruses
automatically. Although these viruses are very rare they really exists.
Improved warning algorithm "F" and "D". They now also detects some
"stealth" file and disk access instruction sequences.
3.1
---
Enhanced the processing of the "jump short" instruction while disassembling.
Enhanced the browsing algorithm to gain a little additional security.
TbScan now switches to analysis mode when detecting an initial branch
instruction with a memory operand. This to detect a new type virus.
If TbScan detects an initial branch with a memory operand (which is
suspicious) it displays warning "J".
Added warning "F": Suspicious file access. This warning means that the
program accesses files in a way common for viruses.
Enhanced the -mutant option. Detection of "unknown" viruses enhanced. Tests
in our virus collection (>700 viruses) shows that TbScan without signature
file still about 50% of the infected files classifies as being "infected by
an unknown virus". We plan to increase this "unknown virus" recognition even
further in the near future.
Fixed some minor bugs. TbScan now detects even more viruses.
Previous version of TbScan sometimes disabled interrupts for a long time,
causing the system clock to slow down on slower machines. Bug solved.
Reorganised some internal structures, causing TbScan to gain a little speed.
TbScan sometimes caused a false alarm, the virus name could not be found:
([Can not read datafile]). Problem solved.
TbScan is now able to detect bootsector virus droppers. A bootsector virus
dropper is a program that writes a virus to the bootsector. The program is
in a technical point of view not infected (the virus can only infect
bootsectors) but it can install the virus. TbScan now scans some files
(depending on the internal structure of the program) also for bootsector
viruses. Option -analyze disables this feature.
TbScan now inserts Carriage Returns in the LOG file.
If TbScan detects a background write attempt while using the internal cacher,
the cacher will no longer be disabled but only flushed.
3.0
---
This upgrade has been released a few days after the release of TbScan 2.9.
Although TbScan was beta-tested very well, it appears it had two bugs causing
a few machines to hang. The first one has to do with the protection of
TbScan which caused problems on machines with a NEC Vxx processor, the
second with the detection of upper memory. Both problems are solved.
TbScan now always searches for upper memory, even if no XMS driver has
been installed. So even in XT's TbScan searches for memory above the
DOS limit. This implies that video memory and EMS memory are always scanned
in every machine. If you don't want to scan upper memory use the -nohmem
switch. Since upper memory is always scanned by default, there is no
need for the -highmem option anymore and it has been removed.
New option added: -hma. This forces TbScan to scan the HMA even if there
is no XMS driver detected.
TbScan now restores the default screen color even if there is no ANSI driver
installed.
TbScan now forces the -compat switch if it detects Desqview.
Format-error of TbScan.Doc fixed, compatibility error of Install.Bat fixed.
2.9
---
Major upgrade! Many little bugs solved, quirks removed, new features
implemented, reliability boosted, screen lay-out changed, limits removed,
manual rewritten.
-> TBSCAN HAS BEEN CONVERTED TO AN EXE FILE!!! REMOVE YOUR OLD TBSCAN.COM!
If you don't remove your old TbScan.Com, DOS will executed the .COM file
instead of the new TbScan.EXE file!
-> You have to run the batch file INSTALL.BAT to install TbScan.
New key system developed. Previously registered users will receive a
key file within a few days after this release.
The differences between the current and previous version of TbScan are so
numerous that it is recommended to reread the (also rewritten) manual.
The Dutch manual has been removed, it takes too much time to keep two
manuals up to date.
TbScan is faster than ever! (about twice as fast as v2.8).
- The analyzis method is about 50% faster!
- "Checking" and "tracing" are about 10% faster.
- Disk IO is 15% faster! Implemented internal cacher!
- The "slowest" "Analyzis" scanning method is used less.
- Screen IO (scrolling!) is at least 200% faster.
- Internal DOS buffers will be optimized dynamically.
- Added two new fast algorithms: "skipping" and "browsing".
- Log file handling is now fully buffered.
Screen lay-out changed! TbScan is now a fullscreen program. The screen
is divided into two parts: a scan window and an info window. The info
window shows the header of the signature file, and if TbScan detects
infected files it will print them in that window with their complete
path name. Also some important warnings are logged into the info window.
The screen output is Desqview aware, CGA snow aware and "non-standard"
screen dimensions aware. The -compat switch no longer disables the colors.
New wonderfull feature added! There are some completely encrypted viruses
which can not be detected by any signature. The only way to detect such
viruses is by applying a special detection algorithm on the files. Instead
of hardcoding these recognition algorithms we decided to make them external.
Since it is not possible and even not desirable to define such an algorithm
in any signature file language, the "Algorithmic-Virus-Detection" (AVR)
modules contain the actual program code to detect the virus. The AVR modules
will be supplied with future upgrades of the signature files. TbScan searches
at program startup for .AVR files and links them dynamically into its code.
Nice isn't it?
Another new feature you will like is the -mutant option. If you specify this
option TbScan will recognize mutants of a virus, even if no wildcards are
used in the signature.
TbScan now also searches for a virscan.dat file in its home directory.
Fixed a bug that caused long wildcarded signatures like the Murphy virus
family signature to be parsed incorrectly.
Fixed a DMA-problem that occured with some older PC's when the -direct switch
was specified.
On some systems TbScan occasionally didn't succeed in reading some files.
This is caused by some quirk in DOS redirectors. TbScan has been changed to
operate on those systems without errors.
The maximum number of signatures is no longer hardcoded. It is now dependant
of the actual length of the signatures. The memory reserved for signatures
should be enough for at least 2500 signatures. Note that the memory
requirements don't increase when the number of signatures increases. The
current memory requirements already incoporate the space needed to manage
2500 signatures.
The size of the signature file is no longer limited to 64Kb. It may have
any size.
Disk IO speed has been increased. TbScan now disables temporary any
disk cacher and installs a temporary new one. Why? Because disk cachers
don't know that all data read by the scanner will be used only once, and
therefore they waste many clockcycles by managing megabytes of data
for no reason. On the other hand, while scanning, DOS needs the FAT and
directory information a lot and only for these regions a cacher would
be nice. The solution to this problem is to install a dedicated cacher
that "knows" which data will be re-used and which will not. Only a
built-in cacher is able to determine this. Now TbScan has one, and you
will see how high its hit-rate is and how fast TbScan performs. You can
test the performance of the internal cacher by using the -compat switch
to disable internal caching. Internal caching will be disabled automatically
if a disk error occurs or if a background task writes data to the disk.
The readahead story above applies also to the DOS lookahead buffers: if you
have specified the Y parameter of the DOS "BUFFERS=X,Y" command, TbScan will
temporary disable the DOS lookahead buffers to increase the scanning speed.
The cacher of TbScan has an internal lookahead algorithm which performs
much better. I'm not better than Microsoft, but my algorithm is optimized
for use with TbScan and that from Microsoft certainly not. Anyway, you
can use the -compat switch to disable the BUFFERS override.
Internal disassembler enhanced. TbScan now needs the "slowest" analyzis
method less, without any reliability loss. This decreases the chances of
false alarms, and has as positive side effect that TbScan performs a
little faster again.
Two new fast scanning algorithms added: "skipping" and "browsing".
In analyze or browsing mode some warnings are now also enabled. Note that
it is impossible to enable all warnings in analyze mode because some
suspicious facts can only be detected while disassembling the file, which
will not be done by those scanning techniques.
Added some new warnings:
- "Direct Disk IO" (D).
- "Suspicious relocator" (R).
- "multiple-jump" (J).
- "memory resident code (M).
- "internal-overlay" (i).
- "inconsistent header" (?).
- "odd stack offset"
Enhanced the compressed file detector to detect also executable
compressors developed according to new Microsoft DOS 5.0 standards.
Enhanced the decryptor detection. False warnings will occur less,
while detection capabilities have been increased.
Enhanced the invalid filetime detector. Now also invalid minutes,
hours, and dates are reported. The warning also occurs for dates
above the year 2000.
Changed the memory scanning to allow it to operate on systems with "slow"
upper memory, and on PC's that generate a parity error when memory is tried
to read that does not exists.
Changed option -nowarn to disable "standard" (non-alarming) warnings only.
Added option -? to get a short help (instead of a partial doc file).
TbScan now handles the ctrl-break itself and disables the DOS Ctrl-break
detection. This increases reliability and speed...
Removed the TEXT search possibility (literal signatures). It isn't likely
that ever a signature will be based on a text-string. Will anybody miss
this feature?
The maximum line length of the data file is increased to 132 bytes. The maximum
length of the ASCII-HEX signature has also been increased to 132 bytes.
Removed the -quiet option. Did anybody ever use it?
Introduced the -quick option. If you specify this option TbScan runs in "turbo
mode". In this mode TbScan skips .OV? and .SYS and .BIN files and does not take
account for some rather theoretical possibilities. This mode is less secur,
but excellent for the "after lunch" scan session since it still recognizes
almost all of the viruses.
TbScan now scans .BIN files for SYS viruses. As extra feature for virus
researchers, TbScan also scans .BIN files for BOOT viruses. Many researchers
archive bootsector viruses in .BIN files and TbScan can now be used to test
the signatures.
Removed the alternate language option which was used by Thunderbyte users.
There are too many changes in this new version of TbScan to get translations
for all foreign languages in a short period of time.
2.8
---
Implemented the "%" wildcard (variable amount of garbage bytes).
Added the H warning for Hidden or System files.
Changed the more prompt to process repons keys like Y and N.
TbScan now always saves and restores the current directory.
TbScan now uses colors! For people that don't like them: use option
-compat to disable the colors.
Modified the -direct option so that also the data file will be read
by direct calls in DOS code.
Fixed an error in the English documentation file, causing the -help
option to operate incorrectly.
Fixed a rare problem that could cause file open errors.
Removed a bug that caused "integrity check failed" to be displayed
when TbScan does not find its datafile.
TbScan displayed some garbage if it found the datafile in its home
directory. Solved.
Some minor internal changes.
2.7
---
Added the "obsolete datafile" warning. TbScan now issues a warning if
the signature file is older than three months (except if the -valid
option has been specified).
Enhanced the functionality of the -help option. If TbScan has access to
TbScan.Doc it will extract a more detailed help from the manual.
The -verbose option now displays zero again if the file is being
analyzed.
TbScan now preserves BP,DI and SI while using the BIOS screen routines.
This should increase compatibility especially for older IBM type PC's.
TbScan is now more network aware, and issues the E (open error)
warning if it attempts to re-open a locked file. It does not
cause an "Abort Retry Ignore" prompt anymore.
Ctrl-break interrupt is now trapped, to avoid program termination in
critical sections which could cause system hang. The Escape key is
now no longer processed.
Added the garble warning (#). If a program seems to carry a self-
decrypting routine TbScan issues this warning. Nice for detecting
unknown viruses! As a matter of fact, TbScan assumes that a program
is infected by an unknown virus if the file carries a decrypting routine
and has an invalid time stamp as well. This mechanism detects for example
the Tequilla virus, although it is not listed in the data file.
TbScan now displays a message if the integrity check fails, before
returning to DOS.
Implemented total disk scanning with option -sector. Consult the
manual for more details.
Enhanced the -direct option to perform even more reliable.
Implemented nibble wildcards. Consult the manual for details.
Improved signature file error detection.
TbScan now displays the name and path of the signature file being used.
Replaced the TESTVIR files with a TEST.DAT test-signature file.
2.6
---
TbScan 2.5 was supplied with only the Dutch manual. Sorry for that!
Removed bugs related to the contents of the log file (missing carriage
return and missing warning mark if the -quiet option was specified).
Removed a bug related to the list file feature (@<filename>).
TbScan now prints the elapsed time on the screen.
2.5
---
TbScan is no longer completely free-ware! Consult the manual for more
information.
Added the E (open error) and W (windows or OS/2 file) warning.
TbScan will now put warnings into the log or session file.
Added the -w (-nowarn) command line switch. If you use this switch
warnings are not logged to the log or session file.
Disabled the N-warning for overlays (OV?) with an exe-header.
Overlays with an exe-header are still scanned for EXE type viruses.
TbScan sometimes randomly thought that a .COM file was corrupted, which
wasn't true, causing it to switch unnecessary into analyze mode. Solved.
Signatures in the .DAT file may now contain spaces to increase the
readability and to maintain compatibility with an other scanner.
Updated the file TESTVIR.COM to match the new signature listed in the
most recent signature file.
When scanning memory, the range of the '**' wildcard has been limited to
32Kb instead of your entire memory. This avoids some false alarms. The
memory is now scanned in 32Kb chunks instead of chunks of 64Kb. The
range of the '**' wildcard is still unlimited when scanning files, because
it offers a powerfull feature to scan for viruses that scatter themself
all over a program file.
Signatures beginning with 00 are now processed properly.
TbScan is tested very carefully, and it detects ALL viruses when scanning
in 'turbo'-mode, unlike some previous versions of TbScan which
unfortunately only detected 97% of the viruses listed in the signature file.
To avoid confusion, the revised scanning method is called "checking". The
old (a little less reliable) scanning method "scanning" has been removed.
The slower "analyze" method is used less, because the new "checking"
algorithm is able to debug a file better. The analyze method is only
used if the debugger is not completely sure. The result is that TbScan
performs once again faster than ever...
2.4
---
The new string search algorithm has been enhanced even further, and
TbScan is now 25% faster compared to TbScan 2.3! The speed increasement
however is most noticable when checking files using the analyze method.
Fully implemented the (until today) experimental "**" wildcard. This
wildcard is used in the most recent signature file. For TbScan this
wildcard means "skip an unlimited number of bytes".
TbScan now prints warning marks while processing a file. The following
warning marks might be printed:
P Packed or compressed file. Also EXEPACKed files are detected.
Note that TbScan does not recognize any special compressing
package, it uses an universal way to detect whether a file has
been compressed. Let me know if you have a compression technique
it doesn't recognize.
N Name conflict. The file has been named .EXE but seems to be a
.COM file, or vice versa. TbScan will scan the file for both
COM and EXE type signatures.
T Invalid file time. Seconds are set on 60 or 62. Some viruses
use this as an infection mark.
A File seems to be an ASCII file.
! Entry point located outside file, or a chain of jumps traces
outside the body of the file. Probably the file is seriously
damaged and can not be executed. TbScan analyzes the file in
this case.
Enhanced the internal code interpreter. Tbscan needs the analyze mode less,
and performs even more reliable.
The minimum length of the code that should be "stable" has been increased.
This finally solves the problem that TbScan did not find a few signatures.
Fixed a screen color problem due to the direct screen write. Fixed also
some other screen related minor problems.
Fixed a bug in the command line parser. It didn't recognize the '+'sign
anymore.
2.3
---
Major upgrade!
You don't believe it, but just before I would release this new version I
got a fantastic idea to eliminate almost all overhead involved with the
scanning of data! Depending of the speed of your disk, TbScan is now
approximately 30% faster!!! Almost all time involved with executing this
scanner is due to disk access. One "disadvantage" is that TbScan now
needs an additional 64Kb of memory. The total memory requirement of
TbScan is now 192 Kb. Still not a limitation at all...
Due to the new fast string search algorithm, it was not possible to
optimize the routine any further for the 80386 processor. The special
80386 version of TbScan is therefore no longer available.
New options added! Because TbScan already carried so much options, it
became a little difficult to remember all those options. Now TbScan
recognizes complete option words too!
TbScan now displays a prompt if it finds a virus. You are prompted to
rename or delete the infected file, or just continue scanning. You can
also instruct TbScan on the command line to delete or rename the
infected files. Of course it is still possible to run TbScan in
unattended (batch) mode.
Added the feature asked for by numerous people: "scan multiple diskettes".
TbScan will automatically detect a disk change, so you can scan multiple
diskettes without the need to press a key while changing disks.
TbScan will now scan the HMA too.
TbScan will now automatically scan the HMA and Upper Memory if present.
Option -e now disables this feature, instead of enabling it!
People complained that TbScan was not able to detect a very few viruses.
I don't have those viruses, but I assume that the signatures are created
for use with the (obsolete) virscan program. TbScan requires the signatures
to be code within a distance of 2Kb of the virus entry point. To gain
compatibility with the older signatures, TbScan will now scan a larger
window of the files. This should solve the incompatibility problem with
the older signatures.
Added the -once option. It makes it possible to include TbScan in your
autoexec.bat file to scan automatically some (all?) files once a day.
If you boot more than once a day TbScan will exit immediately to DOS.
TbScan writes now directly to the screen. The lack of speed of the video
BIOS became a bottleneck! However, you can use the -compat switch to
continue using the BIOS in the case it causes trouble.
Increased the maximum number of viruses to 600.
TbScan did not recognize the -u (-valid) option. Solved.
TbScan is now again compatible with DOS 2.xx
Fixed a bug in the header of the log file.
2.2
---
Added the possibility to use response files. Response files are files
that contain a list of paths and/or filenames to be scanned. Prefix
a filename with the character '@' and TbScan will consider it being a
response file.
Added the -e option. This option makes it possible to scan memory above
the 640Kb barrier. Nice for detecting video-viruses or upper-memory-
viruses.
Added a processor type detector to the 386-version of TbScan.
The -d option now detects upper RAM and will no longer consider it as
being a DOS-ROM or Thunderbyte ROM. TbScan should now be able to
determine the correct DOS entry point in machines with upper memory.
The -d option now also works with DOS 5.00 and Dr-DOS.
2.1a
----
When using a .PRS file TbScan did not display the correct number of
signatures. Fixed.
2.1
---
Fixed a bug introduced in version 2.0 that caused the bootsector from
large DOS partitions not being scanned sometimes.
Corrected a bug introduced in version 2.0 that caused TbScan to assume
always that the number of screen rows is 25.
TbScan now supports pre-parsed datafiles. You can create pre-parsed
datafiles by using the -p [<filename>] switch.
Added the experimental -o (optimize) switch. It can be used to merge
signatures that are more than 75% equal. It was created as a test to
enhance TbScanX (it saves memory), but it also increases the scan speed
somewhat. I did not remove the option, so have fun with it!
TbScan now finally destroys its internal data structures before
terminating, so other scanners that will be invoked later on will not
find the signatures left in memory by TbScan.
2.0
---
This release is a performance and safety upgrade.
TbScan is now even 5% faster, due to branch optimization.
Improved memory scanning. Now it is much faster!
Enhanced the run-time debugger. TbScan now uses the slower analyzis
methode less! This causes a big speed inprovement, especially when
scanning compressed files (files compressed with PkLite or LzExe).
The package now also contains TbScan.386 which is the special 80386 version
of TbScan. If you have a 80386 processor in your PC, rename TbScan.386 to
TbScan.COM. It is somewhat faster...
TbScan now checks its memory image before scanning. If the internal
CRC does not match it will not continue. Note that this safety check
is not 100% proof. That is not possible. TbScan will also check some
parts of the disk image to increase the safety.
TbScan is now more difficult to hack. Some bad guys were making money from
this free-ware scanner... The first one who succeeds to change the copyright
notice of TbScan v2.0 will get a registration key for TbScanX for free!
Added the signature file authorization check. Future signature files will
be checksummed to make sure you have an unmodified copy of it. Signatures
can still be added to the list manually if you want to. You can also
override the authorization check with the new -U option...
Added support for environment variable TBSCAN. You can use this variable to
specify default options for TbScan (like a default signature file!).
Corrected a small bug in the command line parser. The -f option now always
works as expected.
Corrected the bug that caused the machine to lock up after aborting TbScan
with Ctrl-C or Escape.
1.9
---
Fixed a minor internal bug.
1.8
---
Fixed a bug introduced in v1.7 that caused the bootsector on the default
disk to be scanned instead of the specified one. When scanning multiple
paths the bootsector of each specified path will be scanned too.
Added new commandline option -V (verbose). Use this option if you want to
see the scan offset of all files. The number specified is the offset of
the location in the file where the startup code of the executable file
has been found.
TBSCAN now also searches for hidden- and system files. Also hidden
directories will be processed.
Implemented the ** wildcard (skip an unlimited amount of garbage bytes).
Added language file support, to be used with future versions of the
Thunderbyte add-on card.
1.7
---
TBSCAN is now even 5% faster, due to an internal optimalization of
register usage!
Revision of commandline interface. New options added! Added the
possibility to specify the name of the log file, log file append-mode,
etc. It is now also possible to specify multiple scan paths like:
TBSCAN c:\ d:\test c:\utils
Look in the manual for more details, or type TBSCAN /H. The commandline
interface is backwards compatible, the old syntax is still valid.
1.6
---
Minor upgrade. Removed some little bugs and optimized some code. This
version is a little bit faster. Scanning all files for all viruses now
also uses the fast string search algorithm.
Added the announcement-sign. Lines beginning with a semi-colon followed
by a percent sign are printed on the screen. A maximum of 15 lines of
hot news in the signature file can be printed on the users screen.
Changed the *-wildcard format. The hex character following the asterisk
determines the EXACT number of bytes to be skipped, not the MAXIMUM
number of bytes to be skipped. To skip a variable amount of garbage
bytes specify also an asterisk instead of the length mark. See the
manual for more details.
TBSCAN processes now also overlay files. Overlay files are files with the
extension OV?. Since overlay files can be infected by some EXE viruses,
TBSCAN scans the overlay files for all signatures which have the EXE
flag set.
NEW!!! There is a shareware memory resident version of TBSCAN available.
It is now one time supplied with this TBSCAN release. Future versions
will be supplied seperately.
File request TBSCANX, or download the file TBSCN10.ZIP manually from our
BBS (31-85-212395), or register TBSCANX to get a fully functional
version!
NOTE: TBSCAN is still free-ware, if you sent us a register form, you
register for TBSCANX, the memory resident version.
1.5
---
TBSCAN is faster than ever! By using a faster string search algorithm
"scanning" and "tracing" are now more than twice as fast, and
"analyzing" is four (!) times faster than ever!!! Amazing...
TBSCAN now also bypasses all resident programs while reading the
bootsector and partition table with the /D option enabled. This means
that a virus can no longer fool TBSCAN by providing an unaltered copy of
the bootsector / partition table. With other words, TBSCAN searches the
BIOS entry point of the int 13h handler, and calls the BIOS directly,
just as some nasty viruses do.
For reasons of compatibility with another virus scanner, the *-wildcard
is now also supported. The signature can now contain a variable amount
of garbage bytes. See the manual for more details.
The maximum number of signatures has been increased. Now up to 500
signatures can be processed. The maxmium size of the TBSCAN.DAT file has
been increased and is now 64Kb. However, you can not increase limits
without creating other ones: TBSCAN now needs 128Kb of free memory to
operate properly. Still not a limitation at all...
This release also contains many other small improvements and little bug
fixes.
TBSCAN.DAT is no longer supplied with the program files. Download
VIRUSSIG.ZIP or TBVIRSIG.ZIP to get the most updated TBSCAN.DAT file.
1.4
---
Important upgrade!
Modified the tracing mechanism so that also viruses that have their
entry point at the end of the code are detected very well!!! Previous
versions of TBSCAN where not able to detect some viruses like the Fish
and Vacsina, except when the /A option was used.
TBSCAN now supports filenames (or wildcards) in the search path. Now it
is possible to inspect one specified file, or to inspect non-executable
files. See the manual for detailed information.
Fixed a bug that caused the results of the bootsector, partitiontable
and memory scan to be recorded incorrect in the log file (only the name
of the virus appeared).
1.3
---
TBSCAN now also checks the partition table for viruses. Previous
versions did not, because there was no reliable way to determine
whether the specified drive has a partition table. Now TBSCAN intercepts
int 13 while reading the bootsector, and determines if the sector read
by DOS is read from the first fixed disk in the system. If this is the
case TBSCAN will also read the partition table. This ensures that TBSCAN
will not screw up LAN's and other non-standard systems.
By populair demand, the /V (verbose) option has been removed. Now
TBSCAN will always print the scanned file on the screen, except when the
/Q (Quiet) option has been specified. The /Q option has been added for
those that don't want to see al their files scrolling over the screen.
For backward compatibility, the /V option will be ignored and will not
cause an error message.
The log file has been improved. Now the date of the scan, the command
line parameters, and the results are always inserted in the log file.
1.2
---
TBSCAN 1.1 was unable to read the bootsector if you use a dos 4 large
disk partition (> 32Mb). It also failed to display the error message if
it couldn't scan the bootsector. Both problems are solved.
The /M option has been reversed. If you specify this parameter, you will
get a more prompt. If you ommit the parameter, you will not.
The usage of TBSCAN by numerous people learned us that the
interpreter-mechanism is very reliable. So we removed the check of
the last part of the executable file. This caused TBSCAN to be a lot
faster, without loss of reliability.
The scan process of TBSCAN can now be aborted by the user by pressing
escape or Ctrl-C.
1.1
---
In version 1.0 the TBSCAN.DAT file will not be found if it is not in the
current directory. Now the file will be searched in the home directory
of TBSCAN.COM (Dos 3.0+).
1.0
---
Initial release of TBSCAN.
