The Unsorted BBS Collection

home *** CD-ROM | disk | FTP | other *** search

/ The Unsorted BBS Collection / thegreatunsorted.tar / thegreatunsorted / misc / vdata.doc < prev next >

Wrap

Text File | 1994-10-15 | 14KB | 493 lines

╒═════════════════════════════════════════════════════════╕ │ │ │ VIRUS COLLECTOR'S TOOLBOX 1.2 │ │ (C) 1994 David Smith │ │ │ ╘═════════════════════════════════════════════════════════╛ ■ Catalogs and sorts through your viruses, even ones inside PKzip files WITHOUT UNZIPPING THEM. ■ Recurse subdirectories - hunt down your Data file/Config file in your path ■ Extracts virus names from F-PROT/AVPRO reports and imports them into the database, automatically! ■ Stores NAME, file size, file date, CRC, Virus name, plus the PKZIP file containing the file (if any) No more rediculous Crc-only databases ■ Catalogs .TD0 .ASM .A86 .C .OBJ .EXE .COM .VXE .VOM .SYS .BOO .PAS - not just executable files ■ Allows comparing two virus collections and generating a report on what you DO NOT have. ■ Checks duplicates before importing new viruses ■ Converts F-PROT or AVPRO report files into DESCRIPT.ION for all you 4Dos users ■ Even finds duplicates INSIDE PKZIP files without uncompressing. That means if you unzipped a file, TOOLBOX will recognize it's already inside the .ZIP! ■ Exports into DBASE/PARADOX/EXCEL compatible comma-delimited files ■ Also prints Sorted reports based upon Name, Size, or CRC value ■ It's FREEWARE ============* INTRODUCTION *===================================== Virus collecting is well and active around the world, and many people have several hundred, maybe even thousands on their computer. The problem is that no real programs are available for virus collectors. Sure, there is TBweeder (Frans Veldman) which is an "in house" sorter for ThunderByte Anti-Virus. However, it only stores CRC values (and names, but in a separate file.. ICK!) and cannot do complex functions on your virus collection. Wouldn't it be nice to "export" data concerning your virus files into a database program, sort/search for things based upon a user-definable field, compare YOUR database against other people's to see what you don't have, etc? Along comes VIRUS COLLECTOR'S TOOLBOX. If you have more than 10 viruses, then you might have some duplicates. And finding them is a BIG chore, especially when you have more than 1,000 in your collection. I personally am a "collection" trader. I give people my collection in trade for theirs (if they have anything interesting). This allows a more rapid growth of my collection (rather than downloading every one from BBS's, etc...) and talking to interesting people along the way. VIRUS COLLECTOR'S TOOLBOX is freeware and can be distributed without cost. Please do not trojanize the program and spread it around. Virus collecting and being a decent human being are not mutually exclusive. ================* ETHICS *===================================== I have a bachelor's degree in Psychology, am a professional programmer for a major Bank, rank a second-degree black belt in the martial arts, have a wife and kids, plus am an "authorized distributor" of ThunderByte Anti-Virus and run an Anti-Virus bulletin board. Obviously, I am not a virus-writing jerk, out to destroy the world, nor do I have ANY PART in the rediculous political arena that currently clouds the Anti-Virus/Virus-writing field. As a matter of fact, both parties probably dislike me :-) I *DO* have a large collection - over 3,400+ viruses and souce code that I *DO NOT* give out to anyone except other collectors. After all, if some guy already has over 500+ viruses, what does sharing 200 more hurt? I also DO NOT hand out viruses to kids, upload them to bulletin boards for fun, or trash my neighbor's computers with them. That's just plain dumb (plus a federal offense). I DO enjoy gathering a collection, and researching the various aspects of viruses from time to time. (Similar to Baseball trading cards, comic books, coins, etc...) USAGE: VDATA [option] [filespec] Vdata does not accept pathnames. Place it in your path, then change to the directory containing your files! VDATA /ADD [filespec] Adds files (including inside PKZIPs) to VDATA.DAT file To begin with, use this to add all your viruses into the database. Your *best bet* is to just leave the virus files inside PKZIPs, then let THE TOOLBOX catalog them. Each one will be listed to the screen as its added, along with the file name/size/CRC. Files within PKZIPs are only stored if they are: .TD0 .ASM .A86 .C* .OBJ .EXE .COM .VXE .VOM .SYS .BO? .BIN .PAS however any file you specify on the command line will be added, no matter what the extension. CAREFUL: The first VDATA.DAT in your PATH is used. If one already exists in the current directory/your PATH, it is read into memory, and will be added to. Make sure that THIS one is the data file you want. A sample output looks like: !HISTORY.COM 7764 272F05F1 ORDER.COM 2619 83E1B641 √ BASICSRC.ZIP Name Fullsize Method Compressed Date Time CRC ──────────── ────────── ──────── ────────── ────────── ──────── ──────── BB_CAI10.BAS 11772 DeflateX 3423 08-04-1993 01:06:02 65C873BF MONEY.BAS 1285 DeflateX 487 08-04-1993 01:06:02 7F6A23F XB_SRC01.BAS 18479 DeflateX 5972 08-04-1993 01:06:02 92539214 FILE_ID.DIZ 718 DeflateX 407 08-18-1994 13:16:46 40823B9A ──────────── ────────── ──────── ────────── ────────── ──────── ──────── OLDROBO.C 4502 FF4E931B BC_LAI10.C 7504 9DC27958 CRC.C 3918 CAFDC119 BULLET.TDO 8604 DA8B10C2 ! BB_LAI10.C BC_LAI10.C 7504 9DC27958 AGAIN.COM 4490 332A7B5 IDEMO.EXE 24739 3978A24C └──────SUBDIR MAINRUN.COM 345 28563623 VIRUS102.EXE 1593 8F2A7C19 I use my "own" internal PKZIP evaluating routine to peek inside PKZIP files (Pkzip version 1.1 or 2). Note the '!' near the end? That meant the file was a duplicate. You can look inside DUPLICAT.LOG for details. The format is: 1. The symbol '!' 2. The old filename already in the database 3. The new filename that wasn't added because it duplicated the old one 4. The file's size 5. The file's 32-bit CRC 6. The PKZIP file containing the dupe (if applicable) THE TOOLBOX also looks in the current directory for SCANNER.LOG, which can be F-PROT or AVPRO logs, and imports any virus descriptions. You can create a SCANNER.LOG with: 1) F-PROT -> F-PROT.EXE [directory] /REPORT=SCANNER.LOG /LIST 2) AVPRO -> -V.EXE [directory] /WA=SCANNER.LOG As a default, F-PROT descriptions are used. If you don't want these imported (it does slow down the program a little), or you use AVPRO, change the value in VDATA.INI. Also, see the └──────SUBDIR ?? That means it changed into a subdirectory. As a default, THE TOOLBOX recurses subdirectories. If you do NOT want recursion, change that value in your VDATA.INI. For more information about VDATA.INI, see below... THE TOOLBOX does *NOT* evaluate Pkzip inside Pkzip files. If your virus collection includes embedded PKzip files, just uncompress them before adding. VIRUS092.ZIP │ <--- This won't work. Uncompress first ├── oldvir.zip ├── newvir.zip └── smeg94.zip SMEG94.ZIP │ <--- Perfect. ├── smeg.com ├── smeg.asm └── virus.bbs Once you have your database, you're all set to use the other great features! VDATA /COMP [giver] [receiver] Compares two bases and finds unique files that the "receiver" does NOT have Use this to find viruses someone else has that you DON'T have. Merely make the two databases, then use this to compare. Example: VDATA /COMP fred.dat vdata.dat So in this example, you want to see which viruses FRED has that you don't. Fred will be giving the viruses, and you will be receiving them... Example: VDATA /COMP biglist.dat small.dat BIGLIST has twice as many viruses, so he will be the "giver" and the smaller collection will be the "receiver". You can reverse these and get what the smaller list may have that the "BIGLIST" doesn't. Unique files are printed to the screen and to a file: YOUNEED.VTA VDATA /DESC Converts AVPRO/F-PROT log into a 4DOS compatible DESCRIPT.ION file This imports a SCANNER.LOG file (F-PROT/AVPRO) and converts it to DESCRIPT.ION. A great feature for all your 4DOS users. VDATA /QSORT Lists current VDATA.DAT to screen, sorted by Name, Size or CRC. You can change how they are sorted by changing the value in your VDATA.INI This lists the contents of your database file: VDATA.DAT to the screen VDATA /LIST Lists current VDATA.DAT to screen This lists the contents of your database file: VDATA.DAT to the screen VDATA /REPORT Write current VDATA.DAT to report file: VDATA.RES This writes the contents of your database file: VDATA.DAT to a report file: VDATA.RES VDATA /DBASE Write current VDATA.DAT to comma-delimited file (which can be imported into Dbase, Excel, Paradox, etc) Same as above, but exports VDATA.RES as a comma-delimited file. Simply start up DBASE, PARADOX, etc... and import it. =================* VDATA.INI *===================================== VDATA.INI is the configuration file for VIRUS COLLECTOR'S TOOLBOX If it's not in your path, defaults will be used. The following fields are available: ------------------------------------------------------------ Which scanner's log will you use? F-PROT, AVPRO, NONE The default is F-PROT Note: If you specify a scanner, make sure the output file is SCANNER.LOG SCANNER = F-PROT ------------------------------------------------------------ If you press a key during processing, does that mean stop the program? ANY KEY STOPS = YES ------------------------------------------------------------ Print information to an output file? NOTE: If you say "NO", then some reports don't print PRINT TO FILE = YES ------------------------------------------------------------ Print information to the screen? NOTE: I recommend leaving this on... PRINT TO SCREEN = YES ------------------------------------------------------------ When doing a /QSORT printout to the screen, how should it be sorted? Default is NAME SORT BY = NAME SORT BY = SIZE SORT BY = CRC ------------------------------------------------------------ When adding files, do you want to process the directories below? Default = yes RECURSE SUBDIRS = YES ------------------------------------------------------------ =================* TECHNICAL STUFF *================================ VIRUS COLLECTOR'S TOOLBOX is written in C++, and the VDATA.DAT is organized as follows: struct testrectype { long Number; char FileName[15]; long size; char date[13]; long crc; char Vname[42]; char Parent[15]; } Rec; Sorts and duplicate checking are done using a LINKED LIST - which has a max value of 16,500 records. Any more will overload the list, and you will receive an error message concerning low memory! To search for AVPRO virus descriptions, I use the following routine: while(!feof(fp2)) { fgets(temp, 120, fp2); for(i=0; i<strlen(temp); i++) if(temp[i]=='\n' || temp[i]=='\r') temp[i]=' '; strcpy(Rec.Vname, " "); if(strstr(temp, Rec.FileName)) { ptr=0; if(strstr(temp, "virus Type")){ ptr = strrchr(temp, ':'); if(ptr) strncpy(Rec.Vname, ptr+13, 40); break; } ptr=0; if(strstr(temp, "virus")){ ptr = strrchr(temp, ':'); if(ptr) strncpy(Rec.Vname, ptr+8, 40); break; } } } And to look for F-PROT, I use: while(!feof(fp2)) { ptr=0; fgets(temp, 120, fp2); temp[1]=' '; for(i=0;i<strlen(temp);i++) if(temp[i]=='\n' || temp[i]=='\r') temp[i]=' '; strcpy(Rec.Vname, " "); if(strstr(temp, Rec.FileName)) { ptr=0; if(strstr(temp, "Infection")){ ptr = strrchr(temp, ':'); if(ptr) strncpy(Rec.Vname, ptr+2, 40); break; } ptr=0; if(strstr(temp, "Possibly")){ ptr = strchr(temp, 'a'); if(ptr) strncpy(Rec.Vname, ptr+2, 40); break; } ptr=0; if(strstr(temp, "Might be") || strstr(temp, "Seems to be")){ ptr = strchr(temp, 'a'); if(ptr) strncpy(Rec.Vname, ptr+2, 40); break; } } } =================* SUPPORT *===================================== If you believe this program has been tampered with, you can get a fresh new copy: INTERNET: autonet@unicomp.net COMPUSERVE: 71441,2723 BBS: AntiVirus ROCK: 214-606-1485 Hogard Solutions: 214-641-6292 This program is freeware, and the author gives ZERO technical support. Enjoy yourself, and I'll be glad to trade collections with ya! :-)