home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 2 BBS
/
02-BBS.zip
/
upchek_b.lzh
/
Upchek.doc
< prev
Wrap
Text File
|
1993-08-26
|
14KB
|
338 lines
Upchek (beta)
August 25, 1993
Kim Bergman
Upchek.cmd is a REXX program that automates the process of checking ZIP,
ZOO, LZH, ARJ, ARC and uncompressed files for viruses. It also checks for
damaged (corrupted) archives.
Although non-sysops might find Upchek useful too, it was designed and
written primarily to assist Maximus/2 sysops who want to check uploads. It
should be multi-line compatible but I haven't tested it that far. It has
been thoroughly tested on my single line Max system and I think it's
bug free. However, you never know. This is, therefore, a beta version
with an extra little warning to multi-line systems ..... test it before
you trust it! Do let me know how it works for you, please. My addresses
are listed near the end of this document.
License Agreement
=================
You are permitted to use Upchek (beta) in private, personal or commercial
environments free of charge. Kim Bergman retains copyright and sole
ownership. You may distribute Upchek (beta) freely as long as you
distribute the archive intact. You are allowed to modify Upchek.cmd for
your own purposes but are not allowed to distribute the modified code to
other parties under the name Upchek or any similar name.
Disclaimer
=========
I am neither an expert on virus detection nor an accomplished OS/2
programmer. There is no guarantee that Upchek will meet your needs
regarding virus detection and I assume no responsibility for losses or
damage due to deficiencies in Upchek.
Rationale
========
OS2SCAN v.1.06 by McAfee and Associates is incapable of detecting a virus
planted in a file that has been archived. Files must be unarchived before
they can be properly checked for viruses and sysops who accept uploads often
find that this can be a time consuming process. Normally each upload must
be dearchived then the files must be scanned and deleted. Upchek.cmd
automates that process almost completely.
My purpose in writing Upchek was to use Maximus/2's facility for virus
checking a file immediately after a caller uploads it. As soon as a caller
uploads and before he logs off Maximus will, if configured properly, call a
batch file specified in Maximus.ctl to check the upload. Upchek.cmd is
simply that batch file. Although Upchek was written specifically to serve
Maximus/2, it will serve anybody when invoked from the command prompt with
the proper parameters.
Overview
========
Upchek.cmd performs the following steps:
1. Checks the parameters it receives, responds intelligently to "?", "help"
and insufficient parameter situations.
2. Copies the file specified by the parameters from its home or upload
directory into a temporary work directory.
3. If the file is an archive then dearchives it and deletes it from the work
directory, leaves the original copy in the home or upload directory.
4. Calls OS2SCAN to scan the files in the work directory.
5. Checks to see if there were archives in the previous archive. If yes
then goes back to step 3. If no then goes to step 6.
6. Writes 2 reports: 1 for caller and 1 for sysop.
7. Either deletes or moves bad upoads to a "bad directory" or leaves them
where they are.
8. Deletes the work directory.
The need for step 5 and the possible return to step 3 may not be immediately
obvious. Hopefully the section "Loopholes" will explain.
System Requirements
===================
Upchek is written in the REXX language and was developed and tested under
OS/2 2.0 and 2.1. The basic REXX interpreter is required but the REXX
extensions are not. Upchek.cmd will not run under DOS or Windows unless
there are REXX interpreters for DOS and Windows that I am unaware of.
Upchek.cmd does absolutely no dearchiving or virus scanning on its own. It
relies on external programs to do those chores. If you want Upchek to
handle a variety of archives then you must install dearchiving utilities
too. A virus scanner is also required. Upchek.cmd is configured to work
with the following OS/2 programs and with a few modifications it might work
with others too:
1. Unzip 5.0 from Infozip.
2. Arc2, the official OS/2 release from SEA.
3. Unarj, the demo version by Robert Jung, Scott Dudley's port will likely
work as well but may require changes to the switches.
4. LH2, version 2.22 from Peter Fitzsimmons.
5. Zoo, version 2.1 by Rahul Dhesi.
6. OS2SCAN, version 1.06 from McAfee Associates.
If you do not have all the above (or equivalent) dearchivers then you can
still run Upchek.cmd. However a non-fatal error will occur when it tries to
dearchive a file for which you do not have the required dearchiver. The
error is interpreted to mean that the archive is corrupted and Upchek will
delete the file if you have configured Upchek to delete bad files. A
temporary solution you can use until you get all the dearchivers is to use
Badact Rename or Badact Move in Upchek.cfg.
Installing and Configuring Upchek
=================================
1. Copy Upchek.cmd, Scanopts.txt and Upchek.cfg to the directory in which
Maxp.exe resides. Copy Cdoor.mec to the directory in which your other
mecca files (*.mec files) reside. If you are not a Maximus sysop then
copy Upchek.cmd and Scanopts.txt to whatever directory you wish to run
Upchek.cmd from. Non-sysops do not require Cdoor.mec and may delete it.
2. Configure Upchek by editing Upchek.cfg. The comments in Upchek.cfg will
guide you.
NOTE: Installation steps 1 and 2 are all that is necessary to use
Upchek.cmd from the command line. To complete the setup for
Maximus you should proceed with steps 3 to 5.
3. Edit Max.ctl and define the name of the batch file on the Upload Check
Virus line in Maximus.ctl. Edit the line to read:
Upload Check Virus Upchek.cmd
Consult Max_ref.prn, page 42, for more details.
4. Edit Menus.ctl and find the line that invokes Max's upload procedure. It
is usually in the "Menu File" section and will look something like:
Upload Disgrace "Upload(send)"
Change that line to:
NoDsp Upload Disgrace "U"
Make sure there is a space after NoDsp. Now add a line that runs
Chekdoor.bbs when a caller uploads. Chekdoor.bbs must run before Max's
upload procedure so put the following line or something more suitable for
your system on the line above the one that invokes the upload procedure:
Display_File misc/cdoor Disgrace "Upload(send)"
The final result should look something like:
Display_File misc/cdoor Disgrace "Upload(send)"
NoDsp Upload Disgrace "U"
Usually Max's *.mec and *.bbs files are stored in the "misc" subdirectory of
Max's main directory. If your "misc" directory is called something else
then make the appropriate change to the line that begins with
"Display_File". The file Cdoor.mec should be in that directory and should
be compiled to Cdoor.bbs with Meccap. Refer to the Maximus docs for more
information on running the MECCA compiler.
5. Now run "siltp max" and "meccap misc\cdoor".
6. Go back to step 1 and check your work.
Command Line Usage
==================
If you have completed installation steps 1 and 2 then you can run Upchek.cmd
from the command prompt with:
Upchek <parameter1> <parameter2> <parameter3> <parameter4>
All four parameters are required and they must be separated by spaces.
PARAMETER1 = The path to the directory in which the file to be scanned
currently resides, also referred to as the file's "home directory". If
"help" or "?" is used for parameter1 then help will be provided. If
parameter1 is a path then it must end with a "\" character.
PARAMETER2 = The root filename (stem) of the file.
PARAMETER3 = The extension, including a leading ".", of the root filename
specified in parameter2.
PARAMETER4 = "/L", "L", "/l" or just "l". This parameter causes Upchek.cmd
to run in Local Mode or, you could say, non-BBS mode. Both examples below
would dearchive and scan NIX.ZIP which resides in directory d:\main\corr
use:
Upchek d:\main\corr\ nix .zip /L
Upchek d:\main\corr\ nix .zip l
Serving Maximus/2
=================
All sysops should read Max_ref.prn, page 42, for a better understanding of
what actually happens when Max invokes (calls) Upchek.cmd.
To be sure that Upchek has installed properly you might try running Upchek
from the command line in local mode first. If it doesn't work that way it
won't work with Max either. Once it's installed and configured properly,
Upchek should be ready to serve Max with very little intervention from you.
All you need to do is read and occassionally delete the log file and decide
what to do with files moved to the bad uploads directory. Whenever a caller
uploads a file Maximus will call Upchek.cmd and pass the proper parameters.
Upchek.cmd will dearchive the upload if it is an archive in ARC, ZIP, ZOO,
ARJ or LZH format. It will not dearchive PAK archives. If there are
archives inside the archive then they will be dearchived too as well as any
archives inside those, etc., etc. until there are no more archives, just
uncompressed files.
Loopholes
=========
Hackers use all sorts of little tricks to spread their virus into other
computers and there is no fool proof scheme for detecting all viruses.
However, some schemes are better than others. Consider the following
scenario.
I take an innocent game called Game.exe and archive it with Readme.txt into
Readme.zip. Then I plant a virus in another copy of Game.exe. Next I
archive the infected Game.exe, Game.doc, Game.cfg and Readme.zip into
Game.zip. Then I upload Game.zip to a BBS that uses a program similar to
but not as thorough as Upchek. It dearchives Game.zip then notices that
Readme.zip exists and dearchives it too. Now the infected Game.exe has been
overwritten by the clean Game.exe from Readme.zip. Then, all the files are
scanned and of course, no virus is detected. Later, a caller downloads
Game.zip and dearchives it but for some reason does not dearchive
Readme.zip. Or maybe he does dearchive Readme.zip but to save a little time
he chooses not to overwite the virus bearing Game.exe with the Game.exe in
Readme.zip. Although he might think it a little strange that a second
Game.exe exists in the Readme.zip there is no guarantee that he will
investigate. Unaware, he installs the infected Game.exe and runs it.
(The point is NOT that we should always overwrite second copies in archives
when we dearchive.)
To close the loophole demonstrated in the scenario above, Upchek proceeds
according to the steps in section "Overview". The virus scanner is invoked
each time an archive is unpacked so that each and every file in the original
archive is scanned including duplicates. Although this method takes more
time it is more thorough.
Discriminating Archives From "Normal" Files
========================================
Any file that Upcheck.cmd thinks is neither ARC, ARJ, LZH, ZIP nor ZOO is
referred to as a normal file. GIF, EXE, BMP, CMD and PAK files are examples
of normal files. Self extracting archives are regarded as normal files too
which is one "feature" of Upcheck that I am not pleased with. At this time
I don't know what to do with self extracting archives and welcome any
suggestions. Future versions of Upchek will address the concern.
Upchek "sniffs" for the identity bytes that all archives are stamped with so
it will recognize ARJ, LZH, ZIP, ZOO and ARC files even if they have an
abnormal extension, for example .XYZ.
PAK archives are not supported and will also be treated like normal files.
Reports
=======
The supplied file Report.txt contains examples of typical reports. There
are 2 sections: log reports for sysops and online reports for callers. Look
at the first section and note that log reports are seperated by a line of
asterisks.
The first log report shows what happens when Upchek.cmd can't find the file
it is supposed to process.
The second log report is typical of a file that is OK in all respects. The
caller would receive a report similar to the first report in Section 2 of
Reports.txt.
The third log report is for an upload that has a restricted file, an
archive that is corrupted and one or more viruses. The LISTSCAND option in
Upchek.cfg was set True for this upload so the lines that start with the "+"
character were produced. With LISTSCAND False the lines starting with "+
are not produced. The caller would receive a report similar to the second
report in Section 2 of Reports.txt. The lines beginning with the "+"
character are produced only when the DISCOURAGE option in Upchek.cfg is set
True.
Contacting the Author
==================
I may be moving soon so the addresses below may not be valid when you
receive Upchek. Though I may disappear from the Fido nodelist temporarily
when (and if) I move, it won't be long before I have a new FidoNet address.
If you have suggestions, ideas or bugfixes that you would like to see
incorporated into Upchek then please find some way of contacting me, if not
by netmail then perhaps via the Muffin echo.
Kim Bergman
Box 312
Nobleford, Alberta
T0L 1S0
voice: (403) 824-3923
data: (403) 824-3019
1:358/25@Fidonet.org
102:381/1@Intersports.ftn