home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
BBS Toolkit
/
BBS Toolkit.iso
/
gt_power
/
nby126.zip
/
FASTNBY.DOC
< prev
next >
Wrap
Text File
|
1991-01-30
|
7KB
|
159 lines
+-----------------------------------------------------------------------+
| F A S T - NBY (NOT BORN YESTERDAY) File Integrity Testing V. 1.00 |
| Copyright (C) 1991 by cALMER Utilities [All Rights Reserved] |
|361 Somerville Road Hornsby Heights Sydney Australia [612] (02) 4821715|
+-----------------------------------------------------------------------+
Purpose: Detect changes to executable files, overlay files and
library files on PCs, in other words, any file which could
be attacked by a virus and cause potential problems after
infestation.
QUICK INTRODUCTION:
F A S T - NBY scans your ENTIRE hard disk(s) and calculates
a check-sum for every file found. On subsequent runs, this
check-sum is examined and compared, any changes, file-additions
or deletions are then reported.
F A S T - NBY is extremely fast for the following reasons:
a) it only checks the startup-code of programs rather than
the entire file together with random-areas depending on
file type. (Viruses generally modify the this area,
NBY checks the entire file.)
b) The important routines are written in machine-language
to speed up the operation.
REQUIREMENTS: a) A minimum of one hard disk.
b) A minimum of 256K of RAM.
c) A minimum of 600K of free disk space.
SPEED: The speed of F A S T - NBY is due to low-level programming
techniques for reading and sorting information. The sort
routine typically takes 0.3 seconds to sort 10,000 lines
on a 25Mhz computer. It is very memory hungry. If there
is insufficient memory to use the internal sort routine,
F A S T - NBY will use DOS' SORT program (SORT.EXE) auto-
matically. It will tell you should it be necessary to do
so. If it needs SORT.EXE and can not find it, it will ask
you to copy it from your DOS Master disk onto your hard disk
into a directory which is in the PATH, generally a \DOS
directory.
OPERATION: The first time you run F A S T - NBY, you MUST specify
which disk drives are to be scanned. This should include
all physical or logical drives you have but should exclude
"ASSIGN"ed or "SUBST"ituted drives.
Assuming you have two hard disks, drive C and D, give the
following command:
1ST. TIME: FASTNBY CD<Enter>
Fastnby will then simply read all those files and calculate
a CRC number for every file and write a data-file. This
datafile is kept in the calling directory, normally the cALMER
directory.
SUBSEQUENT
RUNS: Once installed, you can simply key in FASTNBY<Enter> to check
the files for changes.
F A S T - NBY will report any file deletions, additions and
changes, assuming that there where any, after checking all
files. One, two or three windows will pop up showing you
all files, including directories which have been affected.
If there are more than one window you can move between them
by pressing <Shift-Keypad-Right> or <Shift-Keypad-Left>.
To move within the windows, simply use the normal cursor keys.
<Esc> will return you to DOS.
COMMAND LINE OPTIONS:
* FASTNBY "Drives" /INSTALL<Enter>
where "Drives" = CDEF etc.
To install new drives into F A S T - NBY data list.
"FASTNBY CDEFG /INSTALL<Enter>" will check Drives C,D,E,F and G and
and from thn on check those drives every time you run FASTNBY.
* "FASTNBY /SILENT<Enter>"
To supress the Windows popping up at the end, and thus waiting
for operator input. Use this option when you run F A S T - NBY
in your AUTOEXEC.BAT. Any changes are simply reported to the
screen and can be interrogated later on. This avoids the need
to be present to press the <Esc> key to continue the operation.
* "FASTNBY /REVIEW<Enter>"
To take another look at what changes where reported the last
time you ran F A S T - NBY. Use this option at the very end
of your AUTOEXEC.BAT so you can study the changes to your
system.
ERROR LEVELS: F A S T - NBY returns the following error levels which can
be tested in batch files:
255 Insufficient Memory, corrupt files etc. (major error)
1 Modifications to files found or additional files found.
0 no changes found or only deletion found.
NBY Interface: any files found to be changed or added to your system by
F A S T - NBY can be scanned for viruses automatically by
NBY (standard cALMER anti-virus package). To do this,
you would add the following to your autoexec.bat file.
This will ensure that any program which has been added
to your system is automatically check for viruses:
FASTNBY /SILENT
IF ERRORLEVEL 1 NBY /FAST
rem =====
rem change NBY to whatever name you gave NBY
rem /FAST tells NBY to check all additions and changes as reported
rem
rem remainder of your batch file
FASTNBY /REVIEW
It may not be feasible to run F A S T - NBY every time you
reset your computer. In that case, use the TODAY program
and add the above commands into the TODAY.DAT file. This
will ensure that your system is checked thoroughly once a
day.
CONSTANTLY CHANGING PROGRAMS:
As a program developer, you will find that FASTNBY will complain
to you just about every day that files have changed, generally
after every compilation, the program would change. Then there
are the more sophisticated users who have ever-changing batch
files which are generated automatically to reflect a certain
system status or the like. It would be a real pain to be told
about these ad infinitum....
You can tell F A S T - NBY to ignore those files. To add a
file to the exception list, press <F2> in the 'Modifications'
window after having moved the cursor to the line containing the
file you want ignored. Pressing <F2> again will de-activate
the exception. A file which will be ignored on subsequent runs has
an inverse 'E' in front of it in that window.
This feature is only supported in the registered version.
.end of document