home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!spool.mu.edu!agate!usenet.ins.cwru.edu!cert!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev)
- Newsgroups: comp.virus
- Subject: Re: SCAN for OS/2 uploaded to mcafee.COM... (OS/2)
- Message-ID: <0017.9212181845.AA00632@barnabas.cert.org>
- Date: 17 Dec 92 15:26:59 GMT
- Sender: virus-l@lehigh.edu
- Lines: 32
- Approved: news@netnews.cc.lehigh.edu
-
- aryeh@mcafee.com (McAfee Associates) writes:
-
- > - - Since OS/2 operates in a protected mode environment it can
- > only check its own area of memory or "memory image" for
- > viruses. Viruses in a DOS session or VDM will not be
- > detected in memory by OS2SCAN.
-
- This is not actually a problem. Since the scanner runs in its own area
- of memory, protected from the other processes, it cannot be fooled by
- a stealth virus and cannot be made to spread a fast infector on all
- files it scans... In fact, I am wondering why a memory check is
- performed at all by an OS/2-based scanner...
-
- > - - OS2SCAN checks "extended filenames" and HPFS-partitioned
- > drives as well as DOS (FAT) drives.
-
- Do you know any way in which a known DOS virus can infect an extended
- filename on an HPFS partition?
-
- > - - The /SAVE switch does not modify the OS2SCAN.EXE file.
- > Instead, it creates a SCAN.INI file.
-
- That's good news! It would be a good idea to make SCAN for DOS act the
- same way! This will be one self-modifying program less...
-
- Regards,
- Vesselin
- - --
- Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
- Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
- < PGP 2.1 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
- e-mail: bontchev@fbihh.informatik.uni-hamburg.de D-2000 Hamburg 54, Germany
-
