home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / CHKVIR21.ZIP / VIRUSCHK.LJ2 < prev    next >
Encoding:
Text File  |  1991-08-16  |  31.7 KB  |  326 lines
  1. &l8c0e66F&aR&l0O
  2.  
  3. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T                                    *p1095XViruschk
  4. *p+50Y(10U(s0p10h12v0s0b3T                                   Version 2.1
  5. *p+50Y(10U(s0p10h12v0s0b3T                             SSgt Jon Freivald, USMC
  6. *p+50Y(10U(s0p10h12v0s0b3T                                  *p1035XTurboC++ 1.0
  7. *p+50Y(10U(s0p10h12v0s0b3T                    Copyright 1991, 1st Marine Corps District
  8. *p+50Y(10U(s0p10h12v0s0b3T                              *p915XAll Rights Reserved.
  9. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TLICENSING INFORMATION:
  10. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TViruschk is distributed as freeware.  It may be distributed
  11. *p+50Y(10U(s0p10h12v0s0b3T        freely as long as there is no fee charged for it or it's
  12. *p+50Y(10U(s0p10h12v0s0b3T        distribution.  Viruschk must be distributed as a complete
  13. *p+50Y(10U(s0p10h12v0s0b3T        package, containing all of the files contained in the file
  14. *p+50Y(10U(s0p10h12v0s0b3T        readme.1st.  Viruschk may not be distributed as a feature with
  15. *p+50Y(10U(s0p10h12v0s0b3T        any other software package without the prior written permission
  16. *p+50Y(10U(s0p10h12v0s0b3T        of 1st Marine Corps District.  There is no fee for registration,
  17. *p+50Y(10U(s0p10h12v0s0b3T        however, if you register as a user, you will be placed on
  18. *p+50Y(10U(s0p10h12v0s0b3T        distribution for future updates.  Refer to the notes section for
  19. *p+50Y(10U(s0p10h12v0s0b3T        further information on how to register.
  20. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TWHAT IT IS:
  21. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TThe use of McAfee's Viruscan (scan.exe) on all USMC systems is
  22. *p+50Y(10U(s0p10h12v0s0b3T        mandated by CMC/CCI msg R 220032Z OCT 90 ZY3.(10U(s0p10h12v0s1b3T Viruschk(10U(s0p10h12v0s0b3T is a
  23. *p+50Y(10U(s0p10h12v0s0b3T        "shell" or "watchdog" for McAfee's scan.exe. It also displays the
  24. *p+33Y(10U(s0p10h12v0s0b3T                                                            (10U(s0p16.66h8.5v0s0b0T1
  25. *p+17Y(10U(s0p16.66h8.5v0s0b0T             *p240X(10U(s0p10h12v0s0b3Twarning screen mandated by USMC security regulations*p1818X.  If a
  26. *p+50Y(10U(s0p10h12v0s0b3T        virus condition is found, it will lock up the user's system and
  27. *p+50Y(10U(s0p10h12v0s0b3T        with a loud tone and unmistakable screen, alert them to the
  28. *p+50Y(10U(s0p10h12v0s0b3T        infected condition!  It is highly recommended that you also use
  29. *p+50Y(10U(s0p10h12v0s0b3T        the Vshield program (also by McAfee) - especially if you use the
  30. *p+50Y(10U(s0p10h12v0s0b3T        option to limit scanning to once a week.  Please refer to the
  31. *p+50Y(10U(s0p10h12v0s0b3T        referenced message for further guidance regarding use of the
  32. *p+50Y(10U(s0p10h12v0s0b3T        McAfee virus prevention software.  This documentation does not
  33. *p+50Y(10U(s0p10h12v0s0b3T        cover all policy set forth in the message, nor does it intend to
  34. *p+50Y(10U(s0p10h12v0s0b3T        be taken as a statement of policy.
  35. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TSYSTEM REQUIREMENTS:
  36. *p+150Y(10U(s0p10h12v0s1b3T            (10U(s0p10h12v0s0b3To  IBM PC, PC/XT, PC/AT, PS/2 or 100% compatible computer
  37. *p+100Y(10U(s0p10h12v0s0b3T            o  384K RAM
  38. *p+100Y(10U(s0p10h12v0s0b3T            o  a hard disk with one or more DOS partitions
  39. *p+114Y(10U(s0p10h12v0s0b3T        (10U(s0p16.66h8.5v0s0b0T____________________________________________________________________________________________________________
  40. (10U(s0p16.66h8.5v0s0b0T                                                                                                                        *p2172X_
  41. *p+64Y(10U(s0p16.66h8.5v0s0b0T             *p240X1. For non USMC users, you can make this a welcome screen, display a corporate message, etc, or you can
  42. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294Xeliminate it all together.  The content of the screen file is irrelevant to the operation of the program.
  43. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294XThe file should only be one screen long, or it will scroll before the first part can be read.
  44.  
  45. (10U(s0p16.66h8.5v0s0b0T*p+255Y*p+79Y(10U(s0p16.66h8.5v0s0b0T                    (10U(s0p10h12v0s0b3To  DOS version 2.0 or higher
  46. *p+100Y(10U(s0p10h12v0s0b3T            o  DOS version 3.0 or higher for the integrity self-check
  47. *p+100Y(10U(s0p10h12v0s0b3T            o  McAfee & Associates Viruscan (scan.exe) version 7.2V77 or
  48. *p+50Y(10U(s0p10h12v0s0b3T               higher.
  49. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3THOW TO INSTALL IT:
  50. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TTo install Viruschk, proceed as follows:
  51. *p+100Y(10U(s0p10h12v0s0b3T        Make a directory on the c: drive named "security" (this is CMC
  52. *p+50Y(10U(s0p10h12v0s0b3T        mandated and hard-coded into Viruschk).
  53. *p+100Y(10U(s0p10h12v0s0b3T        Copy the following files into c:\security:
  54. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3Tviruschk.com
  55. *p+100Y(10U(s0p10h12v0s1b3T        scan.exe(10U(s0p10h12v0s0b3T        *p727X(This should be the latest version supplied
  56. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xthrough official channels.  It(10U(s0p10h12v0s1b3T *MUST*(10U(s0p10h12v0s0b3T be version
  57. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X7.2V77 or higher.)
  58. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3Twarning(10U(s0p10h12v0s0b3T         *p727X(This screen may be modified to suit your
  59. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xorganization with any ANSI editor such as
  60. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X"TheDraw", or you can substitute it with any
  61. *p+50Y(10U(s0p10h12v0s0b3T                        *p727XANSI/ASCII screen of your choice, as long as it
  62. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xis named "warning".  If you are not a USMC user,
  63. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xit may be omitted all together.)
  64. *p+100Y(10U(s0p10h12v0s0b3T        Add the line "c:\security\viruschk" to the beginning of the
  65. *p+50Y(10U(s0p10h12v0s0b3T        user's autoexec.bat file.  This line should normally be the first
  66. *p+33Y(10U(s0p10h12v0s0b3T                                (10U(s0p16.66h8.5v0s0b0T2
  67. *p+17Y(10U(s0p16.66h8.5v0s0b0T             *p240X(10U(s0p10h12v0s0b3Tline of the autoexec.bat *p1008X& should ALWAYS be before the user can
  68. *p+50Y(10U(s0p10h12v0s0b3T        login to the network.
  69. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TWHAT IT DOES:
  70. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TViruschk first checks the DOS version being run on the machine.
  71. *p+50Y(10U(s0p10h12v0s0b3T        If it is version 3.0 or higher, it performs an integrity check on
  72. *p+50Y(10U(s0p10h12v0s0b3T        itself.  ANY modification (manual tampering, "pklite"
  73. *p+50Y(10U(s0p10h12v0s0b3T        compression, a virus, etc) will cause the virus warning screen to
  74. *p+50Y(10U(s0p10h12v0s0b3T        display and the system to lock up.  If the DOS is less than
  75. *p+50Y(10U(s0p10h12v0s0b3T        version 3.0, a message is  displayed stating that the self-check
  76. *p+50Y(10U(s0p10h12v0s0b3T        cannot be performed.
  77. *p+138Y(10U(s0p10h12v0s0b3T        (10U(s0p16.66h8.5v0s0b0T____________________________________________________________________________________________________________
  78. (10U(s0p16.66h8.5v0s0b0T                                                                                                                        *p2172X_
  79. *p+64Y(10U(s0p16.66h8.5v0s0b0T             *p240X2. If you use Zenith DOS with manual partition assignment, make sure that you place the asgnpart command
  80. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294XBEFORE Viruschk or the additional partitions will not get scanned!
  81. *p+76Y(10U(s0p16.66h8.5v0s0b0T                *p294XIf your system does not have an internal clock/calendar, the DOS date command should be in the
  82. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294Xautoexec.bat prior to the viruschk line.
  83. *p+171Y(10U(s0p16.66h8.5v0s0b0T                                                               *p1140X(10U(s0p10h12v0s0b3T- 2 -
  84.  
  85. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        It then checks the command line.  The following command line
  86. *p+50Y(10U(s0p10h12v0s0b3T        options are valid:
  87. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3Tdisplay(10U(s0p10h12v0s0b3T         *p727Xshows the "lockup" screen & plays a snippet of
  88. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xthe warning tones - no scan is performed and the
  89. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xwarning screen is not displayed (this is
  90. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xincluded for demo purposes only!)
  91. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TMon(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Monday only
  92. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TTue(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Tuesday only
  93. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TWed(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Wednesday only
  94. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TThu(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Thursday only
  95. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TFri(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Friday only
  96. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TSat(10U(s0p10h12v0s0b3T             *p727X* Executes scan.exe on Saturday only
  97. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TSun(10U(s0p10h12v0s0b3T             *p727X* Executes scan.exe on Sunday only
  98. *p+100Y(10U(s0p10h12v0s0b3T                        *p727X* = NOT ALLOWED ON USMC SYSTEMS - these options
  99. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xare only included for those who wish to use this
  100. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xprogram on their private systems.
  101. *p+100Y(10U(s0p10h12v0s0b3T        If no command line (or one not listed above) argument is given,
  102. *p+50Y(10U(s0p10h12v0s0b3T        scan.exe will be executed every day.  The command line arguments
  103. *p+50Y(10U(s0p10h12v0s0b3T        MUST be typed exactly as they are above (i.e., "mon" is not
  104. *p+50Y(10U(s0p10h12v0s0b3T        equivalent to "Mon").
  105. *p+100Y(10U(s0p10h12v0s0b3T        If scan.exe is to be executed, Viruschk will then build a table
  106. *p+50Y(10U(s0p10h12v0s0b3T        of all valid hard drives for the system.  It will then execute
  107. *p+50Y(10U(s0p10h12v0s0b3T        scan.exe with the proper parameters to scan all the drives.  If
  108. *p+50Y(10U(s0p10h12v0s0b3T        scan.exe is not to be executed that day, this step will be
  109. *p+50Y(10U(s0p10h12v0s0b3T        skipped.
  110. *p+100Y(10U(s0p10h12v0s0b3T        If scan.exe is to be executed, and this is the first time for
  111. *p+50Y(10U(s0p10h12v0s0b3T        this particular day, scan will be executed with the "/NOBREAK"
  112. *p+50Y(10U(s0p10h12v0s0b3T        parameter - this will force a complete scan at least once each
  113. *p+50Y(10U(s0p10h12v0s0b3T        (selected) day.  If this is a subsequent run, the "/NOBREAK"
  114. *p+50Y(10U(s0p10h12v0s0b3T        parameter will be omitted, allowing the user to press <Ctrl><C>
  115. *p+50Y(10U(s0p10h12v0s0b3T        or <Ctrl><Break> to bypass the scanning process.  The first run
  116. *p+50Y(10U(s0p10h12v0s0b3T        force is controlled by a control file.  This is a 4 byte file
  117. *p+50Y(10U(s0p10h12v0s0b3T        named "c:\security\viruschk.lrd".  This file will be created the
  118. *p+50Y(10U(s0p10h12v0s0b3T        first time the program is run and will be re-created
  119. *p+50Y(10U(s0p10h12v0s0b3T        automatically if it is deleted.
  120. *p+100Y(10U(s0p10h12v0s0b3T        The control file is updated to reflect the current date AFTER the
  121. *p+50Y(10U(s0p10h12v0s0b3T        forced scan.  If the system is rebooted during the scan, the scan
  122. *p+50Y(10U(s0p10h12v0s0b3T        will again be forced.  This will continue until the scan
  123. *p+50Y(10U(s0p10h12v0s0b3T        completes and the control file is updated.
  124. *p+255Y*p+20Y(10U(s0p10h12v0s0b3T                                      - 3 -
  125.  
  126. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        Viruschk will then display the file "warning" for a period of 30
  127. *p+50Y(10U(s0p10h12v0s0b3T        seconds if it exists.  You will only get this far if one of the
  128. *p+50Y(10U(s0p10h12v0s0b3T        following two conditions are met:
  129. *p+100Y(10U(s0p10h12v0s0b3T                1.  scan.exe is not to be run that day
  130. *p+50Y(10U(s0p10h12v0s0b3T                2.  scan.exe ran successfully and did not find any
  131. *p+50Y(10U(s0p10h12v0s0b3T        viruses
  132. *p+100Y(10U(s0p10h12v0s0b3T        After the 30 second delay, control will release back to DOS and
  133. *p+50Y(10U(s0p10h12v0s0b3T        the user's system can continue running it's autoexec.bat file.
  134. *p+50Y(10U(s0p10h12v0s0b3T        The user can bypass the delay by pressing a key.  A countdown
  135. *p+50Y(10U(s0p10h12v0s0b3T        timer informs you of how much longer you have to wait if you
  136. *p+50Y(10U(s0p10h12v0s0b3T        don't press a key.  The warning screen will display every day,
  137. *p+50Y(10U(s0p10h12v0s0b3T        regardless of command line arguments (except "display" which is
  138. *p+50Y(10U(s0p10h12v0s0b3T        not for general use anyway...).  If the file c:\security\warning
  139. *p+50Y(10U(s0p10h12v0s0b3T        does not exist, nothing will be displayed, and there will be no
  140. *p+50Y(10U(s0p10h12v0s0b3T        delay before the program exits.
  141. *p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+240Y(10U(s0p10h12v0s0b3T                                      - 4 -
  142.  
  143. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TWHAT WILL TRIGGER IT:
  144. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TOne of five conditions will cause viruschk to lock up the user's
  145. *p+50Y(10U(s0p10h12v0s0b3T        system:
  146. *p+100Y(10U(s0p10h12v0s0b3T                1. Viruschk.exe finds any type of modification has
  147. *p+50Y(10U(s0p10h12v0s0b3T        occurred to itself (indicating either manual tampering or a
  148. *p+50Y(10U(s0p10h12v0s0b3T        virus).
  149. *p+50Y(10U(s0p10h12v0s0b3T                2. Scan.exe was not in the c:\security directory or could
  150. *p+50Y(10U(s0p10h12v0s0b3T        not be executed.
  151. *p+50Y(10U(s0p10h12v0s0b3T                3. Scan.exe found viruses present on the system.
  152. *p+50Y(10U(s0p10h12v0s0b3T                4. Scan.exe exited with an error code.
  153. *p+50Y(10U(s0p10h12v0s0b3T                5. Your version of scan.exe is not at least 7.2V77.
  154. *p+100Y(10U(s0p10h12v0s0b3T        Given any of the 5 conditions, we do not want the user to be able
  155. *p+50Y(10U(s0p10h12v0s0b3T        to proceed and use his system (possibly spreading a virus..!), so
  156. *p+50Y(10U(s0p10h12v0s0b3T        viruschk sounds a warning tone on the PC's speaker & displays a
  157. *p+50Y(10U(s0p10h12v0s0b3T        screen leaving the user no doubt about the fact that a virus has
  158. *p+50Y(10U(s0p10h12v0s0b3T        been encountered (even though that is but one of five possible
  159. *p+50Y(10U(s0p10h12v0s0b3T        exit codes).  The user's system will now be locked - the only
  160. *p+50Y(10U(s0p10h12v0s0b3T        keystrokes that will have any effect is <Ctrl><Alt><Del> and (if
  161. *p+50Y(10U(s0p10h12v0s0b3T        you have a Zenith system) <Ctrl><Alt><Ins> (so that you can boot
  162. *p+50Y(10U(s0p10h12v0s0b3T        from a write protected floppy disk and remedy the problem).
  163. *p+100Y(10U(s0p10h12v0s0b3T        For a demo of the warning screen type:
  164. *p+100Y(10U(s0p10h12v0s0b3T                viruschk display
  165. *p+100Y(10U(s0p10h12v0s0b3T        when display is on the command line, scan will not be executed,
  166. *p+50Y(10U(s0p10h12v0s0b3T        nor will warning be displayed - this is for admin demo use only.
  167. *p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+50Y(10U(s0p10h12v0s0b3T                                      - 5 -
  168.  
  169. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TRETURN CODES:
  170. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TViruschk will set the DOS errorlevel upon exit.  You can use the
  171. *p+50Y(10U(s0p10h12v0s0b3T        DOS batch command "if errorlevel" to check these codes and take
  172. *p+50Y(10U(s0p10h12v0s0b3T        conditional action if desired.  The following is a list of the
  173. *p+50Y(10U(s0p10h12v0s0b3T        codes & their significance:
  174. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T0(10U(s0p10h12v0s0b3T               *p727XViruschk ran uninterrupted to completion of the
  175. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdelay countdown or the "display" command line
  176. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xoption was used.
  177. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T1(10U(s0p10h12v0s0b3T               *p727XA keystroke was pressed to bypass the delay.
  178. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2(10U(s0p10h12v0s0b3T               *p727XThe file c:\security\warning was not found
  179. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X(therefore no display or delay).
  180. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T3(10U(s0p10h12v0s0b3T               *p727XWarning was present, but the program was unable
  181. *p+33Y(10U(s0p10h12v0s0b3T                                     *p1117X(10U(s0p16.66h8.5v0s0b0T3
  182. *p+17Y(10U(s0p16.66h8.5v0s0b0T                                        *p727X(10U(s0p10h12v0s0b3Tto display it*p1135X.
  183. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T100(10U(s0p10h12v0s0b3T             *p727XYou errantly obtained a copy of the program that
  184. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdoes not have the anti-virus information
  185. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Ximbedded in it.  This copy should not have been
  186. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdistributed and will not run with DOS 3.0 or
  187. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xhigher.
  188. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T255(10U(s0p10h12v0s0b3T             *p727XThe DOS version being run is less than version
  189. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X2.0.  Viruschk requires at least version 2.0 to
  190. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xrun and at least 3.0 to perform it's self-check.
  191. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TCOMMON PROBLEMS/REMEDIES:
  192. *p+150Y(10U(s0p10h12v0s1b3T           (10U(s0p10h12v0s0b3T1.  Scan.exe cannot execute - Viruschk locks up system -
  193. *p+50Y(10U(s0p10h12v0s0b3T               scan.exe will execute when invoked manually.
  194. *p+100Y(10U(s0p10h12v0s0b3T                  a.  Memory - scan.exe requires 256K of RAM.  Adding the
  195. *p+50Y(10U(s0p10h12v0s0b3T                      overhead of Viruschk brings system requirements up
  196. *p+50Y(10U(s0p10h12v0s0b3T                      to 384K. It doesn't actually require that much, but
  197. *p+50Y(10U(s0p10h12v0s0b3T                      that is the next step up from 256K.
  198. *p+100Y(10U(s0p10h12v0s0b3T                  b.  Location - scan.exe MUST be located in C:\SECURITY.
  199. *p+50Y(10U(s0p10h12v0s0b3T                      Because this location was mandated by CMC, it has
  200. *p+50Y(10U(s0p10h12v0s0b3T                      been hard-coded into Viruschk.  If it cannot
  201. *p+50Y(10U(s0p10h12v0s0b3T                      execute the program c:\security\scan.exe, it is
  202. *p+50Y(10U(s0p10h12v0s0b3T                      considered an error & the lock up is initiated on
  203. *p+50Y(10U(s0p10h12v0s0b3T                      purpose.  This prevents a virus from planting a
  204. *p+50Y(10U(s0p10h12v0s0b3T                      trojan "scan" elsewhere in your path and having it
  205. *p+50Y(10U(s0p10h12v0s0b3T                      executed by Viruschk.
  206. *p+102Y(10U(s0p10h12v0s0b3T        (10U(s0p16.66h8.5v0s0b0T____________________________________________________________________________________________________________
  207. (10U(s0p16.66h8.5v0s0b0T                                                                                                                        *p2172X_
  208. *p+64Y(10U(s0p16.66h8.5v0s0b0T             *p240X3. This condition should **p710XN*p730XE*p750XV*p770XE*p790XR*p810X* *p848Xhappen!  If it does, please contact me because I'm interested in knowing
  209. (10U(s0p16.66h8.5v0s0b0T                                      *p692X**p712XN*p732XE*p752XV*p772XE*p792XR*p812X*
  210. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294Xif this can actually happen.
  211. *p+171Y(10U(s0p16.66h8.5v0s0b0T                                                               *p1140X(10U(s0p10h12v0s0b3T- 6 -
  212.  
  213. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T                  c.  Version - starting with Viruschk version 2.01c,
  214. *p+50Y(10U(s0p10h12v0s0b3T                      Viruscan (scan.exe) 7.2V77 is the minimum version
  215. *p+50Y(10U(s0p10h12v0s0b3T                      required.
  216. *p+100Y(10U(s0p10h12v0s0b3T           2.  My warning screen comes out looking like a bunch of
  217. *p+50Y(10U(s0p10h12v0s0b3T               jumbled garbage.
  218. *p+100Y(10U(s0p10h12v0s0b3T                  a.  Most likely your screen was done in ANSI graphics
  219. *p+50Y(10U(s0p10h12v0s0b3T                      and you do not have ansi.sys loaded.  Insure that
  220. *p+50Y(10U(s0p10h12v0s0b3T                      your config.sys file contains a line something to
  221. *p+50Y(10U(s0p10h12v0s0b3T                      the effect of "device=c:\dos\ansi.sys".  If it does
  222. *p+50Y(10U(s0p10h12v0s0b3T                      not, add the line (make sure you give the correct
  223. *p+50Y(10U(s0p10h12v0s0b3T                      path to ansi.sys), then reboot your system.
  224. *p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+185Y(10U(s0p10h12v0s0b3T                                      - 7 -
  225.  
  226. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TNETWORKS AND POLICY ENFORCEMENT:
  227. *p+150Y(10U(s0p10h12v0s1b3T                (10U(s0p10h12v0s0b3TAs a network administrator myself, I have become quite
  228. *p+50Y(10U(s0p10h12v0s0b3T        accustomed to users ignoring policy and doing exactly what they
  229. *p+50Y(10U(s0p10h12v0s0b3T        pleased on "their" PCs.  In light of this, the "Enforcer" program
  230. *p+50Y(10U(s0p10h12v0s0b3T        has evolved.  You should have received "enforcer.zip" as part of
  231. *p+33Y(10U(s0p10h12v0s0b3T                                 (10U(s0p16.66h8.5v0s0b0T4
  232. *p+17Y(10U(s0p16.66h8.5v0s0b0T             *p240X(10U(s0p10h12v0s0b3Tyour distribution package*p1008X.  This file is a compressed library
  233. *p+50Y(10U(s0p10h12v0s0b3T        containing the enforcer executable files and documentation.
  234. *p+50Y(10U(s0p10h12v0s0b3T        Using the enforcer, all systems must be scanned with the Viruschk
  235. *p+50Y(10U(s0p10h12v0s0b3T        - Viruscan combination before access to the network will be
  236. *p+50Y(10U(s0p10h12v0s0b3T        allowed.
  237. *p+100Y(10U(s0p10h12v0s0b3T                Currently supported networks are Banyan VINES 3.xx &
  238. *p+50Y(10U(s0p10h12v0s0b3T        4.xx.
  239. *p+100Y(10U(s0p10h12v0s0b3T                If you do not see your network listed please feel free to
  240. *p+50Y(10U(s0p10h12v0s0b3T        contact the author.  It is the intent of the author to support
  241. *p+50Y(10U(s0p10h12v0s0b3T        all DOS based networks eventually.
  242. *p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+160Y(10U(s0p10h12v0s0b3T        (10U(s0p16.66h8.5v0s0b0T____________________________________________________________________________________________________________
  243. (10U(s0p16.66h8.5v0s0b0T                                                                                                                        *p2172X_
  244. *p+64Y(10U(s0p16.66h8.5v0s0b0T             *p240X4. PKUnzip (PKWare) version 1.10 is required to extract the contents of this file.
  245. *p+171Y(10U(s0p16.66h8.5v0s0b0T                                                               *p1140X(10U(s0p10h12v0s0b3T- 8 -
  246.  
  247. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TNOTES:
  248. *p+150Y(10U(s0p10h12v0s1b3T                (10U(s0p10h12v0s0b3TThe author can be contacted to register or for support in
  249. *p+50Y(10U(s0p10h12v0s0b3T        the following ways:
  250. *p+100Y(10U(s0p10h12v0s0b3T        Commanding Officer
  251. *p+50Y(10U(s0p10h12v0s0b3T        Headquarters, 1st Marine Corps District (ISMO)
  252. *p+50Y(10U(s0p10h12v0s0b3T        605 Stewart Avenue
  253. *p+50Y(10U(s0p10h12v0s0b3T        Garden City, NY 11530
  254. *p+50Y(10U(s0p10h12v0s0b3T                ATTN: SSgt Freivald
  255. *p+100Y(10U(s0p10h12v0s0b3T        Commercial phone - (516) 228-5635
  256. *p+50Y(10U(s0p10h12v0s0b3T        Autovon phone - 994-5635
  257. *p+50Y(10U(s0p10h12v0s0b3T        ELMS/MCDN - bk1md4:gisnad05
  258. *p+50Y(10U(s0p10h12v0s0b3T        Compuserve - 70274,666
  259. *p+50Y(10U(s0p10h12v0s0b3T        Internet - 70274.666@compuserve.com
  260. *p+50Y(10U(s0p10h12v0s0b3T        Prodigy - ktfp55a
  261. *p+50Y(10U(s0p10h12v0s0b3T        BBS - (516) 483-5841 (8,N,1 - 300-2400,9600 HST)
  262. *p+100Y(10U(s0p10h12v0s0b3T                I wrote this program to take care of two CMC mandates for
  263. *p+50Y(10U(s0p10h12v0s0b3T        the users of our network as transparently as possible.  It has
  264. *p+50Y(10U(s0p10h12v0s0b3T        also been implemented on all of our remote/stand-alone systems.
  265. *p+50Y(10U(s0p10h12v0s0b3T        Those mandates are the access warning screen on system startup
  266. *p+50Y(10U(s0p10h12v0s0b3T        and the scanning of all hard drives at least once a week.
  267. *p+100Y(10U(s0p10h12v0s0b3T                Please contact me ASAP if you have any problems with this
  268. *p+50Y(10U(s0p10h12v0s0b3T        program.  We have tested it on over 90 systems here at 1st
  269. *p+50Y(10U(s0p10h12v0s0b3T        District, but our configurations are pretty standard, so I can't
  270. *p+50Y(10U(s0p10h12v0s0b3T        GUARANTEE that it will run properly on ALL systems (although I
  271. *p+50Y(10U(s0p10h12v0s0b3T        believe it will).
  272. *p+100Y(10U(s0p10h12v0s0b3T                I am also open to comments and suggestions for
  273. *p+50Y(10U(s0p10h12v0s0b3T        improvements.  Having reached this stage, updates are not very
  274. *p+50Y(10U(s0p10h12v0s0b3T        high on the priority list, but I will definitely entertain them.
  275. *p+50Y(10U(s0p10h12v0s0b3T        I may also be willing to produce custom versions for specific
  276. *p+50Y(10U(s0p10h12v0s0b3T        requirements.  This will depend on what they are (the amount of
  277. *p+50Y(10U(s0p10h12v0s0b3T        work involved), requested delivery deadlines, and my current
  278. *p+50Y(10U(s0p10h12v0s0b3T        workload here at 1st District.
  279. *p+100Y(10U(s0p10h12v0s0b3T                If you would like to be placed on distribution for any
  280. *p+50Y(10U(s0p10h12v0s0b3T        future updates, simply drop me a message (either US Mail or
  281. *p+50Y(10U(s0p10h12v0s0b3T        Electronic Mail) with your name, unit, address (E-Mail!?), etc...
  282. *p+50Y(10U(s0p10h12v0s0b3T        Be sure to mention Viruschk, as I maintain distribution lists for
  283. *p+50Y(10U(s0p10h12v0s0b3T        a number of programs & want to be sure to get you on the right
  284. *p+50Y(10U(s0p10h12v0s0b3T        list..!  Also, please mention the version that you currently
  285. *p+50Y(10U(s0p10h12v0s0b3T        have.
  286. *p+255Y*p+255Y*p+15Y(10U(s0p10h12v0s0b3T                                      - 9 -
  287.  
  288. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TREVISION HISTORY:
  289. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s1b3T2.1(10U(s0p10h12v0s0b3T             *p727XImplemented the Banyan VINES version of
  290. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X"Enforcer".
  291. *p+100Y(10U(s0p10h12v0s0b3T                        *p727XCleaned up the formatting of the disk found
  292. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xline(s).
  293. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.03(10U(s0p10h12v0s0b3T            *p727XFixed a bug that would cause a divide error with
  294. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xprogram termination if a RAM Drive or hard disk
  295. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xpartition was smaller than one meg or had less
  296. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xthan one meg free.  Thanks to Aryeh Goretsky
  297. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xfrom McAfee Associates tech support for
  298. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdiscovering it and bringing it to my attention.
  299. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.02(10U(s0p10h12v0s0b3T            *p727XAdded the feature of "/NOBREAK" being passed to
  300. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xscan.exe only on the first run of any given day.
  301. *p+50Y(10U(s0p10h12v0s0b3T                        *p727XThis added the requirement for a 4 byte control
  302. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xfile, which is named "c:\security\viruschk.lrd"
  303. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X(lrd stands for "last run date").
  304. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.01c(10U(s0p10h12v0s0b3T           *p727XUpdated the code to invoke scan.exe with the
  305. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X"/M", "/NOPAUSE" and "/NOBREAK" options.  This
  306. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xupdate requires the use of Viruscan (scan.exe)
  307. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xversion 7.2V77 or higher.
  308. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.01b(10U(s0p10h12v0s0b3T           *p727XAdded (actually just made consistent &
  309. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdocumented) DOS errorlevel exits.
  310. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.01a(10U(s0p10h12v0s0b3T           *p727XCaptured the keystroke if the delay was bypassed
  311. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xto prevent inadvertent input to the next program
  312. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xrun.
  313. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.01(10U(s0p10h12v0s0b3T            *p727XAdded drive information display, changed 5
  314. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xsecond delay to a 30 second delay bypassable
  315. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xwith a keystroke, and made the warning screen
  316. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xoptional.
  317. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.0(10U(s0p10h12v0s0b3T             *p727XAdded integrity (virus) self-check, system
  318. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xinterrogation for drive table and option to run
  319. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xon a specific day of the week.  Converted from
  320. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X.exe to .com format.  Documentation written.
  321. *p+50Y(10U(s0p10h12v0s0b3T                        *p727XFirst general distribution.
  322. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T1.0(10U(s0p10h12v0s0b3T             *p727XFirst release, not distributed beyond First
  323. *p+50Y(10U(s0p10h12v0s0b3T                        *p727XDistrict users.  Would only scan drive c:, had a
  324. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xfixed 5 second delay for the warning screen
  325. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X(which was required), and ran every day.
  326. *p+255Y*p+170Y(10U(s0p10h12v0s0b3T                                     *p1125X- 10 -