VIRUS-L Digest Friday, 14 Jul 1989 Volume 2 : Issue 152

VIRUS-L Digest Friday, 14 Jul 1989 Volume 2 : Issue 152

Today's Topics:

Virus Archives
New Version of VIRUSCAN
Intro to archives
Archive sites -- Amiga
Archive sites -- Apple II
Archive sites -- Atari ST
Archive sites -- Documentation
Archive sites -- Mac
Archive sites -- IBMPC
New additions to Amiga archives
New additions to IBMPC archives

---------------------------------------------------------------------------

Date: 13 Jul 89 17:54:35 +0000
From: [email protected]
Subject: Virus Archives

I noticed several postings regarding archives concerning different
viruses. I got the ftp addr for the Macintosh virus archives but
can't locate the information for the other archives. Is this
information stored somewhere? I would like to get the archives.
Thanks.

- -Maria

------------------------------

Date: Thu, 13 Jul 89 16:38:17 -0700
From: [email protected]
Subject: New Version of VIRUSCAN

The new version V26 of VIRUSCAN can now identify the FuManchu and the
Traceback (3066) viruses. No reports of the 3066 in the States yet,
but sure to come. The new version is available on HomeBase - 408 988
4004.
Alan Roberts

------------------------------

Date: 14 Jul 89 07:43:30 +0000
From: [email protected] (Jim Wright)
Subject: Intro to archives

# Introduction to the Anti-viral archives...
# Listing of 14 July 1989

This posting is the introduction to the "official" anti-viral archives
of virus-l/comp.virus. With the generous cooperation of many sites
throughout the world, we are attempting to make available to all
the most recent news and programs for dealing with the virus problem.
Currently we have sites for Amiga, Apple II, Atari ST, IBMPC and
Macintosh microcomputers, as well as sites carrying research papers
and reports of general interest. We don't yet have a site dedicated
to the "big boys", but are on the look. Volunteers welcome.

If you have general questions regarding the archives, you can send
them to this list or to me. I'll do my best to help. If you have
an archive site and would like to volunteer your site (and are in
a position to do so! :-), send me a message. Also, if you have a
submission for the archives, you can send it to me or to one of the
persons in charge of the relevant sites.

I have completed my research here at Iowa State and will soon be
moving on. I'll keep the list updated as to my whereabouts.
(I *do* plan on having net access at my next job! :-)

This round of announcements introduces Simtel to the IBMPC side
of our archives. With the mail-based service many other sites provide
for the Simtel archives, this should provide access to the archives
to many "Bitnet-bound" folks out there.

If you have any corrections to the lists, please let me know.
It appears I completely fumbled the Mac listings last time. The
list should be correct now.

- --
Jim Wright
[email protected]

------------------------------

Date: 14 Jul 89 07:49:40 +0000
From: [email protected] (Jim Wright)
Subject: Archive sites -- Amiga

# Anti-viral archive sites for the Amigoids...
# Listing of 14 July 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Amiga index for the virus archives can be retrieved as
request: amiga
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

ms.uky.edu
Sean Casey <[email protected]>
Access is through anonymous ftp.
The Amiga anti-viral archives can be found in /pub/amiga/Antivirus.
The IP address is 128.163.128.6.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
I'm not sure of access, but you Brits ought to know by now. :-)

uxe.cso.uiuc.edu
Lionel Hummel <[email protected]>
The archives are in /amiga/virus.
There is also a lot of stuff to be found in the Fish collection.
The IP address is 128.174.5.54.

- --
Jim Wright
[email protected]

------------------------------

Date: 14 Jul 89 07:50:39 +0000
From: [email protected] (Jim Wright)
Subject: Archive sites -- Apple II

# Anti-viral archive sites for the Apple II types...
# Listing of 22 June 1989

brownvm.bitnet
Chris Chung <[email protected]>
Access is through LISTSERV, using SEND, TELL and MAIL commands.
Files are stored as
apple2-l xx-xxxxx
where the x's are the file number.

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Apple II index for the virus archives can be retrieved as
request: apple
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
I'm not sure of access, but you Brits ought to know by now. :-)

- --
Jim Wright
[email protected]

------------------------------

Date: 14 Jul 89 07:51:33 +0000
From: [email protected] (Jim Wright)
Subject: Archive sites -- Atari ST

# Anti-viral archive sites for the Atarians...
# Listing of 22 June 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Atari ST index for the virus archives can be retrieved as
request: atari
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
I'm not sure of access, but you Brits ought to know by now. :-)

ssyx.ucsc.edu
Steve Grimm <[email protected]>
Access to the archives is through FTP or mail server.
With ftp, look in the directory /pub/virus.
The IP address is 128.114.133.1.
For instructions on the mail-based archiver server, send
help
to <[email protected]>.

- --
Jim Wright
[email protected]

------------------------------

Date: 14 Jul 89 07:53:07 +0000
From: [email protected] (Jim Wright)
Subject: Archive sites -- Documentation

# Anti-viral archive sites for the scholarly crowd...
# Listing of 22 June 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The index for the **GENERAL** virus archives can be retrieved as
request: general
topic: index
The index for the **MISC.** virus archives can be retrieved as
request: misc
topic: index
**VIRUS-L** entries are stored in monthly and weekly digest form from
May 1988 to December 1988. These are accessed as log.8804 where
the topic substring is comprised of the year, month and a week
letter. The topics are:
8804, 8805, 8806 - monthly digests up to June 1988
8806a, 8806b, 8806c, 8806d, 8807a .. 8812d - weekly digests
The following daily digest format started on Wed 9 Nov 1988. Digests
are stored by volume number, e.g.
request: virus
topic: v1.2
would retrieve issue 2 of volume 1, in addition v1.index, v2.index and
v1.contents, v2.contents will retrieve an index of available digests
and a extracted list of the the contents of each volume respectively.
**COMP.RISKS** archives from v7.96 are available on line as:
request: comp.risks
topic: v7.96
where topic is the issue number, as above v7.index, v8.index and
v7.contents and v8.contents will retrieve indexes and contents lists.
For further details send a message with the text
help
The administrative address is <[email protected]>

lehiibm1.bitnet
Ken van Wyk <[email protected]> new: <[email protected]>
This site has archives of VIRUS-L, and many papers of
general interest.
Access is through ftp, IP address 128.180.2.1.
The directories of interest are VIRUS-L and VIRUS-P.
There may also be mail access.
This archive may go away with the departure of Ken.

lll-winken.llnl.gov
Vijay Subramanian <????@???.???.???>
This site has archives of VIRUS-L, and many papers of
general interest.
Access is through ftp, IP address 128.115.14.1.
There are quite a number of subdirectories living under /virus-l.
I have been unable to get through for several months; I
understand they are having trouble upgrading their network.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
I'm not sure of access, but you Brits ought to know by now. :-)

unma.unm.edu
Dave Grisham <[email protected]>
This site has a collection of ethics documents.
Included are legislation from several states and policies
from many institutions.
Access is through ftp, IP address 129.24.8.1.
Look in the directory /ethics.

- --
Jim Wright
[email protected]

------------------------------

Date: 14 Jul 89 07:55:32 +0000
From: [email protected] (Jim Wright)
Subject: Archive sites -- Mac

# Anti-viral archive sites for the Macindroids...
# Listing of 1 July 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Mac index for the virus archives can be retrieved as
request: mac
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

ifi.ethz.ch
Danny Schwendener <[email protected]>
Access is through SPAN/HEPnet, but can also be reached using
X.25 and modem ports (no direct dialins, though).
Archives are in process of moving to a new machine.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
I'm not sure of access, but you Brits ought to know by now. :-)

rascal.ics.utexas.edu
Werner Uhrig <[email protected]>
Access is through anonymous ftp, IP number is 128.83.144.1.
Archives can be found in the directory mac/virus-tools.
Please retrieve the file 00.INDEX and review it offline.
Due to the size of the archive, online browsing is discouraged.

scfvm.bitnet
Joe McMahon <[email protected]>
Access is via LISTSERV.
SCFVM offers an "automatic update" service. Send the message
AFD ADD VIRUSREM PACKAGE
and you will receive updates as the archive is updated.
You can also subscribe to automatic file update information with
FUI ADD VIRUSREM PACKAGE

sumex.stanford.edu
Bill Lipa <[email protected]>
Access is through anonymous ftp, IP number is 36.44.0.6.
Archives can be found in /info-mac/virus.
Administrative queries to <[email protected]>.
Submissions to <[email protected]>.
There are a number of sites which maintain shadow archives of
the info-mac archives at sumex:
* MACSERV@PUCC services the Bitnet community
* LISTSERV@RICE for e-mail users
* FILESERV@IRLEARN for folks in Europe

wsmr-simtel20.army.mil
Robert Thum <[email protected]>
Access is through anonymous ftp, IP number 26.2.0.74.
Archives can be found in PD3:<MACINTOSH.VIRUS>.
Please get the file 00README.TXT and review it offline.

- --
Jim Wright
[email protected]

------------------------------

Date: 14 Jul 89 07:58:41 +0000
From: [email protected] (Jim Wright)
Subject: Archive sites -- IBMPC

# Anti-viral archive sites catering to the IBMPC crowd...
# Listing of 05 July 1989

cs.hw.ac.uk
Dave Ferbrache <[email protected]>
NIFTP from JANET sites, login as "guest".
Electronic mail to <[email protected]>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The IBMPC index for the virus archives can be retrieved as
request: ibmpc
topic: index
For further details send a message with the text
help
The administrative address is <[email protected]>

ms.uky.edu
Daniel Chaney <[email protected]>
This site can be reached through anonymous ftp.
The IBMPC anti-viral archives can be found in /pub/msdos/AntiVirus.
The IP address is 128.163.128.6.

pd-software.lancaster.ac.uk
Steve Jenkins <[email protected]>
I'm not sure of access, but you Brits ought to know by now. :-)

wsmr-simtel20.army.mil
Keith Peterson <[email protected]>
Direct access is through anonymous ftp, IP 26.2.0.74.
The anti-viral archives are in PD1:<MSDOS.TROJAN-PRO>.
Simtel is a TOPS-20 machine, and as such you should use
"tenex" mode and not "binary" mode to retreive archives.
Please get the file 00-INDEX.TXT using "ascii" mode and
review it offline.
NOTE:
There are also a number of servers which provide access
to the archives at simtel.
WSMR-SIMTEL20.Army.Mil can be accessed using LISTSERV commands
from BITNET via LISTSERV@NDSUVM1, LISTSERV@RPIECS and in Europe
from EARN TRICKLE servers. Send commands to TRICKLE@<host-name>
(for example: TRICKLE@AWIWUW11). The following TRICKLE servers
are presently available: AWIWUW11 (Austria), BANUFS11 (Belgium),
DKTC11 (Denmark), DB0FUB11 (Germany), IMIPOLI (Italy),
EB0UB011 (Spain) and TREARN (Turkey).

- --
Jim Wright
[email protected]

------------------------------

Date: 14 Jul 89 09:32:18 +0000
From: [email protected] (Jim Wright)
Subject: New additions to Amiga archives

It's about time I posted an announcement of some of the anti-viral
programs I've collected for the Amiga archives. To find an archive
site near you, check my earlier posting to this list of all the
archive sites cooperating with virus-l/comp.virus. Here are a few
of the recent additions. (However, not all of these are "new"
programs---just programs I've recently found.)

bootback.arc
A program to backup boot blocks. Includes source. This
is worth getting, if only to read the comments in the
source code.

bootune.arc
The program installs a boot block which plays a tune each
time you boot. If the song gets messed up, you should
suspect something wrong with the boot sector.

clkdoct3.arc
This program will fix the "clock virus". I'm fairly certain
there is no such virus, but crashes and errant programs can
affect the battery backed clock making it stop or run incredibly
fast. This program will reset the clock mode. (AmigaDOS 1.3's
"setclock" has this feature reset feature built-in.)

crc.zoo
This program will generate CRCs for any number of files,
or will check the CRCs against a prior list. The author
wrote it to verify recoverable RAM drives, disk copies
and file transfers. However, it also works well as a virus
checker. Includes a utility to generate a list of files
with full path names.

guard.arc
The guardian is a resident program to check your system
at reboots. It is dormant at other times. Includes a
version that can be patched into Kickstart. Subsequent
releases are commercially available from Transactor.

vrstrp.arc
This program should be included as the first command in
your startup-sequence. It simply checks its size, and
reports any difference. This will catch any infection
by the (current) IRQ virus.

xboot.zoo
This program will take a file (assumed to be a capture
of a boot block) and convert it into an executable program.
After this, you can use your favorite debugger on the
virus.

- --
Jim Wright
[email protected]

------------------------------

Date: 14 Jul 89 09:33:30 +0000
From: [email protected] (Jim Wright)
Subject: New additions to IBMPC archives

It's about time I posted an announcement of some of the anti-viral
programs I've collected for the IBMPC archives. To find an archive
site near you, check my earlier posting to this list of all the
archive sites cooperating with virus-l/comp.virus. Here are a few
of the recent additions. (However, not all of these are "new"
programs---just programs I've recently found.)

bombchek.arc
2 oldies, plus 2 "new" programs. Includes Chk4Bomb and BombSqad,
as well as WPHD and FPHD. The latter two write/format protect
your hard drive with a TSR.

chklharc.arc
Checks self-extracting LHarchives for potential bombs. A batch
file can be included to automatically execute when archive is
extracted. Now if that batch file included FORMAT C:...

chkup35.arc
Version 3.5 of CheckUP. Performs a "randomized" CRC check
of your files. If nothing else, get this for the five pounds
of documentation. :-)

dprot102.arc
TSR to protect drives. Update to DProtect.arc. No source.

dvir1701.exe
Detects and removes the 1701 virus from .COM files.

epw.arc
Password protect executables (?? - no docs).

f-prot.arc
This package includes a LOT of different utilities to aid in
fighting viruses. There are programs to check memory, check
the boot block, check files, lock files, lock drives, etc.
Also included is a driver to put into your config.sys file.
This release is a beta-test version.

immune.arc
TSR to protect system from Friday 13th and April 1st viruses.

inoculat.arc
VERY simple protection against Lehigh.

md40.arc
Removes many boot/partition viruses, for DOS 4.0 only.
Versions available from author for other releases of MSDOS.

novirus.arc
Checks command processor to detect tampering.

provecrc.arc
Demo of CRC checking, showing some "flaws" of the method.

sentry02.arc
Fast CRC program for verifying all of disk. Reads only a
"vital" portion of each file to determine its integrity.

unvirus.arc
Repairs files after infections of the Friday 13th, April 1st
and Ping-Pong viruses.

vaci13.arc
Checksums OS files.

vdetect.arc
Virus detecter tracks all files on disk.

virusgrd.arc
(?? - no docs)

viruscan.arc
Program to scan an entire disk and determine if any files
are infected with a virus. This is version 0.3v19, which
is aware of 19 viruses but still has some bugs.

vlist01d.arc
Well, in spite of the fact that it's not yet "done" I've decided
to distribute my index of the anti-viral archives. The file is
a DeVice Independent (.dvi) file produced as the output of TeX.
You will need a driver or previewer to use the file. At the
moment, the chances of a plain-text version seem slim. If there
is demand, I could also make a PostScript version available.
This version only covers IBMPC programs and IBMPC documents.
I plan to expand it to Amiga progs/docs and general documents.

- --
Jim Wright
[email protected]

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253