From: Kenneth R. van Wyk (The Moderator) <krvw@CERT.SEI.CMU.EDU>

From: Kenneth R. van Wyk (The Moderator) <[email protected]>
Errors-To: [email protected]
To: [email protected]
Path: cert.sei.cmu.edu!krvw
Subject: VIRUS-L Digest V5 #18
Reply-To: [email protected]
--------
VIRUS-L Digest Monday, 3 Feb 1992 Volume 5 : Issue 18

Today's Topics:

Introduction to the Anti-viral archives, listing of 01 February 1991
Archive access without anonymous ftp, last changed 30 June 1991
Brief guide to files formats, last changed 12 November 1991
Amiga Anti-viral archive sites, last changed 13 November 1991
Apple II Anti-viral archive sites, last changed 13 November 1991
Atari ST Anti-viral archive sites, last changed 13 November 1991
Anti-viral Documentation archive sites, last changed 13 November 1991
IBMPC Anti-viral archive sites, last changed 06 January 1992
Macintosh Anti-viral archive sites, last changed 13 November 1991
Unix Anti-viral and security archive sites, last changed 30 June 1991

VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc. (The complete set of posting guidelines is available by
FTP on cert.sei.cmu.edu or upon request.) Please sign submissions
with your real name. Send contributions to [email protected]
(that's equivalent to VIRUS-L at LEHIIBM1 for you BITNET folks).
Information on accessing anti-virus, documentation, and back-issue
archives is distributed periodically on the list. Administrative mail
(comments, suggestions, and so forth) should be sent to me at:
[email protected].

Ken van Wyk

----------------------------------------------------------------------

Date: Sat, 01 Feb 92 18:26:31 -1000
From: Jim Wright <[email protected]>
Subject: Introduction to the Anti-viral archives, listing of 01 February 1991

Introduction to the Anti-viral archives, listing of 01 February 1991

This posting is the introduction to the "official" anti-viral archives
of VIRUS-L/comp.virus. With the generous cooperation of many sites
throughout the world, we are attempting to make available to all
the most recent news and programs for dealing with the virus problem.
Currently we have sites for Amiga, Apple II, Atari ST, IBMPC, Macintosh
and Unix computers, as well as sites carrying research papers and
reports of general interest.

If you have general questions regarding the archives, you can send
them to this list or to me. I'll do my best to help. If you have a
submission for the archives, you can send it to me or to one of the
persons in charge of the relevant sites.

If you have any corrections to the lists, please let me know.

The files contained on the participating archive sites are provided freely
on an as-is basis.

To the best of our knowledge, all files contained in the archives are either
Public Domain, Freely Redistributable, or Shareware. If you know of one
that is not, please drop us a line and let us know. Reports of corrupt
files are also welcome.

PLEASE NOTE
The Managers of these systems, and the Maintainers of the archives, CAN NOT
and DO NOT guarantee any of these applications for any purpose. All possible
precautions have been taken to assure you of a safe repository of useful
tools.

Jim Wright
[email protected]
JWRIGHT@UHCFHT

------------------------------

Date: Sat, 01 Feb 92 18:27:01 -1000
From: Jim Wright <[email protected]>
Subject: Archive access without anonymous ftp, last changed 30 June 1991

Archive access without anonymous ftp, last changed 30 June 1991

To get files from the anti-viral archives, you do not need access
to anonymous ftp. (However, anonymous ftp is generally the preferred
method.) Below is information on accessing the archive sites using
only email.

-=-

One way to get access to the archives is through the BITFTP server
at Princeton. Send a message to the BITNET address is BITFTP@PUCC
with the body of the message containing the single word HELP. This
should get you more information, and give you access to any archive
site on the Internet. Due to excessive loads, this service has been
restricted to BITNET and EARN sites only. UUCP sites need not apply.

-=-

Both the AppleII and the Atari ST archives have mail servers which
provide access to their archives. You may receive automatic updates
of Macintosh anti-viral programs via email. See the individual articles
on these sites.

-=-

You may also retrieve files from the SIMTEL-20 and the INFO-MAC
archives by using one of the many mail servers which maintain
a shadow archive of these sites. Send the following message to one
of the listserv sites.

help

See the IBMPC and Macintosh articles for a complete list of servers.

------------------------------

Date: Sat, 01 Feb 92 18:27:32 -1000
From: Jim Wright <[email protected]>
Subject: Brief guide to files formats, last changed 12 November 1991

Brief guide to files formats, last changed 12 November 1991

-- The most recent copy of the complete text may be anonymous ftp'd --
-- from ux1.cso.uiuc.edu (128.174.5.59) in the directory doc/pcnet. --
-- That file is maintained by David Lemson ([email protected]). --
-- Please do not strip this note from this list when passing it on. --

ARC (.arc)
This format is most popular on PCs. Compresses and stores multiple
files in a single archive.
PC - arc 6.02, pk361
Mac - ArcMac 1.3c
Unix - arc 5.21
VM/CMS - arcutil
Amiga - Arc 0.23, PKAX
VMS - arcvms
Apple2 - dearc
Atari - arc 5.21b, pkunarc
OS/2 - arc2

ARJ (.arj)
ARJ is a new archive format for DOS. Compresses and stores multiple
files in a single archive. The author is Robert K Jung,
[email protected].
PC - arj 2.22 (arj222.exe)
Unix - unarj 2.22

BinHex (.hqx)
A Macintosh format. Converts a binary Mac file, including data and
resource forks, into an archive of only printing ASCII characters.
Note that BinHex4.0 will create and decode the ASCII hqx encoding used
on Usenet, while BinHex5.0 will decode the ASCII hqx encoding but will
create a non-ASCII binary file.
PC - xbin 2.3
Mac - BinHex4.0, BinHex5.0
Unix - mcvert
VM/CMS - binhex

binscii ( )
A favorite Apple2 file transmission format. Similar to uu{en,de}code
except it can handle multiple files in a single package.
Apple2 - binscii

Compactor (.cpt)
A new Macintosh format. Compresses and stores multiple files in
a single archive.
Mac - Compactor1.21

compress (.Z)
A Unix format. Compresses a single file in an archive.
PC - u16, comprs16, comp430d
Mac - MacCompress3.2A
Unix - compress
VM/CMS - compress
Amiga - compress
VMS - lzcomp
Apple2 - compress
Atari - compress

Disk Masher (.dms)
This is an Amiga format. Compresses and stores an entire floppy in a
single archive.
Amiga - DMS

LHarc (.lzh)
This format originated on PCs, and is now popular on Amigas. Compresses
and stores multiple files in a single archive.
PC - lha 2.13 (lha213.exe)
Mac - MacLHarc 0.41
Unix - lharc10
Amiga - LHarc 1.21
Atari - lharc113

LHWarp (.lzw)
This is an Amiga format. Compresses and stores an entire floppy in a
single archive. Better compression than plain Warp.
Amiga - Lhwarp

LU (.lbr)
This is an old format that originated with CP/M. It is virtually
non-existent now. Collects multiple files into a single archive
with no compression.
PC - lue220
Mac - ArcMac 1.3c
Unix - lar
VM/CMS - arcutil
VMS - vmssweep

nupack ( )
A favorite Apple2 archive format.
Apple2 - nupack

PackIt (.pit)
An old Macintosh format. Compresses and stores multiple files in a
single archive.
PC - UnPackIt 1.0
Mac - PackIt3.1.3
Unix - unpit

PAK (.pak)
An old PC format. Compresses and stores multiple files in a
single archive. Also the name of an Amiga format which produces
self-extracting archives. Also the name of a new PC format.
PC - PAK 2.51
Unix - arc 5.21
Amiga - PAK 1.0

shell archive (.shar, .sh)
A Unix format. Stores multiple files in a single archive without
compression.
PC - unshar
Mac - UnShar2.0
Unix - sh, unshar
Amiga - UnShar
Apple2 - unshar
Atari - shar

ShrinkIt ( )
A favorite Apple2 archive format.
Apple2 - ShrinkIt

Squeeze (._Q_)
An old PC (CP/M?) format. Compresses and stores multiple files in a
single archive.
PC - sqpc131
VM/CMS - arcutil
Amiga - Sq.Usq
VMS - vmsusq
Atari - ezsqueeze

StuffIt (.sit)
A Macintosh format. Compresses and stores multiple files in a
single archive.
PC - mactopc, UnStuffit 1.0
Mac - StuffIt 1.6
Unix - unsit
Amiga - unsit

tape archive (.tar)
A Unix format. Stores multiple files in a single archive without
compression.
PC - tar, tarread, pax, pdtar
Mac - UnTar2.0
Unix - tar, GNU tar
Amiga - TarSplit, pax
VMS - vmstar
Atari - sttar

uuencode (.uu, .uue)
A Unix format. Converts a binary file into an archive of only
printing ASCII characters suitable for mailing.
PC - uuxref20
Mac - UMCP-Tools1.0
Unix - uuencode, uudecode
VM/CMS - arcutil
Amiga - uuencode, uudecode
VMS - uudecode2.
Apple2 - uu.en.decode

Warp (.wrp)
This is an Amiga format. Compresses and stores an entire floppy in a
single archive.
Amiga - WarpUtil

xxencode (.xx, .xxe)
A Unix format. Converts a binary file into an archive of only
printing ASCII characters suitable for mailing. Solves many of
the problems of uuencode.
PC - uuxref20
Unix - xxencode, xxdecode
VM/CMS - xxencode

ZIP (.zip)
This format is most popular on many systems. Compresses and stores
multiple files in a single archive.
PC - PKZIP/PKUNZIP 1.10, pkz110, unzip 4.10, zip 1.0
Mac - UnZip1.02c
Unix - unzip 4.10, zip 1.0
Amiga - PKAZip 1.01, unzip 4.10
Atari - STZip 0.9 beta
VMS - unzip 4.10, zip 1.0
OS/2 - PKZIP/PKUNZIP 1.02, pkz102-2.exe, unzip 4.10, zip 1.0

ZOO (.zoo)
This format is popular on USENET. Compresses and stores multiple
files in a single archive.
PC - zoo 2.10
Mac - MacBooz2.1
Unix - zoo 2.10
VM/CMS - zoo
Amiga - zoo 2.10
VMS - zoo 2.10
Atari - zoo 2.10
OS/2 - zoo 2.10

ZOOM (.zom)
This is an Amiga format. Compresses and stores an entire floppy in a
single archive. Not in common use due to program speed.
Amiga - zoom

------------------------------

Date: Sat, 01 Feb 92 18:28:02 -1000
From: Jim Wright <[email protected]>
Subject: Amiga Anti-viral archive sites, last changed 13 November 1991

Amiga Anti-viral archive sites, last changed 13 November 1991

ab20.larc.nasa.gov
Tad Guy <[email protected]>
This site can be reached through anonymous ftp.
The Amiga anti-viral archives can be found in the
/amiga/utilities/virus/ and /incoming/amiga/ directories.
The IP address is 128.155.23.64.

beach.gal.utexas.edu
John Perry <[email protected]>
This site can be reached through anonymous ftp.
The Amiga anti-viral archives can be found in the
directory [ANONYMOUS.PUB.VIRUS.AMIGA].
This system is running VMS, not Unix.
The IP address is 129.109.1.207.

ms.uky.edu
Sean Casey <[email protected]>
Access is through anonymous ftp.
The Amiga anti-viral archives can be found in /pub/amiga/Antivirus.
The IP address is 128.163.128.6.

uk.ac.lancs.pdsoft
Steve Jenkins <[email protected]>
Terminals : call lancs.pdsoft, login as "pdsoft", password "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", password "pdsoft".
Anonymous ftp : IP number 148.88.64.2 user "ftp", password "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.

------------------------------

Date: Sat, 01 Feb 92 18:28:33 -1000
From: Jim Wright <[email protected]>
Subject: Apple II Anti-viral archive sites, last changed 13 November 1991

Apple II Anti-viral archive sites, last changed 13 November 1991

brownvm.bitnet
Chris Chung <[email protected]>
Access is through LISTSERV, using SEND, TELL and MAIL commands.
Files are stored as
apple2-l xx-xxxxx
where the x's are the file number.

uk.ac.lancs.pdsoft
Steve Jenkins <[email protected]>
Terminals : call lancs.pdsoft, login as "pdsoft", password "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", password "pdsoft".
Anonymous ftp : IP number 148.88.64.2 user "ftp", password "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.

------------------------------

Date: Sat, 01 Feb 92 18:29:04 -1000
From: Jim Wright <[email protected]>
Subject: Atari ST Anti-viral archive sites, last changed 13 November 1991

Atari ST Anti-viral archive sites, last changed 13 November 1991

atari.archive.umich.edu
Jeff Weiner <[email protected]>
Service via FTP and mail, FTP preferred.
Login as "anonymous", password is your mail address.
For instructions on the mail server, send the message
help
to <[email protected]>
"Index" contains complete listing with descriptions.
"CompInd.Z" contains same list but is compressed.
"ls-lR.Z" contains compressed ls -lR listing.
All anti-viral material is contained in ~atari/utilities/virus
The IP number for this site is 141.211.164.8, but may change.

twitterpater.Eng.Sun.COM
Steve Grimm <[email protected]>
Access to the archives is through mail server.
For instructions on the archiver server, send
help
to <[email protected]>

uk.ac.lancs.pdsoft
Steve Jenkins <[email protected]>
Terminals : call lancs.pdsoft, login as "pdsoft", password "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", password "pdsoft".
Anonymous ftp : IP number 148.88.64.2 user "ftp", password "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.

------------------------------

Date: Sat, 01 Feb 92 18:29:35 -1000
From: Jim Wright <[email protected]>
Subject: Anti-viral Documentation archive sites, last changed 13 November 1991

Anti-viral Documentation archive sites, last changed 13 November 1991

cert.sei.cmu.edu
Kenneth R. van Wyk <[email protected]>
Access is available via anonymous ftp, IP number 192.88.209.5.
This site maintains archives of all VIRUS-L digests, all
CERT advisories, as well as a number of informational documents.
VIRUS-L/comp.virus information is in:
pub/virus-l/archives
pub/virus-l/archives/predig
pub/virus-l/archives/1988
pub/virus-l/archives/1989
pub/virus-l/archives/1990
pub/virus-l/docs
CERT information is in:
pub/cert_advisories
pub/cert-tools_archive

csrc.ncsl.nist.gov
John Wack <[email protected]>
This site is available via anonymous ftp, IP number 129.6.54.11.
The archives contain all security bulletins issued thus far from
incident response teams (CERT, CIAC, FIRST members). It also
contains many security-related publications and resource informa-
tion about viruses and other threats, as well as archives of
VIRUS_Ls and RISK forums. The NIST computer security BBS is also
accessible from this system by logging in to account 'bbs'.

lehiibm1.bitnet
Ken van Wyk <[email protected]> new: <[email protected]>
This site has archives of VIRUS-L, and many papers of
general interest.
Access is through ftp, IP address 128.180.2.1.
The directories of interest are VIRUS-L and VIRUS-P.

uk.ac.lancs.pdsoft
Steve Jenkins <[email protected]>
Terminals : call lancs.pdsoft, login as "pdsoft", password "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", password "pdsoft".
Anonymous ftp : IP number 148.88.64.2 user "ftp", password "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.

unma.unm.edu
Dave Grisham <[email protected]>
This site has a collection of ethics documents.
Included are legislation from several states and policies
from many institutions.
Access is through ftp, IP address 129.24.8.1.
Look in the directory /ethics.

------------------------------

Date: Sat, 01 Feb 92 18:30:06 -1000
From: Jim Wright <[email protected]>
Subject: IBMPC Anti-viral archive sites, last changed 06 January 1992

IBMPC Anti-viral archive sites, last changed 06 January 1992

beach.gal.utexas.edu
John Perry <[email protected]>
This site can be reached through anonymous ftp.
The IBMPC anti-viral archives can be found in the
directory [ANONYMOUS.PUB.VIRUS.PC].
The IP address is 129.109.1.207.

garbo.uwasa.fi
Harri Valkama <[email protected]>
This site can be reached through anonymous ftp and mail server.
The IBMPC anti-viral archives can be found in pc/virus.
For information on the mail server, send a message to
[email protected] with the subject line
garbo-request
and the body of the message
send help
The IP address is 128.214.87.1.

nic.funet.fi
Tapio Keih{nen <[email protected]>
This site (in Finland) can be reached through anonymous ftp.
The IBMPC anti-viral archives are in directory
/pub/msdos/utilities/trojan-pro
The IP address is 128.214.6.100.

risc.ua.edu
James Ford <[email protected]> <[email protected]>
This site can be reached through anonymous ftp.
The IBM-PC anti-virals can be found in pub/ibm-antivirus.
Uploads to pub/00uploads. Uploads are screened.
Requests to [email protected] for UUENCODED files will be filled
on a limited basis as time permits.
The IP address is 130.160.4.7.

uk.ac.lancs.pdsoft
Steve Jenkins <[email protected]>
Terminals : call lancs.pdsoft, login as "pdsoft", password "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", password "pdsoft".
Anonymous ftp : IP number 148.88.64.2 user "ftp", password "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.

urvax.urich.edu
Claude Bersano-Hayes <[email protected]>
This site can be reached through anonymous ftp.
The IBM-PC anti-virals can be found in [MSDOS.ANTIVIRUS].
The IP address is 141.166.1.6.

ux1.cso.uiuc.edu
Mark Zinzow <[email protected]>
This site can be reached through anonymous ftp.
The IBMPC anti-viral archives are in /pc/virus.
The IP address is 128.174.5.59.

wsmr-simtel20.army.mil
Keith Peterson <[email protected]>
Direct access is through anonymous ftp, IP 192.88.110.20.
The anti-viral archives are in PD1:<MSDOS.TROJAN-PRO>.
Please get the file 00-INDEX.TXT and review it offline.
NOTE:
There are also a number of servers which provide access
to the archives at simtel.
WSMR-SIMTEL20.Army.Mil can be accessed using LISTSERV commands
from BITNET via LISTSERV@NDSUVM1, LISTSERV@RPIECS and in Europe
from EARN TRICKLE servers. Send commands to TRICKLE@<host-name>
(for example: TRICKLE@AWIWUW11). The following TRICKLE servers
are presently available: AWIWUW11 (Austria), BANUFS11 (Belgium),
DKTC11 (Denmark), DB0FUB11 (Germany), IMIPOLI (Italy),
EB0UB011 (Spain) and TREARN (Turkey).

------------------------------

Date: Sat, 01 Feb 92 18:30:36 -1000
From: Jim Wright <[email protected]>
Subject: Macintosh Anti-viral archive sites, last changed 13 November 1991

Macintosh Anti-viral archive sites, last changed 13 November 1991

beach.gal.utexas.edu
John Perry <[email protected]>
This site can be reached through anonymous ftp.
The Macintosh anti-viral archives can be found in thee
directory [ANONYMOUS.PUB.VIRUS.MAC].
This system is running VMS, not Unix.
The IP address is 129.109.1.207.

dftnic.gsfc.nasa.gov
Brian Lev <[email protected]> <SDCDCL::LEV> <LEV@DFTBIT>
This site offers the "MacSecure" package, made up of John Norstad's
Disinfectant, and a pair of locally developed HyperCard stacks:
Joe McMahon's "Anti-Viral Doc" and Brian Lev's "MacHelper".
Floppy disk:
Advanced Data Flow Technology Office
Code 930.4
Goddard Space Flight Center
Greenbelt, MD 20771 (Attn: Brian Lev)
DECnet Copy from DFTNIC::CLDATA:[ANONYMOUS_FTP.FILES.MAC]
BinHex (ASCII) format as MACSECURE31.HQX
binary format as MACSECURE31.SEA
Anonymous FTP from DFTNIC.GSFC.NASA.GOV (128.183.10.3)
BinHex (ASCII) format as [.FILES.MAC]MACSECURE31.HQX
binary format as [.FILES.MAC]MACSECURE3.SIT

ifi.ethz.ch
Danny Schwendener <[email protected]>
Interactive access through DECnet (SPAN/HEPnet):
$SET HOST 57434 or $SET HOST AEOLUS
Username: MAC
Interactive access through X.25 (022847911065) or Modem 2400 bps
(+41-1-251-6271):
# CALL B050 <cr><cr>
Username: MAC
Files may also be copied via DECnet (SPAN/HEPnet) from
57434::DISK8:[MAC.TOP.LIBRARY.VIRUS]

rascal.ics.utexas.edu
Werner Uhrig <[email protected]>
Access is through anonymous ftp, IP number is 128.83.138.20.
Archives can be found in the directories mac/virus-catchers
and mac/virus-docs.

scfvm.bitnet
Joe McMahon <[email protected]>
Access is via LISTSERV.
SCFVM offers an "automatic update" service. Send the message
AFD ADD VIRUSREM PACKAGE
and you will receive updates as the archive is updated.
You can also subscribe to automatic file update information with
FUI ADD VIRUSREM PACKAGE

sumex-aim.stanford.edu
Bill Lipa <[email protected]>
Access is through anonymous ftp, IP number is 36.44.0.6.
Archives can be found in /info-mac/virus.
Administrative queries to <[email protected]>.
Submissions to <[email protected]>.
There are a number of sites which maintain shadow archives of
the info-mac archives at sumex:
* MACSERV@PUCC services the Bitnet community
* LISTSERV@RICE for e-mail users
* FILESERV@IRLEARN for folks in Europe

uk.ac.lancs.pdsoft
Steve Jenkins <[email protected]>
Terminals : call lancs.pdsoft, login as "pdsoft", password "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", password "pdsoft".
Anonymous ftp : IP number 148.88.64.2 user "ftp", password "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.

wsmr-simtel20.army.mil
Robert Thum <[email protected]>
Access is through anonymous ftp, IP number 192.88.110.20.
Archives can be found in PD3:<MACINTOSH.VIRUS>.
Please get the file 00README.TXT and review it offline.

------------------------------

Date: Sat, 01 Feb 92 18:31:07 -1000
From: Jim Wright <[email protected]>
Subject: Unix Anti-viral and security archive sites, last changed 30 June 1991

Unix Anti-viral and security archive sites, last changed 30 June 199
Downloaded From P-80 International Information Systems 304-744-2253