From: Kenneth R. van Wyk (The Moderator) Errors-To: krvw@SEI.CMU.EDU To: VIRUS-L@IBM1.CC.LEHIGH.EDU Path: sei.cmu.edu!krvw Subject: VIRUS-L Digest V2 #152 Reply-To: VIRUS-L@IBM1.CC.LEHIGH.EDU -------- VIRUS-L Digest Friday, 14 Jul 1989 Volume 2 : Issue 152 Today's Topics: Virus Archives New Version of VIRUSCAN Intro to archives Archive sites -- Amiga Archive sites -- Apple II Archive sites -- Atari ST Archive sites -- Documentation Archive sites -- Mac Archive sites -- IBMPC New additions to Amiga archives New additions to IBMPC archives --------------------------------------------------------------------------- Date: 13 Jul 89 17:54:35 +0000 From: pozzo@CS.UCLA.EDU Subject: Virus Archives I noticed several postings regarding archives concerning different viruses. I got the ftp addr for the Macintosh virus archives but can't locate the information for the other archives. Is this information stored somewhere? I would like to get the archives. Thanks. - -Maria ------------------------------ Date: Thu, 13 Jul 89 16:38:17 -0700 From: portal!cup.portal.com!Alan_J_Roberts@Sun.COM Subject: New Version of VIRUSCAN The new version V26 of VIRUSCAN can now identify the FuManchu and the Traceback (3066) viruses. No reports of the 3066 in the States yet, but sure to come. The new version is available on HomeBase - 408 988 4004. Alan Roberts ------------------------------ Date: 14 Jul 89 07:43:30 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Intro to archives # Introduction to the Anti-viral archives... # Listing of 14 July 1989 This posting is the introduction to the "official" anti-viral archives of virus-l/comp.virus. With the generous cooperation of many sites throughout the world, we are attempting to make available to all the most recent news and programs for dealing with the virus problem. Currently we have sites for Amiga, Apple II, Atari ST, IBMPC and Macintosh microcomputers, as well as sites carrying research papers and reports of general interest. We don't yet have a site dedicated to the "big boys", but are on the look. Volunteers welcome. If you have general questions regarding the archives, you can send them to this list or to me. I'll do my best to help. If you have an archive site and would like to volunteer your site (and are in a position to do so! :-), send me a message. Also, if you have a submission for the archives, you can send it to me or to one of the persons in charge of the relevant sites. I have completed my research here at Iowa State and will soon be moving on. I'll keep the list updated as to my whereabouts. (I *do* plan on having net access at my next job! :-) This round of announcements introduces Simtel to the IBMPC side of our archives. With the mail-based service many other sites provide for the Simtel archives, this should provide access to the archives to many "Bitnet-bound" folks out there. If you have any corrections to the lists, please let me know. It appears I completely fumbled the Mac listings last time. The list should be correct now. - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ Date: 14 Jul 89 07:49:40 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Archive sites -- Amiga # Anti-viral archive sites for the Amigoids... # Listing of 14 July 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The Amiga index for the virus archives can be retrieved as request: amiga topic: index For further details send a message with the text help The administrative address is ms.uky.edu Sean Casey Access is through anonymous ftp. The Amiga anti-viral archives can be found in /pub/amiga/Antivirus. The IP address is 128.163.128.6. pd-software.lancaster.ac.uk Steve Jenkins I'm not sure of access, but you Brits ought to know by now. :-) uxe.cso.uiuc.edu Lionel Hummel The archives are in /amiga/virus. There is also a lot of stuff to be found in the Fish collection. The IP address is 128.174.5.54. - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ Date: 14 Jul 89 07:50:39 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Archive sites -- Apple II # Anti-viral archive sites for the Apple II types... # Listing of 22 June 1989 brownvm.bitnet Chris Chung Access is through LISTSERV, using SEND, TELL and MAIL commands. Files are stored as apple2-l xx-xxxxx where the x's are the file number. cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The Apple II index for the virus archives can be retrieved as request: apple topic: index For further details send a message with the text help The administrative address is pd-software.lancaster.ac.uk Steve Jenkins I'm not sure of access, but you Brits ought to know by now. :-) - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ Date: 14 Jul 89 07:51:33 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Archive sites -- Atari ST # Anti-viral archive sites for the Atarians... # Listing of 22 June 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The Atari ST index for the virus archives can be retrieved as request: atari topic: index For further details send a message with the text help The administrative address is . pd-software.lancaster.ac.uk Steve Jenkins I'm not sure of access, but you Brits ought to know by now. :-) ssyx.ucsc.edu Steve Grimm Access to the archives is through FTP or mail server. With ftp, look in the directory /pub/virus. The IP address is 128.114.133.1. For instructions on the mail-based archiver server, send help to . - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ Date: 14 Jul 89 07:53:07 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Archive sites -- Documentation # Anti-viral archive sites for the scholarly crowd... # Listing of 22 June 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The index for the **GENERAL** virus archives can be retrieved as request: general topic: index The index for the **MISC.** virus archives can be retrieved as request: misc topic: index **VIRUS-L** entries are stored in monthly and weekly digest form from May 1988 to December 1988. These are accessed as log.8804 where the topic substring is comprised of the year, month and a week letter. The topics are: 8804, 8805, 8806 - monthly digests up to June 1988 8806a, 8806b, 8806c, 8806d, 8807a .. 8812d - weekly digests The following daily digest format started on Wed 9 Nov 1988. Digests are stored by volume number, e.g. request: virus topic: v1.2 would retrieve issue 2 of volume 1, in addition v1.index, v2.index and v1.contents, v2.contents will retrieve an index of available digests and a extracted list of the the contents of each volume respectively. **COMP.RISKS** archives from v7.96 are available on line as: request: comp.risks topic: v7.96 where topic is the issue number, as above v7.index, v8.index and v7.contents and v8.contents will retrieve indexes and contents lists. For further details send a message with the text help The administrative address is lehiibm1.bitnet Ken van Wyk new: This site has archives of VIRUS-L, and many papers of general interest. Access is through ftp, IP address 128.180.2.1. The directories of interest are VIRUS-L and VIRUS-P. There may also be mail access. This archive may go away with the departure of Ken. lll-winken.llnl.gov Vijay Subramanian This site has archives of VIRUS-L, and many papers of general interest. Access is through ftp, IP address 128.115.14.1. There are quite a number of subdirectories living under /virus-l. I have been unable to get through for several months; I understand they are having trouble upgrading their network. pd-software.lancaster.ac.uk Steve Jenkins I'm not sure of access, but you Brits ought to know by now. :-) unma.unm.edu Dave Grisham This site has a collection of ethics documents. Included are legislation from several states and policies from many institutions. Access is through ftp, IP address 129.24.8.1. Look in the directory /ethics. - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ Date: 14 Jul 89 07:55:32 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Archive sites -- Mac # Anti-viral archive sites for the Macindroids... # Listing of 1 July 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The Mac index for the virus archives can be retrieved as request: mac topic: index For further details send a message with the text help The administrative address is ifi.ethz.ch Danny Schwendener Access is through SPAN/HEPnet, but can also be reached using X.25 and modem ports (no direct dialins, though). Archives are in process of moving to a new machine. pd-software.lancaster.ac.uk Steve Jenkins I'm not sure of access, but you Brits ought to know by now. :-) rascal.ics.utexas.edu Werner Uhrig Access is through anonymous ftp, IP number is 128.83.144.1. Archives can be found in the directory mac/virus-tools. Please retrieve the file 00.INDEX and review it offline. Due to the size of the archive, online browsing is discouraged. scfvm.bitnet Joe McMahon Access is via LISTSERV. SCFVM offers an "automatic update" service. Send the message AFD ADD VIRUSREM PACKAGE and you will receive updates as the archive is updated. You can also subscribe to automatic file update information with FUI ADD VIRUSREM PACKAGE sumex.stanford.edu Bill Lipa Access is through anonymous ftp, IP number is 36.44.0.6. Archives can be found in /info-mac/virus. Administrative queries to . Submissions to . There are a number of sites which maintain shadow archives of the info-mac archives at sumex: * MACSERV@PUCC services the Bitnet community * LISTSERV@RICE for e-mail users * FILESERV@IRLEARN for folks in Europe wsmr-simtel20.army.mil Robert Thum Access is through anonymous ftp, IP number 26.2.0.74. Archives can be found in PD3:. Please get the file 00README.TXT and review it offline. - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ Date: 14 Jul 89 07:58:41 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: Archive sites -- IBMPC # Anti-viral archive sites catering to the IBMPC crowd... # Listing of 05 July 1989 cs.hw.ac.uk Dave Ferbrache NIFTP from JANET sites, login as "guest". Electronic mail to . Main access is through mail server. The master index for the virus archives can be retrieved as request: virus topic: index The IBMPC index for the virus archives can be retrieved as request: ibmpc topic: index For further details send a message with the text help The administrative address is ms.uky.edu Daniel Chaney This site can be reached through anonymous ftp. The IBMPC anti-viral archives can be found in /pub/msdos/AntiVirus. The IP address is 128.163.128.6. pd-software.lancaster.ac.uk Steve Jenkins I'm not sure of access, but you Brits ought to know by now. :-) wsmr-simtel20.army.mil Keith Peterson Direct access is through anonymous ftp, IP 26.2.0.74. The anti-viral archives are in PD1:. Simtel is a TOPS-20 machine, and as such you should use "tenex" mode and not "binary" mode to retreive archives. Please get the file 00-INDEX.TXT using "ascii" mode and review it offline. NOTE: There are also a number of servers which provide access to the archives at simtel. WSMR-SIMTEL20.Army.Mil can be accessed using LISTSERV commands from BITNET via LISTSERV@NDSUVM1, LISTSERV@RPIECS and in Europe from EARN TRICKLE servers. Send commands to TRICKLE@ (for example: TRICKLE@AWIWUW11). The following TRICKLE servers are presently available: AWIWUW11 (Austria), BANUFS11 (Belgium), DKTC11 (Denmark), DB0FUB11 (Germany), IMIPOLI (Italy), EB0UB011 (Spain) and TREARN (Turkey). - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ Date: 14 Jul 89 09:32:18 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: New additions to Amiga archives It's about time I posted an announcement of some of the anti-viral programs I've collected for the Amiga archives. To find an archive site near you, check my earlier posting to this list of all the archive sites cooperating with virus-l/comp.virus. Here are a few of the recent additions. (However, not all of these are "new" programs---just programs I've recently found.) bootback.arc A program to backup boot blocks. Includes source. This is worth getting, if only to read the comments in the source code. bootune.arc The program installs a boot block which plays a tune each time you boot. If the song gets messed up, you should suspect something wrong with the boot sector. clkdoct3.arc This program will fix the "clock virus". I'm fairly certain there is no such virus, but crashes and errant programs can affect the battery backed clock making it stop or run incredibly fast. This program will reset the clock mode. (AmigaDOS 1.3's "setclock" has this feature reset feature built-in.) crc.zoo This program will generate CRCs for any number of files, or will check the CRCs against a prior list. The author wrote it to verify recoverable RAM drives, disk copies and file transfers. However, it also works well as a virus checker. Includes a utility to generate a list of files with full path names. guard.arc The guardian is a resident program to check your system at reboots. It is dormant at other times. Includes a version that can be patched into Kickstart. Subsequent releases are commercially available from Transactor. vrstrp.arc This program should be included as the first command in your startup-sequence. It simply checks its size, and reports any difference. This will catch any infection by the (current) IRQ virus. xboot.zoo This program will take a file (assumed to be a capture of a boot block) and convert it into an executable program. After this, you can use your favorite debugger on the virus. - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ Date: 14 Jul 89 09:33:30 +0000 From: jwright@atanasoff.cs.iastate.edu (Jim Wright) Subject: New additions to IBMPC archives It's about time I posted an announcement of some of the anti-viral programs I've collected for the IBMPC archives. To find an archive site near you, check my earlier posting to this list of all the archive sites cooperating with virus-l/comp.virus. Here are a few of the recent additions. (However, not all of these are "new" programs---just programs I've recently found.) bombchek.arc 2 oldies, plus 2 "new" programs. Includes Chk4Bomb and BombSqad, as well as WPHD and FPHD. The latter two write/format protect your hard drive with a TSR. chklharc.arc Checks self-extracting LHarchives for potential bombs. A batch file can be included to automatically execute when archive is extracted. Now if that batch file included FORMAT C:... chkup35.arc Version 3.5 of CheckUP. Performs a "randomized" CRC check of your files. If nothing else, get this for the five pounds of documentation. :-) dprot102.arc TSR to protect drives. Update to DProtect.arc. No source. dvir1701.exe Detects and removes the 1701 virus from .COM files. epw.arc Password protect executables (?? - no docs). f-prot.arc This package includes a LOT of different utilities to aid in fighting viruses. There are programs to check memory, check the boot block, check files, lock files, lock drives, etc. Also included is a driver to put into your config.sys file. This release is a beta-test version. immune.arc TSR to protect system from Friday 13th and April 1st viruses. inoculat.arc VERY simple protection against Lehigh. md40.arc Removes many boot/partition viruses, for DOS 4.0 only. Versions available from author for other releases of MSDOS. novirus.arc Checks command processor to detect tampering. provecrc.arc Demo of CRC checking, showing some "flaws" of the method. sentry02.arc Fast CRC program for verifying all of disk. Reads only a "vital" portion of each file to determine its integrity. unvirus.arc Repairs files after infections of the Friday 13th, April 1st and Ping-Pong viruses. vaci13.arc Checksums OS files. vdetect.arc Virus detecter tracks all files on disk. virusgrd.arc (?? - no docs) viruscan.arc Program to scan an entire disk and determine if any files are infected with a virus. This is version 0.3v19, which is aware of 19 viruses but still has some bugs. vlist01d.arc Well, in spite of the fact that it's not yet "done" I've decided to distribute my index of the anti-viral archives. The file is a DeVice Independent (.dvi) file produced as the output of TeX. You will need a driver or previewer to use the file. At the moment, the chances of a plain-text version seem slim. If there is demand, I could also make a PostScript version available. This version only covers IBMPC programs and IBMPC documents. I plan to expand it to Amiga progs/docs and general documents. - -- Jim Wright jwright@atanasoff.cs.iastate.edu ------------------------------ End of VIRUS-L Digest *********************