Abstracts of files as of Thu Apr 1 03:13:53 PST 1993 Directory: info-mac/virus #### TEXT 00what-to-use.txt **** Here are our current recommendations for virus-related tools. Such tools can be divided into three classes: those that prevent infections, those that warn you when an infection is present, and those that remove infection. This message only discusses non-commercial software. 1. Prevention Two excellent tools for prevention of viral infections are the Disinfectant extension (distributed as part of the Disinfectant application) and the Gatekeeper package. The Disinfectant extension is very easy to install and requires no user configuration. However, it is important to stay up-to-date with this tool, because it only recognizes viruses it has been taught about. Gatekeeper is an effective virus-prevention method for the more technically inclined. It requires some customization to work well in a particular environment. The benefit of Gatekeeper is that it provides some protection against some possible kinds of future virus, not just #### BINHEX disinfectant-30.hqx **** Date: Wed, 24 Feb 1993 23:16:11 -0600 From: j-norstad@nwu.edu (John Norstad) Subject: Disinfectant 3.0 Disinfectant 3.0 February 24, 1993 Disinfectant 3.0 is a new release of our free Macintosh anti-viral utility. Version 3.0 detects the new T4-C strain of the T4 virus and a new version of the CDEF virus. The new T4-C strain of the T4 virus is very similar to the T4-A strain. It was discovered at the University of Illinois at Urbana-Champaign by a Gatekeeper user when an infected application attempted to rename itself "Disinfectant". Thanks to Chris Johnson and his Gatekeeper program for helping to discover this new strain. The new version of the CDEF virus was discovered in New York. There are only minor technical differences between the new version and the original virus. Unfortunately, the new version escaped detection by the Disinfectant version 2.9 protection INIT (but not by the application). The Disinfectant version 3.0 INIT fixes this problem. In version 3.0, both the INIT and the application recognize both the original virus and the new version. Please consult the Disinfectant online manual for more detailed information about the T4 and CDEF viruses. Note that this version 3.0 is NOT a major new release of Disinfectant with major new features. Normally, with Mac programs, a minor upgrade is indicated by increasing the number after the decimal point in the version number. According to this rule, this new version should be numbered 2.10. Unfortunately, Apple's version numbering scheme does not permit more than one digit after the decimal point. For this reason, this new version is numbered 3.0. We also fixed some errors which could cause crashes when scanning pathological files with very large resources (e.g., the "PSpice" program). This version also fixes a problem with Aladdin Systems' StuffIt SpaceSaver product. In some cases, Disinfectant would improperly report that compressed files had damaged resource forks. Disinfectant 3.0 is available now via anonymous FTP from site ftp.acns.nwu.edu [129.105.113.52]. It will also be available soon on sumex-aim.stanford.edu and info-mac mirror sites, rascal.ics.utexas.edu, comp.binaries.mac, America Online, CompuServe, GEnie, Delphi, BIX, MacNet, Calvacom, and other popular sources of free and shareware software. Macintosh users who do not have access to electronic sources of free and shareware software may obtain a copy of Disinfectant by sending a self- addressed stamped envelope and an 800K floppy disk to the author at the address given below. People outside the US may send an international postal reply coupon instead of US stamps (available from any post office). Please use sturdy envelopes, preferably cardboard disk mailers. People in Western Europe may obtain a copy of the latest version of Disinfectant by sending a self-addressed disk mailer and an 800K floppy disk to macclub benelux. Stamps are not required. The address is: macclub benelux Disinfectant Update Wirtzfeld Valley 140 B-4761 Bullingen Belgium Mactivity-macclub benelux also offers an international update service for Disinfectant. This service is available to people anywhere in the world, not just Western Europe. For a fee they will send you new versions of Disinfectant as new viruses appear. Write to them at the above address for more information. John Norstad Academic Computing and Network Services Northwestern University 2129 Campus Drive North Evanston, IL 60208 USA j-norstad@nwu.edu John Norstad Academic Computing and Network Services Northwestern University j-norstad@nwu.edu #### BINHEX gatekeeper-127.hqx **** Date: Wed, 20 Jan 93 12:09:04 -0600 From: chrisj@bongo.cc.utexas.edu (Chris Johnson) Subject: Gatekeeper 1.2.7 Gatekeeper 1.2.7 is a set of Macintosh system extensions (INITs) and related control panels (cdevs) which, when active (i.e. allowed to install themselves during the boot process) offer protection against attacks by all known viruses (to the author at the time of this release). Gatekeeper also monitors computer activities for what are considered to be suspicious 'events' or 'operations', in an attempt to intercept what could be variants of known viruses or even completely new viruses. Since its initial release in January of 1989, Gatekeeper has repeatedly demonstrated its ability to stop the spread of viruses which were unknown during its design. Like any anti- virus system, however, it cannot guarantee complete protection. Of course, no claims or promises are made regarding Gatekeeper's effectiveness or suitability, and some functions and capabil- ities of Gatekeeper are non-trivial to use and may require a careful reading of the documentation. Version 1.2.7 enhances the capabilities of, and corrects bugs in, version 1.2.6. Chris Johnson Internet: chrisj@emx.cc.utexas.edu UUCP: {husc6|uunet}!cs.utexas.edu!ut-emx!chrisj BITNET: chrisj@utxvm.bitnet CompuServe: >INTERNET:chrisj@emx.cc.utexas.edu AppleLink: chrisj@emx.cc.utexas.edu@internet# #### BINHEX mactools-defs-0393.hqx **** Date: Wed, 17 Mar 1993 11:40:41 -0800 From: Chall Fry Subject: mactools-defs-0393.hqx Info-Mac Moderators, Please place this file in /info-mac/virus. Thanks. Users, This file contains the latest antidote descriptions for MacTools Antivirus. Instructions for loading the antidotes are contained within. This file is compressed as a self extracting archive. --Chall Fry Central Point Software #### BINHEX rival-defs-0193.hqx **** Date: 26 Jan 93 09:03 GMT From: NONE.FRED@AppleLink.Apple.COM (France - nOne Corp, F Miserey,IDV) Subject: Re: [*] Central Point AntiViru Bill, BTW, here is latest Rival Trojans Vaccine that deals with CPro trojan. Yours, Frederic #### BINHEX sam-virus-defs-0293.hqx **** Date: 24 Feb 93 06:27 GMT Subject: SAM Virus Definitions File Here's the latest SAM virus definitions file. It works for both SAM 3.0 and SAM 3.5. #### BINHEX virus-detective-505.hqx **** Date: 01 Jul 92 17:25 GMT From: KILROY@applelink.apple.com (Shulman, Jeffrey,PRT) Subject: VirusDetective 5.0.5 Hunts down ("detects") viruses & Trojan Horses 'BEFORE' they get a chance to lay waste your Macintosh by looking for "fingerprints" viruses leave. Prevention is the best cure! Customizable (change, add or delete) search strings. Can read search string list from a text file, or write list to text file; also appends. Choose your own word processor 'text' file formats (such as MacWrite II). Create your own search strings. Can write logs of all files, or only infected files. Status box includes progress bar. When in midst of scan, telltale sign is its "four-diamond" cursor. Automatically scans whole bunch of floppy disks (one after another) or on individual, "as needed" basis. Gives detailed technical info of infected files. Protect settings from tampering via password. Full internal Help files; copy to Clipboard. Unattended operation. System 7.0 Balloon Help. When virus is discovered, we provide search strings which get posted to major electronic bulletin boards & mailed to all registered users. Elegant "look & feel". A pleasure to use. And much more! Min. req.: Mac Plus; System 6.0.2. System 7.0 friendly. VirusDetective 5.0.5 adds search string for the T4 virus. You only need the search string file if you already have VirusDetective 5.0.x. #### BINHEX virus-detective-506-strings.hqx **** Date: 06 Jul 92 02:11 GMT From: KILROY@AppleLink.Apple.COM (Shulman, Jeffrey,PRT) Subject: VD 5.0.6 Search Strings These are the search string files for VirusDetective 5.0.6. They include the search string for detecting the ChinaTalk Trojan. You need only download this file if you already have VirusDetective 5.0.x.