Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!shadooby!ginosko!usc!sdsu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: thomas@mvac23.uucp (Thomas Lapp)
Newsgroups: comp.virus
Subject: RE: IBM-PC virus scanning program from IBM
Message-ID: <0006.8910231202.AA07114@ge.sei.cmu.edu>
Date: 9 Oct 89 22:30:06 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 29
Approved: krvw@sei.cmu.edu

Regarding a recent message sent which reproduced an IBM internal memo
about their VIRSCAN program:

>                                                  September 29, 1989
>
>  The program tests executable files on disks for signature strings that
>  are found in some common DOS computer viruses.  For each drive specified
>  it will also test the drive for boot sector viruses.
>
>  VIRSCAN.EXE is the executable program.  It will run under DOS 2.0, 2.1,
>  3.1, 3.2, 3.3, 4.0 and OS/2* 1.0, 1.1, and 1.2.  It will not support
>  OS/2 1.2 with high performance file system names.

I used this program on some PC's at work last week.  The program
VIRSCAN is the executable, however it uses two other files to obtain
the search strings and the message to be sent to the user if the
search string is found.  The search files are in ASCII and can be
modified to include more virus strings as necessary.  Obviously,
greater the search string, the less likely there will be a false
positive.  Since it reports the number of files searched and number of
disks checked, I suspect that this program would not be able to find
those viruses which reside on sectors which are then marked bad.
                         - tom
- --
internet     : mvac23!thomas@udel.edu  or  thomas%mvac23@udel.edu
uucp         : {ucbvax,mcvax,psuvax1,uunet}!udel!mvac23!thomas
Europe Bitnet: THOMAS1@GRATHUN1
Location: Newark, DE, USA
Quote   : Virtual Address eXtension.  Is that like a 9-digit zip code?