Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!ux1.cso.uiuc.edu!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: CHESS@YKTVMV.BITNET (David.M..Chess) Newsgroups: comp.virus Subject: re: Jerusalem virus infects boot sector ? No! (PC) Message-ID: <0006.8910271923.AA15849@ge.sei.cmu.edu> Date: 27 Oct 89 00:00:00 GMT Sender: Virus Discussion List Lines: 27 Approved: krvw@sei.cmu.edu I wrote to Jan T. about this, and he confirms that the "Jerusalem" does *not* infect boot sectors. His officially-distributed list of virus signatures doesn't say that it does, so what you were reading was probably a version that someone else had modified by inserting wrong information. Message from Jan follows. (Note that the "Virscan" program that he's talking about is *not* the IBM Virus Scanning Program, but another program whose executable is also called VIRSCAN...) " I would appreciate if you could explain that the list that is distributed via " the "Software Distribution Network" on FIDONET is a *verified* list of virus " signatures that has been extensively tested by a number of people. The list " contains a notice not to distribute modified copies of the original file. " For those without access to other networks, the latest fresh copy of the " VIRSCAN.DAT file is available on any of the "SDN" nodes in FIDONET within 24 " hours after the master copy on 2:512/10.0 is refreshed. The file is usually " available as VIRUSSIG.ZIP or VIRUSSIG.PAK " Anything that is not directly pulled off a "SDN" node is probably not the " original...... " " There were several modified versions of the file going round with the wrong " information and 1 version of the file rendered the Virscan program useless " because of the info being in the wrong format, pointing to EXE instead of COM " files, etcetera. " "