Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!umich!sharkey!msuinfo!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: berg@cip-s02.informatik.rwth-aachen.de (SRB)
Newsgroups: comp.virus
Subject: Re: Validating Virus Software
Message-ID: <0010.9004111326.AA11326@ubu.cert.sei.cmu.edu>
Date: 11 Apr 90 12:55:19 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 16
Approved: krvw@sei.cmu.edu

In article <see References:> (Gary Mathews) writes:
>In fact, a list of must commonly used programs should be included on
>such a list, but for now the validated strings of the lastest versions
>for the scan and clean programs should be publically accessible.  Many

I always wondered: shouldn't the crc-32 and crc-16 of zip and arc files be
unique enough to validate any file?

Why can't we just put these checks and the length of a file on the net.
If you insist, then of course you could add any propietary validation values
like the ones obtained from the validate program.  But I'm pretty sure that
most people trust their favorite zip or arc program more than some kind
of a so-called validate program.
- --
Sincerely,                         | berg@cip-s01.informatik.rwth-aachen.de
           Stephen R. van den Berg | ...!uunet!mcsun!unido!rwthinf!cip-s01!berg