Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!cs.utexas.edu!usc!elroy.jpl.nasa.gov!ames!ncar!tank!msuinfo!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: David_Conrad%Wayne-MTS@um.cc.umich.edu
Newsgroups: comp.virus
Subject: Loophole in VIREX 2.6? (Mac)
Message-ID: <0002.9004131250.AA02586@ubu.cert.sei.cmu.edu>
Date: 11 Apr 90 19:31:16 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 21
Approved: krvw@sei.cmu.edu

Mr. James M. Vavrina writes:
>From:    SDSV%ISEC-OA@IBM1.CC.Lehigh.Edu
>Subject: False Indications from VIREX 2.5.1 (MAC)
>
>HJC Software, authors of VIREX Virus Detection Software, has confirmed
>a bug in their software version 2.5.1, ALL software written in
>QuickBasic will give you a false msg of a Trojan Horse being detected.
>HJC Software will be releasing version 2.6 shortly which will correct
>this problem.  It will be sent to all registered users.

   I wonder if this is a problem with VIREX or an anomaly in QuickBasic?
It could be the case that, in the future, any trojan which emulates the
structure of a QB object will be passed over by VIREX, creating a loophole
similar to the one created by checking the "Always Compile MPW INITs" box
in Vaccine.

+-------------------------------------------------------------------------+
| David R. Conrad           (preferred) dconrad%wayne-mts@um.cc.umich.edu |
| /\/\oore Soft\/\/are                  dave@thundercat.com               |
| Disclaimer: No one necessarily shares my views, but anyone is free to.  |
+-------------------------------------------------------------------------+