Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!mailrus!cs.utexas.edu!asuvax!ncar!tank!msuinfo!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: kellogg@prodigal.psych.rochester.edu (Carol K. Kellogg) Newsgroups: comp.virus Subject: Re: Virus in Text Files (Mac) Message-ID: <0005.9004131250.AA02586@ubu.cert.sei.cmu.edu> Date: 10 Apr 90 23:19:34 GMT Sender: Virus Discussion List Lines: 35 Approved: krvw@sei.cmu.edu In article 2076, woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal) said, in part... >Macintosh datafiles, as I understand them, have 2 parts, a resource >fork and a data fork. Anything in resource fork (so I've been told) >can execute. Does this imply that one could bury a virus in the >resource fork of a data file? > Arrrgh...more Macintosh Myths. First, one minor correction..."the resource fork of a data file" is an oxymoron - data file usually implies information stored in the data fork (which is non-executable), and a resource file implies a file in which the information is stored in the resource fork (SOME of which is exexcutable). Not _EVERYTHING_ in the resource fork can be executed - only executable resources, such as CODE (actual program code) resources, WDEF (window definition), INIT (startup "terminate and stay resident" type of code), etc. The ONLY way to infect a Mac file is to put a virus in one of these executable resources. Many viruses add their own CODE resource, and then patch the jump table so that they're executed before the rest of the application. There is one virus that spreads infections via WDEF resources, but its fairly easy to guard against. Disinfectant (an excellent virus protection/repair) utility deals effectively with all the known viruses on the Mac. >Woody Lars Kellogg-Stedman kellogg@prodigal.psych.rochester.edu