Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!aplcen!haven!umd5!brianf
From: brianf@umd5.umd.edu (Brian Farmer)
Newsgroups: comp.windows.ms
Subject: Re: Viruses
Message-ID: <7073@umd5.umd.edu>
Date: 9 Aug 90 14:10:24 GMT
References: <1358@fs1.ee.ubc.ca> <2043@trlluna.trl.oz>
Reply-To: brianf@umd5.umd.edu (Brian Farmer)
Organization: University of Maryland, College Park
Lines: 31

In article <2043@trlluna.trl.oz> stevens@shiva.trl.oz (Tony Stevens) writes:
>jmorriso@fs0.ee.ubc.ca (John Paul Morrison) writes:
>
>
>The MacAfee Document file specifies the following:
>
>   "Use the /E option to scan specified overlay files.  Scan will
>    default to OVL, OVG, OV1, OV2, OVR, SYS, BIN and PIF.  Scan will
>    search these overlay files for any viruses capable of infecting
>    overlays.  If you are using an application with overlay extensions
>    other than the defaults, then specify the extension names (up to
>    three) using the /E option.  Example:
>
>          SCAN C: /E .ABC .XYZ .123
>   "
>So you can therefore test any overlay file associated with Windows or
>any other programme.
>

One big problem here windows does not use overlays, windows uses segmented
executables.  In a windows .exe file first there is a standard dos exe which
windows reads past when loading the .exe.  These .exe's are very similar
to OS2 .exe's.  If this scanner just looks for a certain string of bytes it
might work but if it reads the .exe structure it may not know the format of a
windows .exe.  I don't know whether or not it will work but I would not 
consider my windows .exe's vacinated until the virus checker says it can check
window's .exe's. 


Brian Farmer
brianf@umd5.umd.edu