Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!bcm!dimacs.rutgers.edu!aramis.rutgers.edu!paul.rutgers.edu!njin!njitgw!mars.njit.edu!cd5340
From: cd5340@mars.njit.edu (Charlap)
Newsgroups: comp.sys.novell
Subject: Re: A virus on a novell LAN.
Message-ID: <2170@njitgw.njit.edu>
Date: 29 Jan 91 23:21:28 GMT
References: <1991Jan21.210144.21385@cerberus.bhpese.oz.au> <1991Jan23.001244.8432@techbook.com> <1991Jan29.192211.1413@usenet.ins.cwru.edu>
Sender: news@njitgw.njit.edu
Organization: New Jersey Institute of Technology
Lines: 12

In article <1991Jan29.192211.1413@usenet.ins.cwru.edu> david@po.CWRU.Edu writes:
>	Problem:  Execute-Only files can not be opened for reading except by 
>an execute call.  Therefore, how is this being done, or is it not, and it
>just looks like it is scanning these files?  If it is actually scanning the
>files in their entirety, McAfee has broken the Execute-Only copy protection.

It may not be as un-breakable as you think.  IPX knows nothing of calls to
execute or read.  That's all a function of NET4.EXE or the equivalent program
on your PC.  If you read the file using only IPX calls, then there is no
protection to be broken.  Needless to say, these calls aren't very
documented, but I've seen it done.  A program that makes IPX calls can do
the equivalent of SUPERVISOR actions without too much trouble.