Xref: utzoo comp.binaries.ibm.pc.d:13998 comp.compression:445
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!apple!agate!e260-1g.berkeley.edu!c60b-1eq
From: c60b-1eq@e260-1g.berkeley.edu (Noam Mendelson)
Newsgroups: comp.binaries.ibm.pc.d,comp.compression
Subject: Re: LHA212JP.EXE .lzh archiver at garbo.uwasa.fi
Keywords: japan lha
Message-ID: <1991Apr24.030220.15637@agate.berkeley.edu>
Date: 24 Apr 91 03:02:20 GMT
References: <1991Apr21.074001.18243@uwasa.fi> <1991Apr22.032912.23254@agate.berkeley.edu> <1991Apr23.113026.2657@unlinfo.unl.edu>
Sender: root@agate.berkeley.edu (Charlie Root)
Organization: University of California, Berkeley
Lines: 20

In article <1991Apr23.113026.2657@unlinfo.unl.edu> riddle@hoss.unl.edu (Michael H. Riddle) writes:
>McAfee has identified over 501 virus strains now known for MS-DOS.  Am I
>the only one who is concerned about infection potential in SFX.EXE-type
>files?
>		Is there a method I'm not aware of?  Does anyone have
>any comments? (Like I'm too paranoid, or maybe something useful?)

The newer versions of LHa and PKZIP can extract their SFX files.  I.e.,
if you get lha212.exe and want to unpack it using an LHa.exe you already
have, just do 'lha x lha212.exe'.
This works around the very important virus problem that you mentioned.
No matter how reliable the source, a hacker can always seed it with a virus.
Better to be safe than sorry.


-- 
+==========================================================================+
| Noam Mendelson   ..!ucbvax!web!c60b-1eq       | "I haven't lost my mind, |
| c60b-1eq@web.Berkeley.EDU                     |  it's backed up on tape  |
| University of California at Berkeley          |  somewhere."             |