Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!apple!voder!pyramid!octopus!vsi1!daver!dlb!netcomsv!mrs From: mrs@netcom.COM (Morgan Schweers) Newsgroups: comp.binaries.ibm.pc.d Subject: Re: problem with CLEAN76 Message-ID: <1991Apr26.031242.25517@netcom.COM> Date: 26 Apr 91 03:12:42 GMT References: <1991Apr21.003419.25529@watserv1.waterloo.edu> <1991Apr20.223343.46273@vaxb.acs.unt.edu> Organization: McAfee Associates Lines: 77 Some time ago groot@idca.tds.philips.nl (Henk de Groot) happily said: >In <1991Apr20.223343.46273@vaxb.acs.unt.edu> ff76@vaxb.acs.unt.edu writes: > >>In article <1991Apr21.003419.25529@watserv1.waterloo.edu>, pfratar@watserv1.waterloo.edu (Paul Frattaroli - DCS) writes: >>> >>> Yes, McAffee issued a statement about not using {scanv,vshld,clean}76 >>> because there are problems. New versions I think will come out soon.... > >>Pardon me, but the problem was with version 76. The recommended versions >>are SCAN 76-C, VSHLD 76-C and CLEAN 75. And these are the ones that are >>currently available in the SIMTEL arvichives and the mirror server in >>wuarchive.wustl.edu. > >I am surprised that not everyone is sick and tired of McAffee's products, >they seem to be buggy over and over again! I use F-PROT which proved to be >much more stable, is according to reports in comp.virus better in finding >variants of virusses, is better is finding viruses anyway, has the ability >to add signatures if a new nasty comes out, it's a lot cheeper (private >use is free of charge), it only runs a little slower when scanning all >files but f-driver is faster than vshield. And.. F-PROT is much more >flexible than SCAN & Co. Greetings, Howdy! I'll admit that this message is probably pretty self-serving, but (being that I'm one of the programmers working on SCAN/CLEAN) here's my thoughts. (They *DON'T* reflect the opinions of the company.) If you have a recommended feature for SCAN/CLEAN, feel free to drop by our BBS and leave a message. We've added a lot of features in the recent versions on the basis of users clamoring for them. For example, there is the /NOPAUSE (don't pause every screenful), /NOBREAK (don't allow the CTRL-BREAK key during scanning), and the /EXT option for scanning with external scan strings. Our scan strings are in straight hexadecimal, so anyone can create a string to scan for. In regards to bugs, if you have a bug with a release version of SCAN or CLEAN, feel free to tell me. You can also send bug reports to Aryeh Goretsky at aryehg@tacom-emh1.army.mil. (It forwards to his normal mail address which isn't supported by some mailers.) I appreciate hearing about legit bugs. Especially if you can reproduce them, and send me files which will cause them. I try to write bugfree code. We test as best we can, but our products are only as good as our best beta testers. This is why I, at least, welcome bug reports from the net. I tend to find that net.readers have a good idea of what *SHOULD* be happening, especially when it isn't. I will be posting up the next release of SCAN/CLEAN to comp.binaries.ibm.pc when it comes out. I don't mind it being released, but I *REALLY* would prefer that someone asks us before doing it. (If someone had asked, for example, last time then we would have been able to warn about the problem. *sigh*) The bug mentioned about the Liberty, however, is one I'm not familiar with. It sounds to me as if you had files which used internal overlays and the CLEAN program proceeded to remove the virus, and everything after it in the file. In effect, truncating at the beginning of the virus. The problem may have been, however, that there was additional windows code after that. Most virus removers have code which checks for internal-overlay files and warn you that the virus cannot be safely removed from those files. The Liberty did not have that code, unfortunately. *sigh* It's things like this that I need to know. Many thanks to the author, who has been (unfortunately) lost in the tracks of response-time. Current versions: SCANV76C, VSHIELD76C, CLEAN75. >Henk. > >-- > / / Henk de Groot | Department: PG 9000i - System Services > /---/ __ __ / V2/A12-A13 | Internet : groot@idca.tds.philips.nl >/ / (-_ / / /( Tel: +31 55 432099 | == PHILIPS INFORMATION SYSTEMS == > Disclaimer: I only speak for myself, not for my employer! -- Morgan Schweers +----- Nope. Nope, nope. No, my company doesn't agree with everything I say. Yep, what I say is particularly my own opinion. Yep, my net.address is mrs@netcom.com or ms@gnu.ai.mit.edu. -- mrs@netcom.com -----+