Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!news.cs.indiana.edu!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: umbc3!umbc3.umbc.edu!cs106132@uunet.UU.NET (cs106132)
Newsgroups: comp.virus
Subject: F-PROT and FluShot problems
Message-ID: <0007.9105061316.AA01852@ubu.cert.sei.cmu.edu>
Date: 3 May 91 17:10:20 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 17
Approved: krvw@sei.cmu.edu


   Hello,
I was testing the new release of F-PROT 1.15a the other day, and came
across an interesting problem.  It happened when a variant of 4096 was
active.  Since F-PROT did not know this strain, it could not detect
it.  This is expected as the documentation hints.  However, when I ran
F-OSCHK, the virus infected the system files (IBMBIO....), the result
was a non-bootable hard disk.  This indicates that F-PROT can actually
contribute to the spread of this kind of viruses.  This is not a bug
type of thing, it is a design flaw!
   I repeated the same test using FluShot+ (1.81), the same thing
happened in a slightly different manner.  But the system again became
impossible to boot from the hard disk.  I had to run SYS C: to restore
the sanity of the system.  Any comments?

Regards,
Tarkan