Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!pacbell.com!iggy.GW.Vitalink.COM!widener!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: groot@idca.tds.philips.nl (Henk de Groot)
Newsgroups: comp.virus
Subject: Re: What's so bad about self-extracting archives?
Message-ID: <0010.9105081310.AA02449@ubu.cert.sei.cmu.edu>
Date: 8 May 91 09:51:45 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 31
Approved: krvw@sei.cmu.edu

Murray_RJ@cc.curtin.edu.au writes:

>magnus%thep.lu.se@Urd.lth.se (Magnus Olsson) writes:
>> Can't you just first run the archive file through your favourite virus
>> checker, and if it passes the test extract it, and then test the
>> individual files that were inside it? Or have I missed something?

>   Well, yes, I suppose you could, but it involves an extra step which
>is unnecessary. The other objection I have with self-extracting
>archives is that you're stuck with extracting the whole lot, even if
>you only want to find out what the !@#$%^&*() thing does.

Most of the popular archiveing programs (ZIP, LHA, ARJ) are able to
extract files from their SFX files. If you insist on using a shell on
it just rename the .EXE file to a file with the proper extension. You
can avoid virus problems this way.

An ARJ type SFX file allows you to list files just by running the SFX
file with flag "-l". You can also selecively extract files.

The only real problem I see with SFX files is that it may be a trojan
horse.  Just getting files from trusted places will cure this type of
problem.  (Trusted places like SIMTEL20 and Garbo).

Henk.

- --
  /   /            Henk de Groot      | Department: PG 9000i - System Services
 /---/ __  __  /   V2/A12-A13         | Internet : groot@idca.tds.philips.nl
/   / (-_ / / /(   Tel: +31 55 432099 |  == PHILIPS INFORMATION SYSTEMS ==
          Disclaimer: I only speak for myself, not for my employer!