Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: padgett%tccslr.dnet@mmc.com (Padgett Peterson)
Newsgroups: comp.virus
Subject: Bug in VirusScan (PC)
Message-ID: <0009.9105211425.AA07798@ubu.cert.sei.cmu.edu>
Date: 21 May 91 02:51:29 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 21
Approved: krvw@sei.cmu.edu


	It is possible that there is a bug in some of the 7x versions
(inc. 77) of the McAfee SCAN utility that may cause it to miss some
infected overlays.

A JERUSALEM infection was encountered in which the .EXE was properly
diagnosed but an infected .OVL was missed despite being checked as
part of the default. Use of the /A swich resulted in the infected .OVL
being detected. Since the .EXE will always be infected also, there is
no real danger, however, if an infection occurs that may also infect
.OVL files (see the VIRLIST.TXT file iside the SCANxx.ZIP file), a
rescan using the /A switch following a CLEAN activity is recommended.

       I do not know if this is particular to the Jerusalem-related
viruses or if others are affected also.

       We have reported this to McAfee associates and a fix or
explination should be forthcoming. Incidently, the infection appears
to be the original sUMsDos version.
					Warmly,
						Padgett