Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!dali.cs.montana.edu!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: padgett%tccslr.dnet@mmc.com (Padgett Peterson)
Newsgroups: comp.virus
Subject: Re: Bug in VirusScan (PC)
Message-ID: <0008.9105231331.AA02851@ubu.cert.sei.cmu.edu>
Date: 22 May 91 17:55:21 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 16
Approved: krvw@sei.cmu.edu

>From:    mcafee@netcom.com (Aryeh Goretsky)

>  Since the Jerusalem (and sundry variants) infects overlays
>in addition to .COM and .EXE files, it's always a good idea to run
>SCAN (and CLEAN) with the /A option, or use the /E option and list the
>extensions you would like to add.

Have done some more checking & v74B-earlier operate correctly, 75, 77 (& I
assume 76) are the ones that need the /A switch, something shared with
CLEAN and NETSCAN. BTW, I tried using /E OVL and it still did not pick it
up, only the /A (or, I would assume, an /EXT) seem reliable. What I tell
people is when an infection is confirmed (the parent .EXEs are picked up just
fine) or no other explination is reached, always use the /A switch & take a
coffee break.
					Warmly,
						Padgett