Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!mips!pacbell.com!att!news.cs.indiana.edu!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: msb-ce@cup.portal.com
Newsgroups: comp.virus
Subject: Re: A question regarding commercial dial-up services
Message-ID: <0004.9105291438.AA09086@ubu.cert.sei.cmu.edu>
Date: 29 May 91 04:55:26 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 28
Approved: krvw@sei.cmu.edu

In a recent VIRUS-L posting, lev@suned1.Nswses.Navy.Mil (Lloyd E
Vancil) refers to a recent tempest in a teapot about the cache file
used by Prodigy and asks:

  Would it be possible;
        1. for a memory resident virus to be scooped up by this service..
           and return to reinfect the machine at a later date?  Presumably
           by the service's reusing of the file fragment that contains the
           "screen primitive" and the "scooped" virus code.
        2. for a virus to be written to take advantage of this transmission
           method?

My understanding of this situation is that in order to cache TeleTex
screens, the Prodigy service allocates about a meg of disk space and
writes screens to it for later recall. Since the space is never erased
(for performance reasons), it still contains remnants of old files
that previously occupied the space. As far as I know, these remnants
are never read from disk, much less transmitted back to the host.
Somebody with a file viewer peered into this cache area one day and
imagined that the software had gone to other files and "scooped up"
their contents for some nefarious purpose.

It is possible that the area allocated to STAGE.DAT might have
previously contained an infected file, but since it should never be
read before it has been written over there can be no question of it
providing any sort of reservoir of infection.

The answer, then, must be NO to both questions.