Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!sdd.hp.com!elroy.jpl.nasa.gov!lll-winken!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: mike@pyrite.SOM.CWRU.Edu (Michael Kerner)
Newsgroups: comp.virus
Subject: Re: Hypercard Antiviral Script? (Mac)
Message-ID: <0011.9106131515.AA13504@ubu.cert.sei.cmu.edu>
Date: 13 Jun 91 00:49:47 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 28
Approved: krvw@sei.cmu.edu

I said I was going to rewrite my scripts to handle new trojans/viri,
however I am trying to consider some options.

The main problem is that there is no way to catch the parameters of
the SET function in HC 2.1.  So, while I play with different virus
scenarios (i.e.  writing ones that I think will do certain things,
using certain HC resources, I want to try and find some common link
between them.  The answer, then, will be unable to intercept and stop
infection, but will have to work beforehand.

The problem with this is that a field of all stacks that have been
checked needs to be kept, and everytime that a stack is opened, the
field must be examined to see if this particular stack has been
checked.  However, the problem with that is that existing checked
stacks may have been infected and will thus escape detection.  So,
while my solution appears to be the simplest (i.e. check all stacks to
begin with then keep a running list), the time spent by the user seems
to be very long.  So, the story on this is: unless there seems to be
some need/desire emerge for a new stack/utility to do this work, I'm
moving slowly.  As I said before, if anyone else feels like beating me
to the punch with a solution of their own, feel free - but don't you
DARE charge $$ for it.

Mikey.
Mac Admin
WSOM CSG
CWRU
mike@pyrite.som.cwru.edu