Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: mike@pyrite.SOM.CWRU.Edu (Michael Kerner)
Newsgroups: comp.virus
Subject: Re: Hypercard Antiviral Script? (Mac)
Message-ID: <0008.9106241405.AA24222@ubu.cert.sei.cmu.edu>
Date: 20 Jun 91 23:53:45 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 28
Approved: krvw@sei.cmu.edu

Actually, Eric, you will find that there appears to be a bug in 2.0v2,
and you can intercept SETs that are SEND'ed (sorry, but
SEN(t)D?)...anyway, having not tried this trick in 2.1, I don't know
if it will work...and, as usual, I wouldn't trust the documentation -
try looking at the params of the SET command.  As far as the rest of
this discussion goes, I have been playing with fire & my own viri (for
test purposes, folks, so relax...then again, with the couple of times
I've been corrected, these critters wouldn't do much harm anyway...)
and as long as LockMessages is set, and as long as one checks the
script of stack xxx before opening it, it's essentially impossible to
infect yourself by opening a stack - ASSUMING YOU CHECK THE SCRIPT OF
THE STACK FIRST.

The code to scan a stack is essentially the same as the SearchScript
code that y'all will find in your HOME stack, only you have to modify
it to accept a file name (answer file...everyone remember now?...)
anyway, after you do that, the search string is "set the script of".
HOWEVER, it is possible that someone has the viri sitting in an XCMD
or XFCN which they invoke, so you should also check the resources they
have attached to their stack...so you see, it becomes a pain to simply
scan the stack script because you also need to scan the resources to
be effective.

Mike.
Mac Admin
WSOM CSG
CWRU
mike@pyrite.som.cwru.edu