Path: utzoo!mnetor!uunet!husc6!tut.cis.ohio-state.edu!mailrus!ames!lll-lcc!pyramid!nsc!csi!jwhitnel
From: jwhitnel@csi.UUCP (Jerry Whitnell)
Newsgroups: comp.sys.mac
Subject: Re: Vaccine Program from comp.binaries.mac
Message-ID: <1456@csib.csi.UUCP>
Date: 23 Mar 88 18:41:42 GMT
References: <1480@ur-tut.UUCP>
Reply-To: jwhitnel@csib.UUCP (Jerry Whitnell)
Organization: Communications Solutions Inc., San Jose, Ca
Lines: 23
Keywords: virus vaccine questions

In article <1480@ur-tut.UUCP> syap@ur-tut (James Fitzwilliam) writes:
>OK, I've got this neat little vaccinator file in my system folder 
>which "helps guard against viruses, trojans, worms..." -- What 
>will it say/do if it spots something fishy?  Can someone explain 
>briefly how it operates without giving away the recipe for 
>defeating the protection it provides?  I'm particularly puzzled as 
>to how an INIT device could check for infections of APPLs as well 
>as the ZSYS... Is it just a do-a-checksum-on-the-system-at-boot,  
>or does it work as long as the Mac is on?

The vaccine basicly watchs all attempts to modify the resource fork
of any file that has some subset of resources that are interesting to
it.  If you want to see it in action, try modifying an application or
the System file with Font D/A mover or ResEdit.  LightspeedC will also
cause it to trap.  Note that it is resident at all times (if enabled)
and watches any program for suspious activity.
>
>                                   James Fitzwilliam


Jerry Whitnell				Been through Hell?
Communication Solutions, Inc.		What did you bring back for me?
						- A. Brilliant