VIRUS-L Digest Wednesday, 10 Jan 1990 Volume 3 : Issue 8 Today's Topics: SCANV55 and CLEANV55 (PC) Re: Authentication/Signature/Checksum Algorithms New anti-virals uploaded to SIMTEL20 (PC) WDEF A (Mac) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, document, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@SEI.CMU.EDU. - Ken van Wyk --------------------------------------------------------------------------- Date: Tue, 09 Jan 90 10:57:18 -0800 From: Alan_J_Roberts@cup.portal.com Subject: SCANV55 and CLEANV55 (PC) SCANV55 has been released. IT is able to detect the 4096 virus in memory prior to doing a scan. The 4096 is similar to the Dark Avenger in that it infects every executable file that is opened. CLEANP55 (Clean-Up) is also now available on HomeBase. It's the shareware equivalent of the VirClean commercial program (from Hirst and McAfee). Clean-Up uses I.D.'s displayed by SCAN55 to determine which virus to check for and remove. It repairs the infected programs and returns the system to normal in most cases. Clean-Up now replaces all of the individual disinfectors that had been available on HomeBase. About time! Alan ------------------------------ Date: Tue, 09 Jan 90 16:40:42 -0800 From: dunc@sun.com (duncs home) Subject: Re: Authentication/Signature/Checksum Algorithms In article <0008.9001081228.AA09399@ge.sei.cmu.edu> you write: >In response to Y. Radai's post: > >To protect against viruses, the best protection can be obtained by >using a fast hashing algorithm together with an assymetric >cryptosystem (like RSA). This is also by far the most cost-effective >(based on compute-time) approach... With this scheme, what prevents a clever nasty from simply patching the code doing the comparison to always return an all clear? Also, while the non- repudiation property seems to provide accountability, it seems likely to be illusory. Does the signer of the program really know what's being signed or was it generated by some other program of uncertain honesty? --Dunc ------------------------------ Date: Tue, 09 Jan 90 22:28:00 -0700 From: Keith Petersen Subject: New anti-virals uploaded to SIMTEL20 (PC) I have uploaded the following files to SIMTEL20: pd1: NETSCN54.ARC Network compatible - scan for 60 viruses, v54 SCANRS54.ARC Resident virus infection prevention program SCANV54.ARC VirusScan, scans disk files for 60 viruses These programs where downloaded from the Homebase BBS. - - --Keith Petersen Maintainer of SIMTEL20's CP/M, MSDOS, & MISC archives [IP address 26.2.0.74] Internet: w8sdz@WSMR-SIMTEL20.Army.Mil, w8sdz@brl.arpa BITNET: w8sdz@NDSUVM1 Uucp: {ames,decwrl,harvard,rutgers,ucbvax,uunet}!wsmr-simtel20.army.mil!w8sdz [Ed. As always, a hearty Thank You, Keith!] ------------------------------ Date: 10 Jan 90 00:48:04 +0000 From: salamon <@sun.acs.udel.edu:salamon@sun.acs.udel.edu (Andrew Salamon)> Subject: WDEF A (Mac) I hope I am not saying something that everyone already knows about, but Newark Hall is infected with the Mac virus WDEF A. It is a very infective virus. I took my work disk home inserted it into my mac Plus and then went to open Disinfectant and by the time I ran it my hard drive was infected, and I'm sure it wasn't infected before. Even if it doesn't do any damage (am I right about this?) I find that to be very obnoxious. ** ** | /Andrew/ /\ HAVE A NICE DAY! | self-styled Bleydion op Rhys \____/ | salamon@sun.acs.udel.edu | ------------------------------ End of VIRUS-L Digest *********************