From lehigh.edu!virus-l  Thu May 20 03:36:16 1993 remote from vhc
Received: by vhc.se (1.65/waf)
	via UUCP; Thu, 20 May 93 18:01:13 1
	for mikael
Received: from fidoii.CC.Lehigh.EDU by mail.swip.net (5.65c8-/1.2)
	id AA03414; Thu, 20 May 1993 13:55:28 +0200
Received: from  (localhost) by Fidoii.CC.Lehigh.EDU with SMTP id AA12191
  (5.67a/IDA-1.5 for <mikael@vhc.se>); Thu, 20 May 1993 07:36:16 -0400
Date: Thu, 20 May 1993 07:36:16 -0400
Message-Id: <9305201037.AA06568@agarne.ims.disa.mil>
Comment: Virus Discussion List
Originator: virus-l@lehigh.edu
Errors-To: virus-l@agarne.ims.disa.mil
Reply-To: <virus-l@lehigh.edu>
Sender: virus-l@lehigh.edu
Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas
From: VIRUS-L Moderator <virus-l@agarne.ims.disa.mil>
To: Multiple recipients of list <virus-l@lehigh.edu>
Subject: VIRUS-L Digest V6 #81

VIRUS-L Digest   Thursday, 20 May 1993    Volume 6 : Issue 81

Today's Topics:

IDES '93 Conference Proceedings
Re: Human factor in infections
Re: Should viral tricks be publicized?
Scanners getting bigger and slower
Re: CyberSoft UNIX scanner (UNIX)
Jerusalem can be a PAIN IN THE BUTT (PC)
Re:Tremor (PC)
TREMOR-infected virus-scanner? (PC)
STONED "floating" on network (PC)
Re: "DIR" infection, or "Can internal commands infect" (PC)
Re: On the merits of VSUM (PC)
Re: F-Prot 2.08 and 2.07 with CP/DOS6 VSAFE (PC)
Re: Bug With Virstop 2.08a & DOS6 Memmaker? (PC)
Re[2]: Copyright of Virus Signatures (PC)
Re: A virus that deletes autoexec.bat (PC)
Strange smiley faces in Directory (PC)
macafee site ? (PC)
File listing of risc (PC)

VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed.  Contributions should be relevant, concise,
polite, etc.  (The complete set of posting guidelines is available by
FTP on cert.org or upon request.) Please sign submissions with your
real name.  Send contributions to VIRUS-L@LEHIGH.EDU.  Information on
accessing anti-virus, documentation, and back-issue archives is
distributed periodically on the list.  A FAQ (Frequently Asked
Questions) document and all of the back-issues are available by
anonymous FTP on cert.org (192.88.209.5).  Administrative mail
(comments, suggestions, and so forth) should be sent to me at:
<krvw@FIRST.ORG>.

   Ken van Wyk, krvw@first.org

----------------------------------------------------------------------

Date:    Tue, 18 May 93 17:09:57 -0400
From:    "George Guillory" <wk04942@worldlink.com>
Subject: IDES '93 Conference Proceedings

I hate to bring this up but has anyone received the proceedings from
the 6th International Computer Virus and Security Conference?

Can our hosts inform us as to the status of the proceedings and a new
proposed delivery date?

------------------------------

Date:    Wed, 19 May 93 10:51:43 -0400
From:    frisk@complex.is (Fridrik Skulason)
Subject: Re: Human factor in infections

Inbar_Raz@f210.n9721.z9.virnet.bad.se (Inbar Raz) writes:

I wrote:
> > they happen occasionally - the worst I have seen was somewhere around
> > 20.000 machines infected in a single company.

>Would I be mistaken if I assumed that those companies weren't adequately
>protected, or was it a new variant?

They *thought* they wre fully protected...unfortunately, they had not updated
their anti-virus software for two years.  

- -frisk
- -- 
Fridrik Skulason      Frisk Software International     phone: +354-1-694749
Author of F-PROT      E-mail: frisk@complex.is         fax:   +354-1-28801


------------------------------

Date:    Wed, 19 May 93 20:58:04 -0400
From:    ulogic!hartman@netcom.com (Richard M. Hartman)
Subject: Re: Should viral tricks be publicized?

RADAI@vms.huji.ac.il (Y. Radai) writes:
 >  Vesselin writes concerning Inbar Raz:

 >>Fourth, I disagree that his article teaches the virus writers how to
 >>do something. His article mainly teaches how to try to block the
 >>attempts of somebody to debug or disassemble your program. This is
 >>mainly used for copy protection purposes, although of course is used
 >>both by the virus writers and the authors of anti-virus programs.
 >
 >I beg to differ.  His article begins:
 >>                            Anti Debugging Tricks
 >>                                     By:
 >>                                  Inbar Raz
 >                                     .....
 >>Most [anti]debugging tricks, as for today, are used within viruses, in order
 to
 >>avoid dis-assembly of the virus, as it will be exampled later in this file.
 >>Another big part of anti debugging tricks is found with software protection
 >>programs, what use them in order to make the cracking of the protection
 >>harder.
 >
 >As I read this, his primary interest is in avoiding disassembly of
 >viruses by AV people; copy protection comes only in second place.  But
 >even if we ignore the implied ranking, the very fact that he is aware
 >that the tricks he has published can be used to defeat AV techniques
 >(even if only among other things) says a lot, as far as I'm concerned.

I don't know about that.  A statement like that could be interpreted
to be directed at teaching people interested anti-virus techniques
some of the techniques that are currently being used by the virus
writers so they could be recognized and defeated.

I don't know Inbar Raz, Hex-40 or what else was said in this article.
I came into this late, but this excerpt seemed to be the considered
to be the strongest evidence against Mr. Raz, and I just don't think 
that it holds up objectively.

Just my .02

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Work away today, think about tomorrow.		|
Never comes the day, for my love and me.	|	-Richard Hartman
	
I feel her gently sighing			|	hartman@uLogic.COM
as the evening slips away....			|

------------------------------

Date:    Wed, 19 May 93 21:49:43 -0400
From:    barnold@watson.ibm.com
Subject: Scanners getting bigger and slower

Malte Eppert, Malte_Eppert@f6051.n491.z9.virnet.bad.se writes

> That technique needs a lot of memory.  A hash table for > 2000
> signatures may not be too small in order to fit them in without too
> many collisions.  So we may have to use EMS/XMS utilizing scanners next
> time.

Not so.  Collisions are only relevant if the scanner spends a lot of
time traversing chains of hash table buckets.  I estimate that the
scanner I maintain (for IBM AntiVirus) can handle upwards of 10K search
patterns before speed starts to be a problem, and this is a bulk-mode
scanner, i.e. it can scan a buffer at nearly the speed of hard disk
I/O on a typical well balanced PC.  With some minor planned changes, it
could handle 10 times this many search patterns.

The main problem is memory for the search patterns themselves; the
memory requirement for in-memory search patterns for our scanner is
currently over 10 times the size of the table space used for hashing.

Bill Arnold barnold@watson.ibm.com (IBM AntiVirus Development)


------------------------------

Date:    Tue, 18 May 93 20:00:25 -0400
From:    bcoll@qualix.com (Barbara Coll)
Subject: Re: CyberSoft UNIX scanner (UNIX)

>An obvious question is what/how many Unix viruses does it "scan" for.
>
>I was under the impression that there were few to none Unix viruses
>"in the wild" and thus most of the potential market was for security/
>integrity software rather than known virus scanners. If this is not
>the case, tell us about it.

Qualix has recently taken the VFind product to market and I have
attached the Sunflash that was sent out this morning. To address your
point, it is not necessarily the UNIX viruses that VFind scans for but
dormant PC, MAC and AMiga viruses that are residing in the UNIX
information systems. By eliminating the dormant viruses they are now
unable to re enter the non-UNIX world to reinfect the systems the
viruses came from. VFind can also scan back up and new product media
prior to it being copied into the live environment.

Barbara Coll						Qualix Group, Inc.
Product Line Manager					1-800-245-8649
1900 S. Norfolk St. #224				fax: 1-415-572-1300


Here is the recent SunFlash:

		VFind Now Available to the Non-government Market
	    "Virus Scanning Software for Heterogeneous Environments"
	----------------------------------------------------------------
	              ------------------------------------

      VFind   --  Scans for UNIX, MS-DOS, Macintosh and Amiga destructive
		  software on your UNIX system

	      --  Locates know viruses and other problems such as trojan
		  horses, worms, and logic bombs

	      --  can search entire disk drives and across all NFS networks

	      --  has a tape scanning capability that can scan removable
		  media prior to use or shipment

	      --  can be programmed to scan for keywords like "Top Secret"
		  or other confidential phrases

  Viruses have been observed infecting non-UNIX PCs attached to a
  heterogeneous network. The viruses came from the UNIX workstations
  but the UNIX systems were not the original point of entry for the
  viruses.  The viruses were dormant while on the UNIX nodes and became
  harmful when they migrated to their target system.  The UNIX systems
  acted as unaffected carriers of computer viruses for other
  platforms.

			VFind would prevent this situation.

  In addition to the situation described above there are several other
  types of harmful software that are native to and targeted against
  UNIX systems, including: trojan horses, logic bombs, and worms. Worms
  require an extensive amount of programming and are not considered an
  immediate threat. Trojan horses appear to be performing desired
  processing while creating damage.  They are spread by unsuspecting
  users who copy them in order to take advantage of their userfulness.
  Logic bombs, or time bombs, are simple programs that wait for an
  event to occur, such as midnight, and then damage the system.


			VFind would detect these viruses.

  Specifications
  --------------

  *  VFind is available for 20 UNIX systems including: Sun, IBM, SCO, DG, DEC
  *  It is recommended that VFind be executed at night due to the CPU usage
  *  Recommended memory 12 MB
  *  Minimal disk space required


  Evaluations
  -----------

  30-day evaluations of VFind are available from Qualix, free of charge.
  Please call Qualix to order your eval today. More information on VFind
  is available from the Qualix mail server by sending the following to
  
  qfacts@qualix.com

  BEGIN
  send vfind.info
  send index             ; if you want more info on the Mail Server contents
  send comp.virus.faq    ; if you want more info on computer viruses in general
  END


  Pricing
  -------		   Quantity	  Pricing
  Desktop Pricing:               
                           1-9 desktops   $395.00 for each desktop
                           10-20 desktops $340.00 for each desktop
  Server Pricing:   

  Small (up to 20 clients) 1-5 servers    $795 for each server
                           6-20 servers   $595 for each server
  Large (up to 250 clients)1-5 servers    $1595 for each server
                           6-20 servers   $1295 for each server
  
  Site Licenses - negotiable at >20 servers

  Support - Upgrades to the product are frequent in order to keep up to date
            with all of the viruses plaguing the industry. Support pricing is
            20% of sale price/year.


  Availability
  ------------

  VFind from CyberSoft is now available to the commercial UNIX customer 
  from the Qualix Group. Call us at 1-800-245-UNIX or 1-415-572-0200 or 
  e-mail us at info@qualix.com.

------------------------------

Date:    Tue, 18 May 93 23:41:18 -0000
From:    Thermo@sound.demon.co.uk (Thermo Nuclear)
Subject: Jerusalem can be a PAIN IN THE BUTT (PC)

       My friend's computer recently had a brush with death; he previously
       thought he was impenetrable to viruses because he hardly used his
       computer. Well, he borrowed a disk off someone and contracted the
       Jerusalem virus. Slowly each of his .exe and other executables
       became infected- eventually NOTHING would work. He became a believer
       in virus protection the moment McAfee discovered [Jeru]. Has anyone
       else had run ins with Jerusalem?

=============================================================================
 _________________
[_______    ______]
 \\\\\\/   )\\\\\\\                    < 0932-252-323 >
      /   )\\                        ORIGIN: SOUND AND VISION BBS, U.K.
     /   )\\  HERMO <NUCLEAR<
    <___)\\    \\\\\ \\\\\\\\\
     \\\\\                            <THERMO@Sound.Demon.Co.Uk>
           Wherever there was trouble, it reminded them of me
=============================================================================

------------------------------

Date:    Wed, 19 May 93 08:00:06 +0000
From:    wolfgang.stiller@rose.com (wolfgang stiller)
Subject: Re:Tremor (PC)

HRZ090@VM.HRZ.UNI-ESSEN.DE (Dr. Martin Erdelen) asks:

HR>is there any new development re: disinfection of the Tremor virus? Are
HR>there antiviral programs by now which can handle this beast?

Integrity Master's scanner component with reliably detect this polymorphic
virus but we don't offer removal beyond automatic (optional) deletion
of infected files.

I sincerely hope that you're not depending upon "disinfection" or "cleaning"
technology to recover from viruses.  It's simply not safe to depend upon
this technology.  While it may be convenient to use such programs, it's
vital to also have reliable, current backups. Even the most common file
infector of all, the Jerusalem virus, will not be correctly removed from
all infected files by any product that we're familiar with.   The virus
infects some files in such a way that some of the original program can't
be correctly reconstructed without saving all or part of the original
program prior to the infection.  Beyond this, there are a large number
of viruses that no program reliably "disinfects", either because the
virus overwrites part of the original code or because no one has written
disinfection code for this virus yet.

Regards, Wolfgang

Stiller Research, 2625 Ridgeway St. Tallahassee, FL 32310, U.S.A.
- ---
   SLMR 2.1a  
   RoseMail 2.10 :


------------------------------

Date:    Wed, 19 May 93 07:25:56 -0400
From:    steffens@VTP147.UNI-MUENSTER.DE (Karsten Steffens)
Subject: TREMOR-infected virus-scanner? (PC)

Hi there,

	bad news is circulating in Germany: a private televison station
usually spreads shareware among the people by sending it in a datachannel
overlaid to their normal TV-program, using a special decoder hardware
people can separate the data from the movies and download. They call it
CHANNEL VIDEODAT. Now, newspapers claim that during the transmission last
friday also the latest version of "a famous american virus scanner", which
itself was infected by the TREMOR virus had been transmitted, and lots of
computers had been infected. As no newspaper calls the "famous scanner" by
its name, my question is:

	Which scanner is infected by TREMOR?
	Which scanner can disinfect TREMOR?

I would be nice if someone could give a statement. 

Thanks a lot,
	and best regards.


************************************************************************
*       KARSTEN STEFFENS        STEFFENS@VSIKP0.UNI-MUENSTER.DE        *
*    Institut fuer Kernphysik - Universitaet Muenster - Deutschland    *
************************************************************************



------------------------------

Date:    Wed, 19 May 93 09:40:49 -0400
From:    padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: STONED "floating" on network (PC)

From:    Malte_Eppert@f6051.n491.z9.virnet.bad.se (Malte Eppert)

>STONED is a MBR-infector and cannot spread via nets(!). 

While this is true for the virus itself, it is quite possible for a
"dropper" in .COM or .EXE form to exist and to spread the STONED or any
other MBR infection via a LAN. This is a trojan horse that inserts the 
virus into the boot sector when it executes. Since it does not go resident 
a memory scan will detect nothing and unfortunately few scanners detect 
droppers in files. (F-Prot in "heuristic" mode will detect some).

BIOS level detection such as are available from AMI and AWARD are effective
at detecting this sort of thing as are resident integrity checkers, 
particularly those that start at the BIOS level (such as my DISKSECURE 8*).

					Warmly,
						Padgett

------------------------------

Date:    Wed, 19 May 93 10:07:42 -0400
From:    uqitu01@ucl.ac.uk (Mr Ian M Leitch)
Subject: Re: "DIR" infection, or "Can internal commands infect" (PC)

bontchev@news.informatik.uni-hamburg.de (Vesselin Bontchev) writes:
>   Amir Netiv (Amir_Netiv@f120.n9721.z9.virnet.bad.se) writes:

>> Do you know how common is the question: "Can a write
>> protected floppy be infected ?"

> Yes, I do. (Why is it not in the FAQ, BTW? Maybe we've thought that
> the answer is so well known that there's no need to include this
> question... Maybe we should re-consider...)

Answers to this and similar questions presently being discussed 
on this list *are* in the FAQ! For example,

D8)  Will a write-protect tab stop viruses?
E11) Can I contract a virus on my PC by performing a "DIR" of an
     infected floppy disk?
E12) Is there any risk in copying data files from an infected floppy
     disk to a clean PC's hard disk?

Perhaps the most Frequently Asked Question ought to be:
  "Who does look at the FAQ?" .

Ian Leitch

------------------------------

Date:    Wed, 19 May 93 10:14:43 -0400
From:    frisk@complex.is (Fridrik Skulason)
Subject: Re: On the merits of VSUM (PC)

Malte_Eppert@f6051.n491.z9.virnet.bad.se (Malte Eppert) writes:

> > outrageously silly in other cases....I haven't looked at VSUM
> > for a long time.. does it still include the RAM "virus", for example ?

>Yes :-) what's so strange about that one? Doesn't it ever exist?

There is no such thing as the RAM virus.  Somebody gave Patty a sample which
was infected with two viruses - Cascade and Jerusalem, I think.  This
combination works perfectly together, but she did not realize the nature of
the sample, and seemed to think this was one new virus.

There are some other non-existing viruses in VSUM as well, but they are mostly
for "copy protection" purposes....

- -frisk
- -- 
Fridrik Skulason      Frisk Software International     phone: +354-1-694749
Author of F-PROT      E-mail: frisk@complex.is         fax:   +354-1-28801


------------------------------

Date:    Wed, 19 May 93 10:20:12 -0400
From:    frisk@complex.is (Fridrik Skulason)
Subject: Re: F-Prot 2.08 and 2.07 with CP/DOS6 VSAFE (PC)

S.M.Baines@sheffield.ac.uk writes:

>I hope this is of help. I will send a copy of this to Virus-L. If lots
>of people are loading up DOS 6 and getting the message, I'd guess you
>might be quite busy. Yours is not the only scanner to display a
>similar message, Bates Anti Virus does too, though it at random
>chooses from Beijing, Swedish Disaster, Telefonica and others.

The problem is of course that CPAV/MSAV just leaves virus signatures in memory.
Maybe they will fix the problem, but I would not bet on it - Central Point
has caused more problems for the anti-virus industry than most virus writers
IMHO....as somebody said "with friends like that, who need enemies" :-)

- -frisk
- -- 
Fridrik Skulason      Frisk Software International     phone: +354-1-694749
Author of F-PROT      E-mail: frisk@complex.is         fax:   +354-1-28801

------------------------------

Date:    Wed, 19 May 93 11:21:30 -0400
From:    sphughes@sfsuvax1.sfsu.edu (Shaun P. Hughes)
Subject: Re: Bug With Virstop 2.08a & DOS6 Memmaker? (PC)

RTRAVSKY@corral.uwyo.edu (Rich Travsky 3668 (307) 766-3663/3668) writes:
>I have encountered an odd interaction between virstop.exe version
>2.08a and dos 6's memmaker. Specifically, having virstop running 
>(either in conventional or high memory) will hang the pc when using
>memmaker. This means then that to run memmaker you have to comment 
>it out of whichever startup file you have it in.
>
>At the moment I only have one pc to try this on, so if anyone else 
>would care to try and duplicate this, I'd be interested in knowing 
>how it turned out.

I finally got around to dos 6.0 yesterday and had absolutely no
conflict between virstop 208a and memmaker. I suspect your problem
lies elsewhere. 

good luck,


- -- 
  Shaun P. Hughes                          "Facts are Stupid Things."
  sphughes@sfsuvax1.sfsu.edu                Ronald Reagan
                                            Republican National
  Finger for PGP 2.2 Public Key             Convention 1988


------------------------------

Date:    Wed, 19 May 93 12:41:52 -0400
From:    "Tom Zmudzinski" <zmudzint@CC.ims.disa.mil>
Subject: Re[2]: Copyright of Virus Signatures (PC)

  So spoke Malte_Eppert@f6051.n491.z9.virnet.bad.se (Malte Eppert) in
  VIRUS-L Digest V6 #79 [in reply to CS193560223@lusta.latrobe.edu.au
  (ENRIQUEZ,L) in VIRUS-L Digest V6 #72]:

> Hi Luke!
>
>> Obviously, most virus writers dont want to do this. However, if
>> sometime did extract a piece of code (signature) from the virus,
>> and include it in their virus scanner, and recieved a fanancial
>> advantage from this inclusion, and the author came forth to claim
>> copyright, would such a case be legal?
>
>> Please remember I am no lawyer..:)
>
> Me not, too... but it's ridiculous to grant copyrights to code which is
> designed to propagate by itself :-)

  It may be "ridiculous", but don't bet the farm that some court
  somewhere won't do it!  After all, we let people PATENT things
  "designed to propagate", such things as plants and animals!  And
  there's new case law being made in lawsuits daily (including a
  few where biotech companies are trying to patent REAL viruses).

  Tom Zmudzinski [Unreformed Paronomasiac] ZmudzinT@CC.IMS.DISA.MIL

  CAUTION!  INCORRIGIBLE PUNSTER!  PLEASE DON'T INCORRIGE!

------------------------------

Date:    Wed, 19 May 93 16:05:56 -0400
From:    blake@nevada.edu (Rawlin Blake)
Subject: Re: A virus that deletes autoexec.bat (PC)

chet@retix.com (Chet Mazur) writes:
>From: chet@retix.com (Chet Mazur)
>Subject: A virus that deletes autoexec.bat (PC)
>Date: 13 May 93 18:30:57 GMT
>does this beast sound familiar, this guy is having problems that virus
>checkers are not finding it... maybe he has some bad sectors or a
>flakey disk... pls. reply by mail as I don't follow this group.

Yep, Its called the FFU Virus.

(FFU = Fumble-Fingered-User)

- ---
Rawlin Blake    blake@nevada.edu          No .sig is a good .sig

Vote against victim disarmament--protect the right of citizens to defend
themselves from streetscum & evil governments--return to the right of the
*people* to keep and bear arms.


------------------------------

Date:    Thu, 20 May 93 02:43:30 -0400
From:    rrb@deja-vu.aiss.uiuc.edu (Rec.Radio.Broadcasting Moderator)
Subject: Strange smiley faces in Directory (PC)

A friend of mine has a Vendex 8088 clone with no hard drive and the usual
dual 5.25 floppies.  She runs an old DOS 2.01 which I believe is
called "Headstart". Lately she has been having some weird file corruption.  

Some files cannot be pulled up with her word processor (Easy Working
Writer by Spinmaker) sometimes the next day after she makes the file
(the file would open the same night, generally).

When she does a dir on the disk containing the file (within the WP
program) she gets some bizzare stuff (mind you I have not seen this,
it is a verbal description).

In the Filename column, some files are OK, but others have what looks
like an oblong smiley face, followed by a two-headed up/down arrow, a
backward digit 2, another smiley face and a down arrow.  The size and
date are blank and the time contains a smiley face and a left arrow.
Thes files cannot be opened.  In the DOS shell, a dir command yields
the same thing except that the filename contains a few more nonsense
characters and the size column has a 90 degree right arrow (with
two arrowheads) and a smiley face followed by the number 721592361.
Mind you that this is a 360k drive and there is 200+k left on the
disk!  Under DOS the same file has a creation date of 8-02-99 and a
time  of 12:01 PM. 

Other corrupt files have creation dates of 0-00-80 and time of 0:00 AM,
some are blank lines and, as I said, some are normal.  Some files have
extra columns AFTER the TIME field which contain a slash and what
looks like a diamond, or they may have other strange characters.

What the hell is this???  

It seems to have started soon after she bought the Easy Writer
software at an Egghead outlet store for a low price.  It is happening
more and more and some files are OK one day and corrupted the next,
all in a similar (although not exactly the same) manner.  A screen
print shows pretty much what the screen shows, but is spaced
differently.  She never uses BBS software, mainly because of the lack
of a hard drive.

Other possibly related troubles include a modem that won't respond to
Procomm+ commands untill it is unplugged and plugged back in.  The
response code to an attempt to boot Procomm+ is "Critical error 4" and
if she hits retry she gets the same error message, if she hits
'ignore' it will boot properly.

PLEASE reply in email asap, I don't have much time these days to read
news, and articles get expired pretty fast here.  My friend depends on
her clunker computer for her newspaper reporting job, and we need some
ideas.  She does not have a virus program.

William


____________________________________________________________________________
William Pfeiffer - Moderator	                | Radio is a sad salvation, |
rec.radio.broadcasting - Internet Radio Journal | Radio is cleanin' up the  |
Article Submission - rrb@airwaves.chi.il.us     | nation. "Elvis Costello"  |
Subscription Desk  - journal@airwaves.chi.il.us	|  'That's the biz - baby!' |
- -----------------------------------------------------------------------------

------------------------------

Date:    Tue, 18 May 93 19:53:10 +0000
From:    pruett@CS.ColoState.EDU (J. L. Pruett)
Subject: macafee site ? (PC)

Howdy out there. 

I used to get my macafee updates (we're all paid) from the
192.187.128.1 site, but it no longer accepts anonymous logins.

Anyone know where I can get 'em? 

Jenny

[Moderator's note: The VIRUS-L/comp.virus archive site listing is
posted here monthly (plus or minus a bit).  In the meantime, you might
try mcafee.com, oak.oakland.edu, risc.ua.edu, phil.utmb.edu, etc.]

------------------------------

Date:    Tue, 18 May 93 16:41:07 -0400
From:    James Ford <JFORD@UA1VM.UA.EDU>
Subject: File listing of risc (PC)

This is a current listing of IBM antivirus files available via anonymous
FTP from risc.ua.edu (130.160.4.7).  Please let me know if you see any
files that are out of date or missing.....(isn't vcopy82.zip an old file
from McAfee?  Should it be there?)

Thanks.

- -- jf

- --------------------------------------------------------------------
0files.9305       fixutil5.zip      secur235.zip      vdetect.zip
20a10.zip         fp-208a.zip       sentry02.zip      vds210t.zip
Valert-l.readme   fshld15.zip       stealth.zip       virlab15.zip
Virus-l.faq       fsp_184.zip       tbav602.zip       virpres.zip
Virus-l.readme    hack1192.zip      tbavu602.zip      virsimul.zip
aavirus.zip       hs32.zip          tbavx602.zip      virstop.zip
allmsg.zip        htscan20.zip      tbsg601a.zip      virusck.zip
avs_e224.zip      i-m141.zip        trapdisk.zip      virusgrd.zip
bbug.zip          innoc5.zip        unvir902.zip      virx26d.zip
bootid.zip        killmonk.zip      uxencode.pas      vkill10.zip
catchm18.zip      langv102.zip      v-faq.zip         vshell10.zip
ccc91.zip         m-disk.zip        vacbrain.zip      vshld104.zip
chk.zip           msg_9_12.zip      vaccine.zip       vsig9305.zip
chkint.zip        mtetests.zip      vaccinea.zip      vstop54.zip
clean104.zip      netsc102.zip      validat3.zip      vsumx304.zip
cvc792am.zip      nshld104.zip      validate.crc      vtac48.zip
cvc792ma.zip      ocln104.zip       vc300ega.zip      vtec30a.zip
cvc792ms.zip      onet102.zip       vc300lte.zip      wcv201.zip
cvcindex.zip      oscn104.zip       vcheck11.zip      wp-hdisk.zip
dir2clr.zip       pkz110eu.exe      vchk23b.zip       wscan104.zip
ds115.zip         scanv104.zip      vcopy82.zip       ztec61b.zip


------------------------------

End of VIRUS-L Digest [Volume 6 Issue 81]
*****************************************


