1. virii
Hey all, a virus question:
Since exw.exe shows as having the C1H virus all the time, fresh from RDS,
how do we know when it *really does* have the virus? If cleaned, exw.exe
stops working. If Eu is installed via a exe or zip file, the virus is
installed into the exw.exe as it's decompressed.
Kat
2. Re: virii
Kat writes:
> Since exw.exe shows as having the C1H virus all the time,
> fresh from RDS, how do we know when it *really does*
> have the virus?
In 2.2, both ex.exe and exw.exe are compressed executables.
That makes them look strange to some virus scanners.
That also makes them less likely to actually get infected
with a virus, since the virus won't understand the compression format,
and probably won't insert itself correctly into the .exe.
I can keep a list of which virus scanners are falsely
complaining. People should send me any virus reports that
they get.
Regards,
Rob Craig
Rapid Deployment Software
http://www.RapidEuphoria.com
3. Re: virii
----- Original Message -----
From: "Robert Craig" <rds at ATTCANADA.NET>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Monday, February 28, 2000 5:22 PM
Subject: Re: virii
> Kat writes:
> > Since exw.exe shows as having the C1H virus all the time,
> > fresh from RDS, how do we know when it *really does*
> > have the virus?
>
> In 2.2, both ex.exe and exw.exe are compressed executables.
> That makes them look strange to some virus scanners.
> That also makes them less likely to actually get infected
> with a virus, since the virus won't understand the compression format,
> and probably won't insert itself correctly into the .exe.
>
> I can keep a list of which virus scanners are falsely
> complaining. People should send me any virus reports that
> they get.
Ok,
and i emailed them about it months ago, but it still says exw.exe has a
virus and trashes it.
Kat
4. Re: virii
- Posted by Brian Broker <bkb at CNW.COM>
Feb 28, 2000
-
Last edited Feb 29, 2000
On Mon, 28 Feb 2000 18:39:44 -0600, Kat wrote:
>Ok,
>and i emailed them about it months ago, but it still says exw.exe has a
>virus and trashes it.
>
>Kat
Strange, I just scanned my Eu\bin directories (for version 2.1 and 2.2)
using the above link and it didn't complain about anything. Also, I've had
no reports from Innoculan (or InnoculateIT Personal Edition, a free scanner
that I use at home).
???
-- Brian
5. Re: virii
- Posted by Robert Craig <rds at ATTCANADA.NET>
Feb 28, 2000
-
Last edited Feb 29, 2000
I should have mentioned that euphoria\demo\sanity.ex
knows the correct checksums for ex.exe and exw.exe.
If you run sanity.ex, using either ex or exw, it will check
both .exe files and tell you if they've been tampered with.
exu is also a compressed executable.
I'll add it's checksum to sanity.ex in the next release.
I don't hear much about Linux viruses or virus scanners.
Regards,
Rob Craig
Rapid Deployment Software
http://www.RapidEuphoria.com
6. Re: virii
Oy, but you've got to use the potentially infected program to make use
of sanity.ex! Ever see the login trojan compiled into the compiler? Sweet
stuff. Anyhow, maybe you should just post the actual checksums of these files
-- or better yet, thier md5 signatures. It's fairly easy to produce the same
checksum if you know what you're doing (so I am told). MD5 however isn't easy
at all. In fact, I've seen people use MD5 sigs in thier password files instead
of simply crypt()ing the passwords. This way, a totally different program could
be used to check.
I know that this could be overboard, but I don't let anything slip with
security. 'Sides, this is the standard way to do it.
On Mon, 28 Feb 2000, you wrote:
> I should have mentioned that euphoria\demo\sanity.ex
> knows the correct checksums for ex.exe and exw.exe.
> If you run sanity.ex, using either ex or exw, it will check
> both .exe files and tell you if they've been tampered with.
>
> exu is also a compressed executable.
> I'll add it's checksum to sanity.ex in the next release.
> I don't hear much about Linux viruses or virus scanners.
>
> Regards,
> Rob Craig
> Rapid Deployment Software
> http://www.RapidEuphoria.com
