From: Chris McDonald STEWS-IM-CM-S (3/4/93) To: /usr/cmcdonal/maillist:@wsmr-em, CC: /usr/cmcdonal/reviewlist:@wsmr-, Mail*Link¨ SMTP Information Systems Securit 93-8 1. You should have received the monthly updates to the Product Test Index and to the List of Viral Infections in Commercial/Government Media/Software. For those who are recent addressees on this mailer, both items are standard monthly items. I bring to your attention that in the last 90 days my activity has received two viral infected disks in our contracting office as we encourage vendors to submit their proposal and solicitation resonses on media rather than on paper. I would appreciate receiving any reports from you on the mailer since I find it hard to imagine that ours is a unique experience. 2. The synopsis on the Virus Creation Laboratory (VCL), distributed last week, was intentionally free of any value judgment on my part as to the merits of its creation. If anyone has information on the results of additional scanning programs against the eight sample VCL viruses, please send them to me for further distribution. If you remember, I ran tests with these programs: F-PROT (2.07), Viruscan (100), NAV (2.1), Thunderbyte Scanner (5.03), VirX (2.06d), CPAV (1.4), ViruSafe (4.6), Virus Buster (3.93), and IBM AntiVirus/ DOS (1.0). 3. You should by now have received confirmation of the upload to Simtel20 of the latest McAfee programs, version 102. We obtain updates directly from the source. While some sites reported downloading version 101, the vendor had advised us of a "bug", so 101 versions were never available in our repository. All anti-viral tools are now in the path pd1:. 4. The recent announcement of the revision to Disinfectant 3.0 highlights the issue of using multiple anti-viral tools. In tests against the initial sample of the T4-C Macintosh virus my existing copies of SAM, Virex, VirusDetective, and GateKeeper/GateKeeper Aid alarmed for the T4 virus. While certain commercial vendors may make modifications to improve disinfection, here was an example in which product redundancy may have been important for certain environments. [Note: Although I am a registered user of Rival, another commercial anti-viral product, its customer service department has died in my case. Informed sources tell me that its current version would have detected the T4-C as T4.] 5. "Corporate Computing" in its latest edition has a good article entitled "Safe Harbor" by Barbara DePompa and Wayne Rash. The authors examine the efforts of the Port of Los Angeles to establish a disaster recovery capability by examining the proposals of three vendors to provide such services. There is an interesting comparison between the proposals of Comdisco Disaster Recovery Services and SunGard Recovery Services. The article also includes a summary of the major disaster recovery vendors, to include the number of "declared disasters" which each respective vendor has handled. 6. As a last reminder, my physical address at cmcdonal@wsmr-emh03.army.mil dies on 5 Mar 93. While my psychological attachment will always remain with this BBN C-70 workhorse, you will be emotionally frustrated if you do not convert to cmcdonald@wsmr-simtel20.army.mil. Please note that since simtel20 is not a UNIX machine, I am really cmcdonald on the host. ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;4 Mar 1993 09:32:02 -0800 Return-path: cmcdonal <@WSMR-SIMTEL20.ARMY.MIL:cmcdonal@wsmr-emh03.army.mil> Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GVEL9JXP689BW0W3@icdc.llnl.gov>; Thu, 4 Mar 1993 09:09:11 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GVEH3TL39S9BW065@icdc.llnl.gov>; Thu, 4 Mar 1993 07:10:13 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA22615; Thu, 4 Mar 93 07:10:27 PST Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA22608; Thu, 4 Mar 93 07:10:17 PST Received: from wsmr-emh03.army.mil by WSMR-SIMTEL20.ARMY.MIL with TCP; Thu, 4 Mar 1993 08:08:55 -0700 (MST) Date: 04 Mar 1993 08:01:51 -0700 (MST) From: Chris McDonald STEWS-IM-CM-S Subject: Information Systems Security Update, #93-8 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: /usr/cmcdonal/maillist:@wsmr-emh03.army.mil Cc: /usr/cmcdonal/reviewlist:@wsmr-emh03.army.mil Resent-message-id: <01GVEL9KH99E9BW0W3@icdc.llnl.gov> Message-id: <9303041510.AA22608@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"/usr/cmcdonal/maillist:@wsmr-emh03.army.mil" X-VMS-Cc: IN%"/usr/cmcdonal/reviewlist:@wsmr-emh03.army.mil" Content-transfer-encoding: 7BIT ======================================================================