From: Anthony Appleyard <XPUM04@prime-a.central-services.umist.ac.uk>
To: DAVIDF@cs.heriot-watt.ac.uk
Date:         Wed, 20 Jun 90 16:29:56 BST 
Message-Id:   <$TGWGCZNQBTKW at UMPA>
Subject:      Virus-L vol 0 issue #1009


Virus-L Digest Sun, 9 Oct 88, Volume 0 : Issue #1009

Today's Topics

disk-wide CRC program

------------------------------

Date:         Sun, 9 Oct 88 18:52:56 EDT
From:         "James R. Van Zandt" <jrv@MITRE-BEDFORD.ARPA>
Subject:      disk-wide CRC program

I  have  enhanced  Ted  H.  Emigh's  CRC   program   and   posted   it   at
SIMTEL20.ARMY.MIL. Here is the blurb...
- --------------------------------------------------------------------
PD1:<MSDOS.TROJAN-PRO>FILE-CRC.ARC
FILECRC calculates CRCs for all files on a disk and records them in a file.
COMPARE then compares two such files and reports differences,  highlighting
suspicious  changes  (file  contents  changed but creation date unchanged).
Useful for spotting viral reproduction and/or  damage.  This  ARC  includes
source  code,  executables,  and  documentation for both. Written by Ted H.
Emigh, translated from Pascal to C and modestly enhanced by  James  R.  Van
Zandt <jrv@mitre-bedford.arpa>.
- --------------------------------------------------------------------
FILECRC was originally written to detect damage caused  by  a  program  run
amok.  I wanted to use it to detect intentional changes, so I have enhanced
it to defeat some of the simpler antiprotection measures a virus or  Trojan
horse might attempt. FILECRC now calculates a CRC on its own code to detect
possible changes, and calculates CRCs starting at an offset into each file.
The  offset  is  defined  at  compile  time so it can be different for each
installation. COMPARE reports files deleted as well as altered.
SIMTEL20 accepts ANONYMOUS ftp logins with any password. - Jim Van Zandt

--------------------

*** end of Virus-L issue ***