Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.uoregon.edu!hammer.uoregon.edu!arclight.uoregon.edu!enews.sgi.com!news.sgi.com!news.maxwell.syr.edu!news.bc.net!torn!news1.bellglobal.com!sympatico.ca!not-for-mail
From: gbuchanan@localhost.on.sympatico.ca (Gardner Buchanan)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: SYSLOCK Virus
Date: 2 Feb 1997 17:47:19 GMT
Organization: Sympatico
Lines: 37
Message-ID: <5d2jv7$idj$1@news1.sympatico.ca>
References: <32f4b7e7.5018104@news.intergate.bc.ca>
Reply-To: gbuchanan@sympatico.ca
NNTP-Posting-Host: ppp2141.on.sympatico.ca
X-Newsreader: knews 0.9.3
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:34932
In article <32f4b7e7.5018104@news.intergate.bc.ca>,
jordon@intergate.bc.ca (Jordon Randall) writes:
>I have McAfee virus scan for FreeBSD and it reports that I have about
>60 instances of the syslock virus. I did some research into the
>virus, and all I can find is that it's a dos based virus that doesn't
>do much. But I'm wondering why I have the virus as soon as I install
>=46reeBSD from the dist files on ftp.cdrom.com. Also, I've noticed that
>the virus has spread to some gif files that have been put on the
>system.
>
The FreeBSD version of McAfee is not meant to find FreeBSD viruses.
There is no point in using it to scan files which are not meant to
be served to a DOS client. Quoting from McAfee documentation:
/pub/antivirus/english/unix/freebsd November 3, 1996
Filename: Size: Description:
---------------------------------------------------------------------
vfrb101e.taz 856,669 VirusScan for Free BSD, 1.0.1 Eval
provides immediate scanning of PC files hosted on
Free BSD Unix sytems.
If you are using Samba or NFS to act as a PC fileserver then this
product give you a handy way of doung virus scans at the server.
If you are not exchanging files with a PC, then there is no point
in using McAfee on FreeBSD.
That some FreeBSD files seem to McAfee to have a virus in them is
probably an artifact of the hashing algorithms used to detect the
virus. There are many sequences of octets which hash to a given
value, not just the virus.
============================================
Gardner Buchanan <gbuchanan@sympatico.ca>
Ottawa, ON