Category : System Diagnostics for your computer
Archive   : SCANX.ZIP
Filename : SCANX.DOC

SCANX (Version 1.20) - Infected environment virus scan program

Free Software distributed via the Virus Information Service

Preliminary documentation

In the event of problems please refer to :-
Jim Bates at BATES Associates - 044 (0) 533 883490

SCANX is intended as a diagnostic tool for use by system engineers who
wish to identify specific virus infections.

This program is designed to search files by accessing their relative
disk clusters rather than using DOS services. This is to avoid the
possible dangers posed by certain recent viruses which subvert the
DOS system services to "hide" virus code and possible even infect other
files as a result of normal scanning activity.

As a result, the program is quite slow. However, it has proved a useful
diagnostic tool when checking network file servers on a regular basis where
the process of rebooting from a clean system disk would cause problems to
attached workstations. The program is protected such that if it becomes
infected it will not run.


INSTALLATION

SCANX maintains its own list of virus signatures in a file called SCANX.DAT
Both SCANX.EXE and SCANX.DAT should be placed in a directory somewhere
convenient along the system PATH. It can then be invoked anywhere within the
system simply by typing SCANX . An additional file called SCANX.EXT
may be created in the same directory and this will contain a range of file
extensions that SCANX will search.


OPERATION

The program is interactive and largely self-explanatory. On-line help is
available by pressing the F1 key. Searching can be conducted on a drive,
directory or file basis but one or more viruses MUST be selected before
searching can begin. Selection and deselection of viruses is done by
pressing the spacebar when the cursor is at the required virus entry.
A marker will indicate that a virus has been selected and the '@' key will
toggle all virus selection settings.

The list of virus signatures can be edited as required, the signature format
consists of a string of hexadecimal characters (in pairs but without spaces)
up to 16 characters long.

Fields are provided for the name of the virus, its signature, its type
(described in the help screen - F1) and finally, for a "cure" program.

No cure programs are yet available from V.I.S. but it is envisaged that a
growing list of them will be available shortly. SCANX will detect whether
any name has been entered into the "cure" field and will invoke the named
program if an infected file is detected. The invocation takes the form:-

CURE filename.ext

Where CURE is the name of the cure program (which must be on the system PATH)
and filename.ext is the name of the file to be cured.

To remove a virus from the list, simply set the first character of its
name to a space. To add a new virus you will find an empty entry at the end
the list, enter the new virus details there and save the table (by hitting Esc).
The virus list is maintained in a partially sorted sequence.


EXTENSIONS

By default, SCANX will search all files with extensions of COM, EXE, BIN, SYS
OVR and OVL. However, if your particular machine has executable files with
extensions other than these, there is an additional option which may be used.
Create a text file called SCANX.EXT within the same directory as your other
SCANX files and enter a list of the extensions that you want SCANX to check.
Extensions are not case sensitive and should be separated by a space or
carriage return thus :

COM EXE BIN OVR SYS OVL
DLL APP DRV 386 APP MOD

... and so on. Note that in this case, for ease of reading, the extension
list spreads over two lines.

Our hardware resources are limited and although every effort has been made
to ensure that SCANX will work correctly on a large range of machines, problems
may arise from time to time. Help us to help you by reporting any problems
that occur with SCANX.

Call or write to:-

The Virus Information Service,
BATES Associates,
TREBLE CLEF HOUSE,
64, Welford Road,
WIGSTON MAGNA,
Leicester LE8 1SL Tel: (UK) 0533 883490