Q
qwerty
If F-Prot DOS put up error messages when it can't scan a folder or
whole set of subdirectories, people wouldn't have been fooled into
thinking it was scanning them
F
Franklin
On Wed 13 Apr 2005 15:23:59, Zvi Netiv wrote:
Hello Zvi, I am the OP and I am interested in running F-Prot in XP's
DOS emulation as an on-demand scanner specifically for individual
folders, individual files or individual zip archives.
I want to do this in order to get an extra "opinion" on the
likelihood of the
Do you see any other problems with using F-Prot for DOS for this
(apart from the 79 character name you mention)?
Hello Zvi, I am the OP and I am interested in running F-Prot in XP's
DOS emulation as an on-demand scanner specifically for individual
folders, individual files or individual zip archives.
I want to do this in order to get an extra "opinion" on the
likelihood of the
Do you see any other problems with using F-Prot for DOS for this
(apart from the 79 character name you mention)?
N
null
Just a comment. In order to disinfect/delete, a write capability is
required. Unless things have changed recently, there are no free
drivers with a write capability. That's why purchasing F-Prot for
Windows has been suggested. It comes with a command line
scanner that will do the job for you.
Art
http://home.epix.net/~artnpeg
F
Franklin
Would "NTFSDOS" from System Internals be the right sort of driver to
mount NTFS which you mention above?
http://www.sysinternals.com/ntw2k/freeware/ntfsdos.shtml
Or perhaps "NTFS Reader for DOS" from ntfs.com?
http://www.ntfs.com/products.htm
Z
Zvi Netiv
Franklin said:
Of what? Seems that you pushed "send" prematurely.
The max length for the DOS pathname, actually 67 characters (pathname, less the
file name) for the *fully qualified* directory string (wildcards are not allowed
in directory specification) is not a light limitation.
Another troublesome handicap of F-Prot for DOS is its inability to properly
parse long filenames in the command line. Try the command F-PROT "C:\PROGRAM
FILES" and see what happens. You must pass to F-Prot the correct and full DOS
equivalent of the pathname or it will not find the directory where to start the
scan!
Another limitation that I noticed is that F-Prot for DOS doesn't interpret
properly file / directory names that contain characters that aren't in its
default characters set. This problem manifests itself more under certain
localized OS versions, e.g. Hebrew for example.
See my other post in this thread for a few suggestions.
Regards, Zvi
C
* * Chas
B
B. R. 'BeAr' Ederson
Just to give you an additional opinion on your question: I've been using
F-Prot (DOS) as on-demand scanner on *top level* Download directories
for (many, many) years. In this time I never encountered a problem on
either FAT32 or NTFS.
It has always been my habit to watch the output of the scanner *and* to
create a log file. If I somehow get the feeling that I missed something
on the direct visual inspection I always cross-check the log. Besides,
I let the console window auto-close a few seconds after scan. But I set
an editor window to unconditionally pop up the log if the errorlevel of
F-Prot is not 0 on exit...
I think you can use likewise precautions if you don't need to check very
huge amounts of files. In fact: You furthermore could create a setup
to automatically test a filtered output of the F-Prot log file against a
directory listing of files (short names necessary!).
This way you should get a setup which should be sufficient for the
'extra opinion' scenario you described. Problems related to localized
OS versions (like Zvi described) should show up after a few tests (if
a substantial part of your files is affected). Than you really should
drop the F-Prot solution. In all other cases you just should take a
more carefully watch at the results of scans if files with unusual
characters appear...
HTH.
BeAr
F
Franklin
On Thu 14 Apr 2005 14:59:23, wrote:
The problem I have is that I don't want to get another AV which
gets installed "deeply".
At present, I use AVG as my main AV and if I right-click certain
files which I have downloaded, then AVG sometimes says "Virus
Found".
I also have got Avast installed but I have not installed any of
what Avast calls its "Provider Services" (such as Standard Shield,
Resident Protection, Incoming Email Scanning, Web Shield, P2P
Protection). This means that I can right-click a file and get
Avast to scan it.
HOWEVER ... Avast and AVG do not seem to agree a great deal on
which files are viruses. I know that heuristics (guessing) can be
involved in virus detection but, even so, there appear to be far
too many disagreements between AVG and Avast. Avast seems to miss
genuine viruses which AVG can find.
I think Avast and AVG may be interacting somewhere down in the
bowels of my system. As a result I would like to have a purely
on-demand AV file/folder scanner which doesn't install itself as
deeply as conventional AV scanners do.
And that is why I thought of using F-Prot in the DOS emulation
window. It was a way of keeping F-Prot for DOS a long way away
from the other two AV programs.
Maybe there are better (free) alternatives to F-Prot for DOS which
people here can suggest? Maybe Clamwin? Clamwin is often
referred to as having the disadvatage of not having a resident
shield but maybe it would be suitable for me? The trouble is I
don't know which AV installs itself deeply and which AV doesn't.
I want to avoid any conflicts between AV programs due to AV
installation routines which involve significant registry changes,
recondite autostart embedding, detecting & preventing other AV
software from loading, exclusive locking of drivers & DLLs,
overwriting key files of other AV program and all that stuff.
The problem I have is that I don't want to get another AV which
gets installed "deeply".
At present, I use AVG as my main AV and if I right-click certain
files which I have downloaded, then AVG sometimes says "Virus
Found".
I also have got Avast installed but I have not installed any of
what Avast calls its "Provider Services" (such as Standard Shield,
Resident Protection, Incoming Email Scanning, Web Shield, P2P
Protection). This means that I can right-click a file and get
Avast to scan it.
HOWEVER ... Avast and AVG do not seem to agree a great deal on
which files are viruses. I know that heuristics (guessing) can be
involved in virus detection but, even so, there appear to be far
too many disagreements between AVG and Avast. Avast seems to miss
genuine viruses which AVG can find.
I think Avast and AVG may be interacting somewhere down in the
bowels of my system. As a result I would like to have a purely
on-demand AV file/folder scanner which doesn't install itself as
deeply as conventional AV scanners do.
And that is why I thought of using F-Prot in the DOS emulation
window. It was a way of keeping F-Prot for DOS a long way away
from the other two AV programs.
Maybe there are better (free) alternatives to F-Prot for DOS which
people here can suggest? Maybe Clamwin? Clamwin is often
referred to as having the disadvatage of not having a resident
shield but maybe it would be suitable for me? The trouble is I
don't know which AV installs itself deeply and which AV doesn't.
I want to avoid any conflicts between AV programs due to AV
installation routines which involve significant registry changes,
recondite autostart embedding, detecting & preventing other AV
software from loading, exclusive locking of drivers & DLLs,
overwriting key files of other AV program and all that stuff.
F
Franklin
Of what? Seems that you pushed "send" prematurely.
Yikes! Apologies Zvi. I meant to say this:
I want to do this [run F-Prot for DOS] in order
to get an extra "opinion" on the likelihood of
the file, folder or archive being a virus.
I explain my thinking in more detail in another posting to this
thread which I have I just made where I say the following.
==================== START QUOTE =====================
The problem I have is that I don't want to get another AV which gets
installed "deeply".
At present, I use AVG as my main AV and if I right-click certain
files which I have downloaded, then AVG sometimes says "Virus Found".
I also have got Avast installed but I have not installed any of what
Avast calls its "Provider Services" (such as Standard Shield,
Resident Protection, Incoming Email Scanning, Web Shield, P2P
Protection). This means that I can right-click a file and get Avast
to scan it.
HOWEVER ... Avast and AVG do not seem to agree a great deal on which
files are viruses. I know that heuristics (guessing) can be involved
in virus detection but, even so, there appear to be far too many
disagreements between AVG and Avast. Avast seems to
miss genuine viruses which AVG can find.
I think Avast and AVG may be interacting somewhere down in the bowels
of my system. As a result I would like to have a purely on-demand AV
file/folder scanner which doesn't install itself as deeply as
conventional AV scanners do.
And that is why I thought of using F-Prot in the DOS emulation
window. It was a way of keeping F-Prot for DOS a long way away from
the other two AV programs.
Maybe there are better (free) alternatives to F-Prot for DOS which
people here can suggest? Maybe Clamwin? Clamwin is often referred
to as having the disadvatage of not having a resident shield but
maybe it would be suitable for me? The trouble is I don't know which
AV installs itself deeply and which AV doesn't.
I want to avoid any conflicts between AV programs due to AV
installation routines which involve significant registry changes,
recondite autostart embedding, detecting & preventing other AV
software from loading, exclusive locking of drivers & DLLs,
overwriting key files of other AV program and all that stuff.
==================== END QUOTE =====================
W
What's in a Name?
Franklin said:
I have used clamwin along side of avast(I use eTrust now) without any
problems.I also use sysclean from trend.
You may want to look into script monitors/blockers like script
sentry,script defender,spywareguard,spywareblaster.
I have links on my pages.
-max
Z
Zvi Netiv
There is no need for either. See below.
I don't think that multiple on-demand scanners are a good idea nor necessary (in
case of an ambiguity you can always try online inspection, like VirusTotal) but
you made your requirements very clear.
Bottom line: F-Prot for DOS, proper, won't fit your purpose, but the command
line F-Prot scanner (FPCMD) for Windows will. Just import FPCMD.EXE from the
Windows version and use it instead of F-Prot.exe. For command line syntax run
FPCMD -HELP.
Windows 9x/Me users that wish to use the same, I recommend the ToggleMode
utility from www.invircible.com/item/80 It will let run F-Prot from safe with
command prompt like-mode under all Win32 versions.
Regards, Zvi
I don't think that multiple on-demand scanners are a good idea nor necessary (in
case of an ambiguity you can always try online inspection, like VirusTotal) but
you made your requirements very clear.
Bottom line: F-Prot for DOS, proper, won't fit your purpose, but the command
line F-Prot scanner (FPCMD) for Windows will. Just import FPCMD.EXE from the
Windows version and use it instead of F-Prot.exe. For command line syntax run
FPCMD -HELP.
Windows 9x/Me users that wish to use the same, I recommend the ToggleMode
utility from www.invircible.com/item/80 It will let run F-Prot from safe with
command prompt like-mode under all Win32 versions.
Regards, Zvi
M
MEL
Franklin said:
I use Antidote as an on demand scanner to back-up my
normal anti-virus software. It uses Kaspersky's engine/
virus database which is reportedly one of the best
on the market.
The down side is there is no disinfect. Updated weekly -
Friday night (date of sig file in program name)
http://www.vintage-solutions.com/English/Antivirus/Super/
There's a more regularly updated alternative
- also Kaspersky based here (also no disinfect)
However I've had problems with this removing
registry start-up entries it errantly reports as invalid.
http://www.mwti.net/antivirus/mwav.asp
C
* * Chas
You will probably need to disable AVG's full time scanner when you run
F-Prot because it will detect what it sees as a virus when F-Prot
tries to access the file which will defeat your purpose.
I run F-Prot from desktop Icons to check specific folders or drives,
for example my floppy drive:
C:\F-PROT\F-PROT.EXE A:\ /ARCHIVE /PACKED /BEEP /DUMB
C
* * Chas
Zvi Netiv said:
Zvi,
I've run into enough false positives over the years to feel a need for
at least 1 backup AV scanner.
I had a weird thing happen last year. I still have the final update of
Dr. Solomons installed on one of my older systems. I ran across some
malware that overwrote my Notepad.exe.
The heuristics in the old Dr. Solomons was the only thing I had that
identified the particular WM32 virus that caused the problem (it was
weeks before NAV, KAV and F-Prot listed this specific villain).
Z
Zvi Netiv
* * Chas said:
You should be new to this newsgroup to tell me this.
My position, foryears, has been that you don't need even a single scanner to keep your system
protected from malware. The use for scanners, in my view, is the identification
of affecting malware, and cleaning from. Detection and prevention are better
handled by generic means without depending on critical updates. A white paper
that describes that approach is available from www.invircible.com/item/65
Scanners have their use as stated above, but you need not tying yourself to any
particular product for that purpose, you can always submit the suspicious
sample, detected by generic means, for online inspection, and then choose the
best available removal tool for the particular malware. In many cases there
will be no dedicated cleaner yet and the generic means will be the only thing
available to contain the attack.
I wouldn't draw any operational conclusions from that anecdotal event. If
curious, then read in www.invircible.com/item/81 how to generally handle PE
infectors without depending on virus definition updates.
Regards, Zvi
F
Franklin
On Fri 15 Apr 2005 23:42:40, MEL wrote:
Mel, both look interesting.
The first one, Antidote, has Chinese characters on its download
button (which tends to worry me a little bit). Neither download link
is working (the status symbol shows a red cross). Is there another
location to get this program?
As for the second one MWAV, what does it do with the reg startup
entries which it removes? Can they be simply restored from somewhere
in MWAV?
Mel, both look interesting.
The first one, Antidote, has Chinese characters on its download
button (which tends to worry me a little bit). Neither download link
is working (the status symbol shows a red cross). Is there another
location to get this program?
As for the second one MWAV, what does it do with the reg startup
entries which it removes? Can they be simply restored from somewhere
in MWAV?
M
Mel
Franklin said:
Unfortunately, I'm not aware of any other download location
for Antidote. Usually there's enough capacity when I visit, otherwise
you have to try the next day. I don't know the meaning of the
Chinese characters, the program itself is in English.
My problem with Mwav (escan.exe) affected a couple of programs
start-up entries, neither of which specify the full path.
One is MS Intellipoint: message from Mwav's log:-
"ERROR!!! Invalid Entry POINTER = point32.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Removing it."
MWAV apparently can't find the point32.exe so it just deletes
the start-up entry (I assume windows locates the executable
using a registry entry called AppPath and MWav doesn't check
this).
Adding the full path would fix this, and as I recall remembering to
untick "Registry and INI Files" under Scan options avoids
the problem. However having just looked at the log file there
also appears to be a Size Restriction on the files it will scan
that I wasn't previously aware of.
It should also be noted that if mwav finds anything it will
nag you to purchase the full version.
Incidentally as both programs use the same kaspersky files
manually unzipping both to the same directory would
allow you to update one program's signature files
with those from the other, however this is probably
in breach of one, or both's Terms and Conditions.
H
Howard Schwartz
There seems to be some agreement that, successfully running F-Prot
depends more on the OS you are running, rather than the file system.
Presumably the Dos emulation of win 2k or XP knows how to read
filenames in the NTFS format and deliver them to dos programs?
I converted my win 2K to fat-32 anyway so I could have some decent
freeware tools to handle the disk and some compatibility with
prior programs and versions of windows.
I wonder if using the Dos-Box emulation under XP would help
F-prot? Other dos programs that do not run correctly under
XP's shell, command.com, or cmd.exe -- seem to run OK under
the better Dos-Box emulation.
If you have a fat-32 file system, I do not see why you
can not simply start your PC with a floppy running
some version of real mode dos 7x, and use F-Prot with
no problems: The program should have no problem with
filenames in this case.
Is it that the dos version of F-Prot does not know
the virus signatures of programs that run only under
XP? No - that could not be true, since the data
tables are the same as for the shareware version, yes?
S
Sir Nigel Puke-Fuui
I have been using exactlly this method with F-prot for several
years now and it works perfectly. I use DOS-7 borrowed from
my Windows 95 laptop to produce a boot disk. F-prot itself is
too big to run from a floppy so it has its own directory on the C-drive.
I use two signature files, fp-def.zip and macrdef2.zip.
It only takes a few minutes to download them from
F-Prot's FTP server and un-zip them to the f-prot directory
on the C:drive. I also keep a copy of the EICAR virus
test file stashed somewhere on the hard drive and
expect to see it detected whenever F-prot is run.
D
David
You mean that it just went ahead and did it without asking for
confirmation? That would be enough for me to ditch it.