Kaspersky and PornDialer

[Art]

| Well, I'm glad to see you're interested in looking at the
| possibilities. It's been a long time since I've used KAVDOS32. I'm
| pretty sure it uses (relies on) the INI and PRF files if no switches
| are set. Setting command line switches override the PRF option
| setting(s) IIRC. It is confusing, and I used to run checks on sample
| files to make sure I had the options set the way I wanted them.
|
| Basically, just modify the default PRF settings, changing some of
| the No settings to Yes. I rarely used the redundant scan setting
| but you would, of course, if you want to scan just a folder with
| the most paranoid setup options. I believe with KAV, that setting
| causes it to scan the entire file ... and it takes much longer.
| Heuristics are on by default.
|
| Let me know if you continue to have problems with settings.
| I'll be happy to try to help.

The Multi-AV Vendor scanning tool has now been updated to use the Kaspersky Command Line
Scanner and is available through the menu.

The latest version of the Multi AV scanning tool is now available at..
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

Good. I'll not be downloading it unless you're looking for critiques.
My idea was to offer just a small d/l of a KAVDOS32 Kit. To that end,
I did work up a model which does a install in the sense that the
registy is modified to yield a right click option for scanning either
a file or a folder while in Windows Explorer.

I view this KAVDOS32 kit as being for preventative use. Users who
have some other av would benefit from the ability to scan downloads
on-demand and detect malware/spyware/adware in install/setup files,
for one thing.

However, that sort of thing is really covered by KASFX. It's just that
when using that, the user doesn't get the benefit of seeing KAV
scanning all the objects contained ... and in some cases, see the
multiple malwares "within" the containers. If the scanner simply
issues a "ok" mesage, the user has no clue as to whether or not
KAV was actually able to scan within the container. Safe hex dictates
that if KAV can't scan within a container, you delete the container
and say "screw it"

So that's why I've been seriously considering doing a KAVDOS32
"safe hex and prevention" kit. We shall see. Sometimes I think it's
a big waste of time since most users won't use it or understand the
idea.

Art

http://home.epix.net/~artnpeg
Free antivirus:
http://www.ik-cs.com/programs/virtools/KASFX.EXE
http://www.claymania.com/KASFX.EXE
http://tinyurl.com/azzkc

 

[David H. Lipman]

From: "Art" <[email protected]>

|
| Good. I'll not be downloading it unless you're looking for critiques.
| My idea was to offer just a small d/l of a KAVDOS32 Kit. To that end,
| I did work up a model which does a install in the sense that the
| registy is modified to yield a right click option for scanning either
| a file or a folder while in Windows Explorer.
|
| I view this KAVDOS32 kit as being for preventative use. Users who
| have some other av would benefit from the ability to scan downloads
| on-demand and detect malware/spyware/adware in install/setup files,
| for one thing.
|
| However, that sort of thing is really covered by KASFX. It's just that
| when using that, the user doesn't get the benefit of seeing KAV
| scanning all the objects contained ... and in some cases, see the
| multiple malwares "within" the containers. If the scanner simply
| issues a "ok" mesage, the user has no clue as to whether or not
| KAV was actually able to scan within the container. Safe hex dictates
| that if KAV can't scan within a container, you delete the container
| and say "screw it"
|
| So that's why I've been seriously considering doing a KAVDOS32
| "safe hex and prevention" kit. We shall see. Sometimes I think it's
| a big waste of time since most users won't use it or understand the
| idea.
|
| Art
|
| http://home.epix.net/~artnpeg
| Free antivirus:
| http://www.ik-cs.com/programs/virtools/KASFX.EXE
| http://www.claymania.com/KASFX.EXE
| http://tinyurl.com/azzkc

I am always looking for critiques. If you are willing, please try it and email me your
critiques.

The GUI engine is OK, but with its advertising, renaming of files (such as password
protected ZIP files it deems suspicious) I didn't desire wrapping a script around it.
However the Kaspersky CLS is another matter.

The utilities script does provide an easy facility for scanning a particular location. Say
you downloaded "from_internet_installer.exe" and wanted to check it out for malware. You
could place it in a folder such as; c:\suspect and point the scanner to only scanning
c:\suspect .

Adding Kasperski expands the the number of various scanners one can choose to run "On
Demand" in the tool.

 

[Art]

I am always looking for critiques. If you are willing, please try it and email me your
critiques.

I will send you a email if I discover a problem. Right now, I just
want to say that it's quite nice, IMO. I didn't see anything except
I wonder why you chose the /Z "disable aborting" option. With KAVDOS32
you can press the Esc key to stop scanning, which is handy at times.

As fate would have it, I experienced a spate of problems trying to d/l
the defs when I first tried it. It was the same with a different KAV
d/l site. I'd like to find a way around the behaviour of wget when
this happens. You can hit Ctrl-Break and it does at least stop and
respond with a message to use the three fingered salute But it
stays in memory and I have to stop it using a running process killer
or Task Manager. Not too nice, and particularly bad for average users.
If you know of a decent way to abort wget, let me and your Help file
know

Again, it's a nice professional looking job. I'll be looking at it
more over the weekend.

Art

http://home.epix.net/~artnpeg
Free antivirus:
http://www.ik-cs.com/programs/virtools/KASFX.EXE
http://www.claymania.com/KASFX.EXE
http://tinyurl.com/azzkc

 

[David H. Lipman]

From: "Art" <[email protected]>

| On Fri, 07 Oct 2005 15:01:07 GMT, "David H. Lipman"
|
| I will send you a email if I discover a problem. Right now, I just
| want to say that it's quite nice, IMO. I didn't see anything except
| I wonder why you chose the /Z "disable aborting" option. With KAVDOS32
| you can press the Esc key to stop scanning, which is handy at times.
|
| As fate would have it, I experienced a spate of problems trying to d/l
| the defs when I first tried it. It was the same with a different KAV
| d/l site. I'd like to find a way around the behaviour of wget when
| this happens. You can hit Ctrl-Break and it does at least stop and
| respond with a message to use the three fingered salute But it
| stays in memory and I have to stop it using a running process killer
| or Task Manager. Not too nice, and particularly bad for average users.
| If you know of a decent way to abort wget, let me and your Help file
| know
|
| Again, it's a nice professional looking job. I'll be looking at it
| more over the weekend.
|
| Art
|
| http://home.epix.net/~artnpeg
| Free antivirus:
| http://www.ik-cs.com/programs/virtools/KASFX.EXE
| http://www.claymania.com/KASFX.EXE
| http://tinyurl.com/azzkc

Thanx Art !

I value your feedback and your comments to the nth degree !

I added the '/Z' switch parameter because I could NOT escape out of a scan until I add the
'/Z'. I want the user to stop a scan if so desired. Same as done with McAfee and Sophos
modules.

BTW: I experienced download problems at Kaspersky's FTP site this AM. Seems to have
cleared up now.

Note that I also use the '--passive-ftp' WGET.EXE switch parameter for FTP sites.
I do this to help mitigate any problems of DSL users or possible FireWall issues (not
related to port or program blocking).

 

[Norman L. DeForest]

BTW, I just remembered a registry hack that people used to do with
F-Prot DOS. It gives users the ability to simply right click on any
folder to scan it. Here's Uzi's methods (starting at item 7.):

http://www.uzipaz.com/eng/f-prot.html

I didn't change my (Windows 98) registry for that. I just copied a
link to F-Prot into my SendTo folder.
http://www.chebucto.ns.ca/~af380/antivirus.html#fpst
Eight-clicking on a file or directory and selecting F-Prot from the SendTo
menu just scans the selected file or directory (and all subordinate
directories).

Note my comment about Windows ME. It has been reported to me that
Windows ME doesn't properly close the F-Prot Window after a scan so
my tactic may not be appropriate for that OS version. Other reports
say it works fine with Windows ME so YMMV.