Note: Unregistered shareware version of VDS does not include VDSTSR and VDSMSG for Windows. VDSTSR 3.0 Copyright (c) 1993-95 VDS Advanced Research Group VDSTSR provides memory-resident virus scanning before execution or copying of files as well as floppy diskette boot sectors before a warmboot attempt. If it determines that the file that is about to be run or copied contains a known virus, it will warn the user showing the name of the virus and then deny the request. Similarly, if there is a floppy diskette left in drive A: and it is found to contain a boot sector virus, VDSTSR will warn the user and cancel the warmboot attempt. The purpose of VDSTSR is to prevent introduction of viruses to PCs in a transparent manner. In other words, the user need not run a virus scanner manually every time he/she runs a program or copies new files to his/her hard/floppy disk. If there is a floppy diskette containing a boot sector virus in drive A: and the user attempts to warmboot the computer without opening the drive door first, VDSTSR scans the floppy diskette for boot sector viruses and issues a warning. This effectively prevents infections from common boot sector viruses such as Stoned and Michelangelo. As a side effect of this type of mechanism, copy operations will be slowed down by about 50% depending on the system configuration. The apparent time delay in program loading, however, is negligible. Optionally, the user can specify not to scan upon copy operations but only before execution of programs. Another side effect is the memory required to keep all virus signatures and names in memory. Although the code is barely 5K, the signature database takes up about 38K. The good news is that, VDSTSR can be loaded high under DOS 5.0 and above, therefore not reducing the precious 640K conventional memory. To keep the program size to a minimum, VDSTSR only provides a simple message displaying the virus name and the program as well as producing a beep on the system speaker to get the user's attention. It does not provide any options to unload it from memory or support other fancy but rarely used features. Following example illustrates a typical case: C:\> TEST\FRODO.EXE 4096 virus found in FRODO.EXE Access denied C:\> The last message comes from COMMAND.COM since VDSTSR issued an error code 5 as response to the request to execute the program file FRODO.EXE. During copy operations, the following message would be displayed: C:\> COPY C:\TEST\FRODO.EXE FRODO2.EXE 4096 virus found in FRODO.EXE Invalid function C:\> If the user hits the Ctrl-Alt-Del key combination in order to reboot, and there is a floppy diskette in drive A: with an infected boot sector, a message such as the following is displayed: C:\> Stoned-2 virus found in floppy diskette boot sector. Remove the floppy diskette from drive A: now! C:\> VDSTSR scans floppy diskette boot sectors upon access. If you put a diskette in drive B:, for example, and issue the "DIR B:" command, VDSTSR will kick in and scan the boot sector. If a virus is found in the boot sector, VDSTSR will warn you and pause after posting an audible alert. You can disable this by specifying the /I option. VDSTSR has only a few command line options and does not require any special procedure to install. VDSTSR requires DOS 3.0 or higher to operate. VDSTSR [/COPY] [/DISKSWAP] [/IGNORE BOOT SECTOR SCAN] The default is NOT to scan during copy operations, but only before program execution and warmboot attempts. It also does NOT swap virus information to the disk. If you enable swapping, then VDSTSR shrinks its size down to 24K instead of 43K. Note that VDSTSR will continue to reliably detect viruses even if the swapped virus information becomes unavailable. It simply would not be able to give you an exact identification of the virus. VDSTSR should be placed in the AUTOEXEC.BAT file before any other TSRs except network drivers and compression drivers. It should not create any conflicts since it is a well-behaved TSR that only monitors a few operating system calls, swithces to its own stack, installs a critical error handler during disk access and so on. If you encounter any problems, please notify us and we will immediately investigate it and come up with a solution. VDSTSR can also scan newly created .COM and .EXE files. For example, when you "unzip" a .ZIP archive, you get back the original files, some of which may be executable. If you choose to scan during copy operations, VDSTSR waits until the new file is created, and scans it when the operation is complete. If it finds a virus inside the newly created file, it will beep and tell you its name followed by a pause. It will not delete the file. It is up to you to take action in such cases. Similarly, if you try to "zip" infected files, VDSTSR scans them and prevents an infected file to be included in an archive. You must specify /C (scan on copy) option for this to work. "Zip" operation is allowed to continue for clean files as usual. Note that VDSTSR is not limited to scanning during "unzip/zip" as some other anti-virus programs may be. The method VDSTSR uses is independent of the archive utility used. In other words, VDSTSR will scan PAK, ZOO, ZIP, etc. archives upon de-archiving attempt. While in archived forms, a virus cannot affect your computer. The potential for danger becomes a real one once the infected file is de-archived. It is at this moment that VDSTSR comes to your help. As an added advantage, if your archive utility gets updated, VDSTSR need not be modified as some other anti-virus programs have to be. The accompanying utility program named ISVDSTSR.COM provides DOS errorlevel codes suitable for batch file use. You can test if VDSTSR is loaded by simply running ISVDSTSR and then checking the DOS errorlevel. If it is set to 1, then VDSTSR is active in memory. This utility is mainly for networked environments that wish to enforce their anti-virus policy of making sure that any workstation logging into the network is running VDSTSR. If the workstation does not have VDSTSR loaded, then the system administrator can choose to load it by running it off of the server or even post a message and disallow access to the file server. Here is an example: ;;;;;;;;;;;; Start of Example ;;;;;;;;;;;;;;;; F:\APPS\VDSPRO30\ISVDSTSR.COM IF ERRORLEVEL == 1 GOTO OKAY echo You MUST have VDSTSR loaded on your workstation to protect the LAN echo against viruses. If you have any questions, please contact x5112. pause F:\APPS\VDSPRO30\VDSTSR.EXE /C /D :OKAY ;;;;;;;;;;;; End of Example ;;;;;;;;;;;;;;;;;; For detailed instructions on using VDS Pro in networked environments, please consult the VDS Network Administrator's Guide.