TweetFollow Us on Twitter

Virus Scout
Volume Number:7
Issue Number:1
Column Tag:Programmer's Forum

Virus Scout

By David T. Craig, Kansas City, MO

A Simple Macintosh Virus Scout Pascal Unit

In the past year the Apple Macintosh computer has become plagued by viruses. My work place was struck twice by a virus last year. As a Macintosh programmer I became determined to provide a software solution to this growing problem. My solution is called the Virus Scout, a Pascal unit that attempts to detect the existence of several viruses in either an application or the System file.

Virus Scout is a very simple anti-virus unit written in MPW Pascal. It should easily be portable to other Macintosh Pascal compilers such as Think Pascal. Virus Scout attempts to detect the following viruses:

Scores nVIR Hpat AIDS MEV# INIT29 JUDE

The viruses ANTI and MacMag are listed in the unit source but are not detected since I don’t have any technical information on how to detect them. Once Virus Scout has detected a virus you should immediately run one of the many virus buster programs. I prefer Disinfectant since it appears to do a through job.

Using Virus Scout is very simple from an application. Once compiled and linked to your application you may call its single entry point:

{1}

FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;

The Virus_Found function returns TRUE if at least one virus was found in either the application or the System file. The vTypes parameter is a record of booleans each corresponding to a virus type. Your program should call Virus_Found shortly after starting and if a virus was found you should display a dialog and immediately quit to the Finder. Refer to the source code for the methods used to detect a virus.

Virus Scout is only a beginning in the fight against Macintosh viruses. I hope other programmers will extend my Virus Scout to detect more viruses and hopefully even eradicate them.

Listing 1:  Virus_Scout.p

{ ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
 • MODULE ..... Virus Scout
 • DATE ....... June 1990
 • AUTHOR ..... David T. Craig
 • ADDRESS .... 9939 Locust # 4013, Kansas City, MO 64131
 • LANGUAGE ... Apple MPW Pascal 3.0
 • COMPUTER ... Apple Macintosh
 ••••••••••••••••••••••••••••••••••••••••••••••••••••• }

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••
 •
 • FILE INFORMATION:
 •
 • This file contains a very simple virus detection routine.  This routine 
attempts to detect the following viri:
 •
 • Scores  nVIR  Hpat  AIDS  MEV#  INIT29  ANTI  MacMag  JUDE
 •      
 • If one of these viri is found, then a flag is set in the output parameter 
for the particular virus.
 •
 • Refer to the superb Disinfectant program and its documentation for 
the details behind Macintosh viri.
 •
 • Note: Viri ANTI and MacMag are not detected since I don’t have any 
technical information on how to detect them.
 •
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

UNIT Virus_Scout;
 
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
INTERFACE
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

USES
 MemTypes, QuickDraw, OSIntf, OSUtils, ToolIntf, PackIntf, Traps, Printing, 
Picker, Perf, PasLibIntf;

{$S SgVirusScout}

TYPE
 gt_VirusTypes   = PACKED RECORD
 virus_Scores : BOOLEAN;
 virus_nVir   : BOOLEAN;
 virus_Hpat   : BOOLEAN;
 virus_AIDS   : BOOLEAN;
 virus_MEV    : BOOLEAN;
 virus_INIT29 : BOOLEAN;
 virus_ANTI   : BOOLEAN;
 virus_MacMag : BOOLEAN;
 virus_JUDE   : BOOLEAN;
 END;

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••
  • Routine : Virus_Found
  • Purpose : Test if any viri exist within the program or system file
  • Input   : (none)
  • Output  : Virus_Found - True --> virus was found in program or system
  •           vTypes      - types of found viri
  • Notes   : Reference: Disinfectant 1.1 documentation (April 16, 1989)
  •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
IMPLEMENTATION
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
 {$R+      } { enable range checking }
 {$D+      } { place debugger symbols in object code }
 {$MC68020-} { always produce plain 68000 code here }

{ ••••••••••••••••••••••••••••••••••••••••••••••••••••••
  • Routine : Virus_Found
  •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;
 VAR
 sob_virus    : BOOLEAN;   { virus found flag }
 res_count    : INTEGER;   { resource type count }
 res_handle   : Handle;    { resource data handle }
 machine_info : SysEnvRec; { machine low-level info }
 finder_info  : FInfo;     { Finder info for a file }
 vf_error     : gt_Error;  { error result }
BEGIN { ------ Virus_Found ------ }
{ fetch the volume refnum for the Macintosh System Folder }
 vf_error := SysEnvirons(1,machine_info);
 
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                 Scores virus                +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find file “Scores” or “Desktop “ in System Folder] }
      
 vf_error := GetFInfo(‘Scores’,machine_info.SysVRefNum,finder_info);

 vTypes.virus_Scores := (vf_error = NoErr);
 IF vTypes.virus_Scores = FALSE THEN
 BEGIN
 vf_error := GetFInfo(‘Desktop ‘,machine_info.SysVRefNum,finder_info);
 vTypes.virus_Scores := (vf_error = NoErr);
 END;
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  nVir virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “nVIR” resource in app or System File] }
 res_count := CountResources(‘nVIR’);
 vTypes.virus_nVir := (res_count > 0);
        
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  JUDE virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “JUDE” resource in app or System File] }
 res_count := CountResources(‘JUDE’);
 vTypes.virus_JUDE := (res_count > 0);

{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  Hpat virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “Hpat” resource] }
 res_count := CountResources(‘Hpat’);
 vTypes.virus_Hpat := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  AIDS virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “AIDS” resource] }
 res_count := CountResources(‘AIDS’);
 vTypes.virus_AIDS := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  MEV# virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “MEV#” resource] }
 res_count := CountResources(‘MEV#’);
 vTypes.virus_MEV := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  INIT29 virus               +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “INIT” 29 resource] }
 res_handle := GetResource(‘INIT’,29);
 vTypes.virus_INIT29 := (res_handle <> NIL);
 IF res_handle <> NIL THEN ReleaseResource(res_handle);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  ANTI virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: ?????????????????????????] }
 vTypes.virus_ANTI := FALSE; { ??? NEED TO ADD TEST ??? }
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  MacMag vir                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: ?????????????????????????] }
 vTypes.virus_MacMag := FALSE; { ??? NEED TO ADD TEST ??? }
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++      result of the virus hunt to caller     +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
 sob_virus := FALSE; { assume no viri were found }
 WITH vTypes DO
 BEGIN
 IF virus_Scores THEN sob_virus := TRUE;
 IF virus_nVir   THEN sob_virus := TRUE;
 IF virus_Hpat   THEN sob_virus := TRUE;
 IF virus_AIDS   THEN sob_virus := TRUE;
 IF virus_MEV    THEN sob_virus := TRUE;
 IF virus_INIT29 THEN sob_virus := TRUE;
 IF virus_ANTI   THEN sob_virus := TRUE;
 IF virus_MacMag THEN sob_virus := TRUE;
 IF virus_JUDE   THEN sob_virus := TRUE;
 END; { WITH vTypes }
        
 Virus_Found := sob_virus;
      
 END;  { ------ Virus_Found ------ }
END.

 
AAPL
$501.11
Apple Inc.
+2.43
MSFT
$34.64
Microsoft Corpora
+0.15
GOOG
$898.03
Google Inc.
+16.02

MacTech Search:
Community Search:

Software Updates via MacUpdate

Paperless 2.3.1 - Digital documents mana...
Paperless is a digital documents manager. Remember when everyone talked about how we would soon be a paperless society? Now it seems like we use paper more than ever. Let's face it - we need and we... Read more
Apple HP Printer Drivers 2.16.1 - For OS...
Apple HP Printer Drivers includes the latest HP printing and scanning software for Mac OS X 10.6, 10.7 and 10.8. For information about supported printer models, see this page.Version 2.16.1: This... Read more
Yep 3.5.1 - Organize and manage all your...
Yep is a document organization and management tool. Like iTunes for music or iPhoto for photos, Yep lets you search and view your documents in a comfortable interface, while offering the ability to... Read more
Apple Canon Laser Printer Drivers 2.11 -...
Apple Canon Laser Printer Drivers is the latest Canon Laser printing and scanning software for Mac OS X 10.6, 10.7 and 10.8. For information about supported printer models, see this page.Version 2.11... Read more
Apple Java for Mac OS X 10.6 Update 17 -...
Apple Java for Mac OS X 10.6 delivers improved security, reliability, and compatibility by updating Java SE 6.Version Update 17: Java for Mac OS X 10.6 Update 17 delivers improved security,... Read more
Arq 3.3 - Online backup (requires Amazon...
Arq is online backup for the Mac using Amazon S3 and Amazon Glacier. It backs-up and faithfully restores all the special metadata of Mac files that other products don't, including resource forks,... Read more
Apple Java 2013-005 - For OS X 10.7 and...
Apple Java for OS X 2013-005 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_65. On systems that have not already installed Java for OS X 2012-006, this... Read more
DEVONthink Pro 2.7 - Knowledge base, inf...
Save 10% with our exclusive coupon code: MACUPDATE10 DEVONthink Pro is your essential assistant for today's world, where almost everything is digital. From shopping receipts to important research... Read more
VirtualBox 4.3.0 - x86 virtualization so...
VirtualBox is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers... Read more
Merlin 2.9.2 - Project management softwa...
Merlin is the only native network-based collaborative Project Management solution for Mac OS X. This version offers many features propelling Merlin to the top of Mac OS X professional project... Read more
 

See All

Briquid Gets Updated with New Undo Butto...
Briquid Gets Updated with New Undo Button, Achievements, and Leaderboards, on Sale for $0.99 Posted by Andrew Stevens on October 16th, 2013 [ | Read more »
Halloween – iLovecraft Brings Frightenin...
Halloween – iLovecraft Brings Frightening Stories From Author H.P. | Read more »
The Blockheads Creator David Frampton Gi...
The Blockheads Creator David Frampton Gives a Postmortem on the Creation Process of the Game Posted by Andrew Stevens on October 16th, 2013 [ permalink ] Hey, a | Read more »
Sorcery! Enhances the Gameplay in Latest...
Sorcery! | Read more »
It Came From Australia: Tiny Death Star
NimbleBit and Disney have teamed up to make Star Wars: Tiny Death Star, a Star Wars take on Tiny Tower. Right now, the game is in testing in Australia (you will never find a more wretched hive of scum and villainy) but we were able to sneak past... | Read more »
FIST OF AWESOME Review
FIST OF AWESOME Review By Rob Rich on October 16th, 2013 Our Rating: :: TALK TO THE FISTUniversal App - Designed for iPhone and iPad A totalitarian society of bears is only the tip of the iceberg in this throwback brawler.   | Read more »
PROVERBidioms Paints English Sayings in...
PROVERBidioms Paints English Sayings in a Picture for Users to Find Posted by Andrew Stevens on October 16th, 2013 [ permalink ] | Read more »
OmniFocus 2 for iPhone Review
OmniFocus 2 for iPhone Review By Carter Dotson on October 16th, 2013 Our Rating: :: OMNIPOTENTiPhone App - Designed for the iPhone, compatible with the iPad OmniFocus 2 for iPhone is a task management app for people who absolutely... | Read more »
Ingress – Google’s Augmented-Reality Gam...
Ingress – Google’s Augmented-Reality Game to Make its Way to iOS Next Year Posted by Andrew Stevens on October 16th, 2013 [ permalink ] | Read more »
CSR Classics is Full of Ridiculously Pre...
CSR Classics is Full of Ridiculously Pretty Classic Automobiles Posted by Rob Rich on October 16th, 2013 [ permalink ] | Read more »
See All

Price Scanner via MacPrices.net

Apple Store Canada offers refurbished 11-inch...
 The Apple Store Canada has Apple Certified Refurbished 2013 11″ MacBook Airs available starting at CDN$ 849. Save up to $180 off the cost of new models. An Apple one-year warranty is included with... Read more
Updated MacBook Price Trackers
We’ve updated our MacBook Price Trackers with the latest information on prices, bundles, and availability on MacBook Airs, MacBook Pros, and the MacBook Pros with Retina Displays from Apple’s... Read more
13-inch Retina MacBook Pros on sale for up to...
B&H Photo has the 13″ 2.5GHz Retina MacBook Pro on sale for $1399 including free shipping. Their price is $100 off MSRP. They have the 13″ 2.6GHz Retina MacBook Pro on sale for $1580 which is $... Read more
AppleCare Protection Plans on sale for up to...
B&H Photo has 3-Year AppleCare Warranties on sale for up to $105 off MSRP including free shipping plus NY sales tax only: - Mac Laptops 15″ and Above: $244 $105 off MSRP - Mac Laptops 13″ and... Read more
Apple’s 64-bit A7 Processor: One Step Closer...
PC Pro’s Darien Graham-Smith reported that Canonical founder and Ubuntu Linux creator Mark Shuttleworth believes Apple intends to follow Ubuntu’s lead and merge its desktop and mobile operating... Read more
MacBook Pro First, Followed By iPad At The En...
French site Info MacG’s Florian Innocente says he has received availability dates and order of arrival for the next MacBook Pro and the iPad from the same contact who had warned hom of the arrival of... Read more
Chart: iPad Value Decline From NextWorth
With every announcement of a new Apple device, serial upgraders begin selling off their previous models – driving down the resale value. So, with the Oct. 22 Apple announcement date approaching,... Read more
SOASTA Survey: What App Do You Check First in...
SOASTA Inc., the leader in cloud and mobile testing announced the results of its recent survey showing which mobile apps are popular with smartphone owners in major American markets. SOASTA’s survey... Read more
Apple, Samsung Reportedly Both Developing 12-...
Digitimes’ Aaron Lee and Joseph Tsai report that Apple and Samsung Electronics are said to both be planning to release 12-inch tablets, and that Apple is currently cooperating with Quanta Computer on... Read more
Apple’s 2011 MacBook Pro Lineup Suffering Fro...
Appleinsider’s Shane Cole says that owners of early-2011 15-inch and 17-inch MacBook Pros are reporting issues with those models’ discrete AMD graphics processors, which in some cases results in the... Read more
 

Jobs Board

*Apple* Retail - Manager - Apple (United Sta...
Job SummaryKeeping an Apple Store thriving requires a diverse set of leadership skills, and as a Manager, youre a master of them all. In the stores fast-paced, dynamic Read more
*Apple* Support / *Apple* Technician / Mac...
Apple Support / Apple Technician / Mac Support / Mac Set up / Mac TechnicianMac Set up and Apple Support technicianThe person we are looking for will have worked Read more
Senior Mac / *Apple* Systems Engineer - 318...
318 Inc, a top provider of Apple solutions is seeking a new Senior Apple Systems Engineer to be based out of our Santa Monica, California location. We are a Read more
*Apple* Retail - Manager - Apple Inc. (Unite...
Job Summary Keeping an Apple Store thriving requires a diverse set of leadership skills, and as a Manager, you’re a master of them all. In the store’s fast-paced, Read more
*Apple* Solutions Consultant - Apple (United...
**Job Summary** Apple Solutions Consultant (ASC) - Retail Representatives Apple Solutions Consultants are trained by Apple on selling Apple -branded products Read more

  • Generate a short URL for this page:



All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.