TweetFollow Us on Twitter

Virus Scout
Volume Number:7
Issue Number:1
Column Tag:Programmer's Forum

Virus Scout

By David T. Craig, Kansas City, MO

A Simple Macintosh Virus Scout Pascal Unit

In the past year the Apple Macintosh computer has become plagued by viruses. My work place was struck twice by a virus last year. As a Macintosh programmer I became determined to provide a software solution to this growing problem. My solution is called the Virus Scout, a Pascal unit that attempts to detect the existence of several viruses in either an application or the System file.

Virus Scout is a very simple anti-virus unit written in MPW Pascal. It should easily be portable to other Macintosh Pascal compilers such as Think Pascal. Virus Scout attempts to detect the following viruses:

Scores nVIR Hpat AIDS MEV# INIT29 JUDE

The viruses ANTI and MacMag are listed in the unit source but are not detected since I don’t have any technical information on how to detect them. Once Virus Scout has detected a virus you should immediately run one of the many virus buster programs. I prefer Disinfectant since it appears to do a through job.

Using Virus Scout is very simple from an application. Once compiled and linked to your application you may call its single entry point:

{1}

FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;

The Virus_Found function returns TRUE if at least one virus was found in either the application or the System file. The vTypes parameter is a record of booleans each corresponding to a virus type. Your program should call Virus_Found shortly after starting and if a virus was found you should display a dialog and immediately quit to the Finder. Refer to the source code for the methods used to detect a virus.

Virus Scout is only a beginning in the fight against Macintosh viruses. I hope other programmers will extend my Virus Scout to detect more viruses and hopefully even eradicate them.

Listing 1:  Virus_Scout.p

{ ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
 • MODULE ..... Virus Scout
 • DATE ....... June 1990
 • AUTHOR ..... David T. Craig
 • ADDRESS .... 9939 Locust # 4013, Kansas City, MO 64131
 • LANGUAGE ... Apple MPW Pascal 3.0
 • COMPUTER ... Apple Macintosh
 ••••••••••••••••••••••••••••••••••••••••••••••••••••• }

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••
 •
 • FILE INFORMATION:
 •
 • This file contains a very simple virus detection routine.  This routine 
attempts to detect the following viri:
 •
 • Scores  nVIR  Hpat  AIDS  MEV#  INIT29  ANTI  MacMag  JUDE
 •      
 • If one of these viri is found, then a flag is set in the output parameter 
for the particular virus.
 •
 • Refer to the superb Disinfectant program and its documentation for 
the details behind Macintosh viri.
 •
 • Note: Viri ANTI and MacMag are not detected since I don’t have any 
technical information on how to detect them.
 •
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

UNIT Virus_Scout;
 
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
INTERFACE
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

USES
 MemTypes, QuickDraw, OSIntf, OSUtils, ToolIntf, PackIntf, Traps, Printing, 
Picker, Perf, PasLibIntf;

{$S SgVirusScout}

TYPE
 gt_VirusTypes   = PACKED RECORD
 virus_Scores : BOOLEAN;
 virus_nVir   : BOOLEAN;
 virus_Hpat   : BOOLEAN;
 virus_AIDS   : BOOLEAN;
 virus_MEV    : BOOLEAN;
 virus_INIT29 : BOOLEAN;
 virus_ANTI   : BOOLEAN;
 virus_MacMag : BOOLEAN;
 virus_JUDE   : BOOLEAN;
 END;

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••
  • Routine : Virus_Found
  • Purpose : Test if any viri exist within the program or system file
  • Input   : (none)
  • Output  : Virus_Found - True --> virus was found in program or system
  •           vTypes      - types of found viri
  • Notes   : Reference: Disinfectant 1.1 documentation (April 16, 1989)
  •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
IMPLEMENTATION
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
 {$R+      } { enable range checking }
 {$D+      } { place debugger symbols in object code }
 {$MC68020-} { always produce plain 68000 code here }

{ ••••••••••••••••••••••••••••••••••••••••••••••••••••••
  • Routine : Virus_Found
  •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;
 VAR
 sob_virus    : BOOLEAN;   { virus found flag }
 res_count    : INTEGER;   { resource type count }
 res_handle   : Handle;    { resource data handle }
 machine_info : SysEnvRec; { machine low-level info }
 finder_info  : FInfo;     { Finder info for a file }
 vf_error     : gt_Error;  { error result }
BEGIN { ------ Virus_Found ------ }
{ fetch the volume refnum for the Macintosh System Folder }
 vf_error := SysEnvirons(1,machine_info);
 
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                 Scores virus                +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find file “Scores” or “Desktop “ in System Folder] }
      
 vf_error := GetFInfo(‘Scores’,machine_info.SysVRefNum,finder_info);

 vTypes.virus_Scores := (vf_error = NoErr);
 IF vTypes.virus_Scores = FALSE THEN
 BEGIN
 vf_error := GetFInfo(‘Desktop ‘,machine_info.SysVRefNum,finder_info);
 vTypes.virus_Scores := (vf_error = NoErr);
 END;
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  nVir virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “nVIR” resource in app or System File] }
 res_count := CountResources(‘nVIR’);
 vTypes.virus_nVir := (res_count > 0);
        
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  JUDE virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “JUDE” resource in app or System File] }
 res_count := CountResources(‘JUDE’);
 vTypes.virus_JUDE := (res_count > 0);

{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  Hpat virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “Hpat” resource] }
 res_count := CountResources(‘Hpat’);
 vTypes.virus_Hpat := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  AIDS virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “AIDS” resource] }
 res_count := CountResources(‘AIDS’);
 vTypes.virus_AIDS := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  MEV# virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “MEV#” resource] }
 res_count := CountResources(‘MEV#’);
 vTypes.virus_MEV := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  INIT29 virus               +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “INIT” 29 resource] }
 res_handle := GetResource(‘INIT’,29);
 vTypes.virus_INIT29 := (res_handle <> NIL);
 IF res_handle <> NIL THEN ReleaseResource(res_handle);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  ANTI virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: ?????????????????????????] }
 vTypes.virus_ANTI := FALSE; { ??? NEED TO ADD TEST ??? }
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  MacMag vir                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: ?????????????????????????] }
 vTypes.virus_MacMag := FALSE; { ??? NEED TO ADD TEST ??? }
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++      result of the virus hunt to caller     +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
 sob_virus := FALSE; { assume no viri were found }
 WITH vTypes DO
 BEGIN
 IF virus_Scores THEN sob_virus := TRUE;
 IF virus_nVir   THEN sob_virus := TRUE;
 IF virus_Hpat   THEN sob_virus := TRUE;
 IF virus_AIDS   THEN sob_virus := TRUE;
 IF virus_MEV    THEN sob_virus := TRUE;
 IF virus_INIT29 THEN sob_virus := TRUE;
 IF virus_ANTI   THEN sob_virus := TRUE;
 IF virus_MacMag THEN sob_virus := TRUE;
 IF virus_JUDE   THEN sob_virus := TRUE;
 END; { WITH vTypes }
        
 Virus_Found := sob_virus;
      
 END;  { ------ Virus_Found ------ }
END.

 
AAPL
$111.78
Apple Inc.
-0.87
MSFT
$47.66
Microsoft Corpora
+0.14
GOOG
$516.35
Google Inc.
+5.25

MacTech Search:
Community Search:

Software Updates via MacUpdate

NeoOffice 2014.6 - Mac-tailored, OpenOff...
NeoOffice is a complete office suite for OS X. With NeoOffice, users can view, edit, and save OpenOffice documents, PDF files, and most Microsoft Word, Excel, and PowerPoint documents. NeoOffice 3.x... Read more
LibreOffice 4.3.5.2 - Free Open Source o...
LibreOffice is an office suite (word processor, spreadsheet, presentations, drawing tool) compatible with other major office suites. The Document Foundation is coordinating development and... Read more
CleanApp 5.0.0 Beta 5 - Application dein...
CleanApp is an application deinstaller and archiver.... Your hard drive gets fuller day by day, but do you know why? CleanApp 5 provides you with insights how to reclaim disk space. There are... Read more
Monolingual 1.6.2 - Remove unwanted OS X...
Monolingual is a program for removing unnecesary language resources from OS X, in order to reclaim several hundred megabytes of disk space. It requires a 64-bit capable Intel-based Mac and at least... Read more
NetShade 6.1 - Browse privately using an...
NetShade is an Internet security tool that conceals your IP address on the web. NetShade routes your Web connection through either a public anonymous proxy server, or one of NetShade's own dedicated... Read more
calibre 2.13 - Complete e-library manage...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
Mellel 3.3.7 - Powerful word processor w...
Mellel is the leading word processor for OS X and has been widely considered the industry standard since its inception. Mellel focuses on writers and scholars for technical writing and multilingual... Read more
ScreenFlow 5.0.1 - Create screen recordi...
Save 10% with the exclusive MacUpdate coupon code: AFMacUpdate10 Buy now! ScreenFlow is powerful, easy-to-use screencasting software for the Mac. With ScreenFlow you can record the contents of your... Read more
Simon 4.0 - Monitor changes and crashes...
Simon monitors websites and alerts you of crashes and changes. Select pages to monitor, choose your alert options, and customize your settings. Simon does the rest. Keep a watchful eye on your... Read more
BBEdit 11.0.2 - Powerful text and HTML e...
BBEdit is the leading professional HTML and text editor for the Mac. Specifically crafted in response to the needs of Web authors and software developers, this award-winning product provides a... Read more

Latest Forum Discussions

See All

Galaxy Trucker Pocket (Games)
Galaxy Trucker Pocket 1.0.8 Device: iOS iPhone Category: Games Price: $2.99, Version: 1.0.8 (iTunes) Description: Galaxy Truckers Wanted!================================================================= (5/5) "Galaxy Trucker isn’t... | Read more »
Make your own Tribez Figures (and More)...
Make your own Tribez Figures (and More) with Toyze Posted by Jessica Fisher on December 19th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
So Many Holiday iOS Sales Oh My Goodness...
The holiday season is in full-swing, which means a whole lot of iOS apps and games are going on sale. A bunch already have, in fact. Naturally this means we’re putting together a hand-picked list of the best discounts and sales we can find in order... | Read more »
It’s Bird vs. Bird in the New PvP Mode f...
It’s Bird vs. Bird in the New PvP Mode for Angry Birds Epic Posted by Jessica Fisher on December 19th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Telltale Games and Mojang Announce Minec...
Telltale Games and Mojang Announce Minecraft: Story Mode – A Telltale Games Series Posted by Jessica Fisher on December 19th, 2014 [ permalink ] | Read more »
WarChest and Splash Damage Annouce Their...
WarChest and Splash Damage Annouce Their New Game: Tempo Posted by Jessica Fisher on December 19th, 2014 [ permalink ] WarChest Ltd and Splash Damage Ltd are teaming up again to work | Read more »
BulkyPix Celebrates its 6th Anniversary...
BulkyPix Celebrates its 6th Anniversary with a Bunch of Free Games Posted by Jessica Fisher on December 19th, 2014 [ permalink ] BulkyPix has | Read more »
Indulge in Japanese cuisine in Cooking F...
Indulge in Japanese cuisine in Cooking Fever’s new sushi-themed update Posted by Simon Reed on December 19th, 2014 [ permalink ] Lithuanian developer Nordcurrent has yet again updated its restaurant simulat | Read more »
Badland Daydream Level Pack Arrives to C...
Badland Daydream Level Pack Arrives to Celebrate 20 Million Downloads Posted by Ellis Spice on December 19th, 2014 [ permalink ] | Read more »
Far Cry 4, Assassin’s Creed Unity, Desti...
Far Cry 4, Assassin’s Creed Unity, Destiny, and Beyond – AppSpy Takes a Look at AAA Companion Apps Posted by Rob Rich on December 19th, 2014 [ permalink ] These day | Read more »

Price Scanner via MacPrices.net

Holiday sale: 13-inch 128GB MacBook Air for $...
 Best Buy has the 2014 13-inch 1.4GHz 128GB MacBook Air on sale for $849.99, or $150 off MSRP, on their online store. Choose free home shipping or free local store pickup (if available). Price valid... Read more
13-inch 2.6GHz Retina MacBook Pro on sale for...
Best Buy has lowered their price on the 2014 13″ 2.6GHz/128GB Retina MacBook Pro to $1149.99 on their online store for a limited time. That’s $150 off MSRP and the lowest price available for this... Read more
Kodak Returns to CES With New Consumer Produ...
Former photography colossus Kodak is returning to CES for the first time in three years where the Kodak booth (#21818 South Hall 1) will showcase a wide range of innovative, imaging-related products... Read more
Invaluable Launches New Eponymously -Named A...
Invaluable, the world’s largest online live auction marketplace, hhas announced the official launch of the Invaluable app for iPad, now available for download in the iTunes App Store. Invaluable... Read more
IDC Reveals Worldwide Mobile Enterprise Appli...
International Data Corporation (IDC) last week hosted the IDC FutureScape: Worldwide Mobile Enterprise Applications and Solutions 2015 Predictions Web conference. The session provided organizations... Read more
Hello Vino Wine App Launches “Safe Ride Home”...
Hello Vino has announced addition of a new “Get a Safe Ride Home” feature in its Food & Drink app with a direct connection to Uber, the technology platform that connects users with rides. The... Read more
DEVON-technologies Releases DEVONthink To Go...
Coeur d’Alene, Idaho based DEVON-technologies, LLC has updated DEVONthink To Go, its mobile companion to DEVONthink, to version 1.5. The update includes an iOS 8 extension, compatibility with the... Read more
The Apple Store offering free next-day shippi...
The Apple Store is now offering free next-day shipping on all in stock items if ordered before 12/23/14 at 10:00am PT. Local store pickup is also available within an hour of ordering for any in stock... Read more
It’s 1992 Again At Sony Pictures, Except For...
Techcrunch’s John Biggs interviewed a Sony Pictures Entertainment (SPE) employee, who quite understandably wished to remain anonymous, regarding post-hack conditions in SPE’s L.A office, explaining “... Read more
OtterBox Defender Series Case For iPad mini 3...
With their innovative Touch ID technology and ultrathin profile, the latest tranche of Apple iPads are more desirable than ever, and OtterBox has just announced the Defender Series custom-engineered... Read more

Jobs Board

*Apple* Store Leader Program (US) - Apple, I...
…Summary Learn and grow as you explore the art of leadership at the Apple Store. You'll master our retail business inside and out through training, hands-on experience, Read more
Project Manager, *Apple* Financial Services...
**Job Summary** Apple Financial Services (AFS) offers consumers, businesses and educational institutions ways to finance Apple purchases. We work with national and Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.