TweetFollow Us on Twitter

Virus Scout
Volume Number:7
Issue Number:1
Column Tag:Programmer's Forum

Virus Scout

By David T. Craig, Kansas City, MO

A Simple Macintosh Virus Scout Pascal Unit

In the past year the Apple Macintosh computer has become plagued by viruses. My work place was struck twice by a virus last year. As a Macintosh programmer I became determined to provide a software solution to this growing problem. My solution is called the Virus Scout, a Pascal unit that attempts to detect the existence of several viruses in either an application or the System file.

Virus Scout is a very simple anti-virus unit written in MPW Pascal. It should easily be portable to other Macintosh Pascal compilers such as Think Pascal. Virus Scout attempts to detect the following viruses:

Scores nVIR Hpat AIDS MEV# INIT29 JUDE

The viruses ANTI and MacMag are listed in the unit source but are not detected since I don’t have any technical information on how to detect them. Once Virus Scout has detected a virus you should immediately run one of the many virus buster programs. I prefer Disinfectant since it appears to do a through job.

Using Virus Scout is very simple from an application. Once compiled and linked to your application you may call its single entry point:

{1}

FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;

The Virus_Found function returns TRUE if at least one virus was found in either the application or the System file. The vTypes parameter is a record of booleans each corresponding to a virus type. Your program should call Virus_Found shortly after starting and if a virus was found you should display a dialog and immediately quit to the Finder. Refer to the source code for the methods used to detect a virus.

Virus Scout is only a beginning in the fight against Macintosh viruses. I hope other programmers will extend my Virus Scout to detect more viruses and hopefully even eradicate them.

Listing 1:  Virus_Scout.p

{ ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
 • MODULE ..... Virus Scout
 • DATE ....... June 1990
 • AUTHOR ..... David T. Craig
 • ADDRESS .... 9939 Locust # 4013, Kansas City, MO 64131
 • LANGUAGE ... Apple MPW Pascal 3.0
 • COMPUTER ... Apple Macintosh
 ••••••••••••••••••••••••••••••••••••••••••••••••••••• }

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••
 •
 • FILE INFORMATION:
 •
 • This file contains a very simple virus detection routine.  This routine 
attempts to detect the following viri:
 •
 • Scores  nVIR  Hpat  AIDS  MEV#  INIT29  ANTI  MacMag  JUDE
 •      
 • If one of these viri is found, then a flag is set in the output parameter 
for the particular virus.
 •
 • Refer to the superb Disinfectant program and its documentation for 
the details behind Macintosh viri.
 •
 • Note: Viri ANTI and MacMag are not detected since I don’t have any 
technical information on how to detect them.
 •
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

UNIT Virus_Scout;
 
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
INTERFACE
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

USES
 MemTypes, QuickDraw, OSIntf, OSUtils, ToolIntf, PackIntf, Traps, Printing, 
Picker, Perf, PasLibIntf;

{$S SgVirusScout}

TYPE
 gt_VirusTypes   = PACKED RECORD
 virus_Scores : BOOLEAN;
 virus_nVir   : BOOLEAN;
 virus_Hpat   : BOOLEAN;
 virus_AIDS   : BOOLEAN;
 virus_MEV    : BOOLEAN;
 virus_INIT29 : BOOLEAN;
 virus_ANTI   : BOOLEAN;
 virus_MacMag : BOOLEAN;
 virus_JUDE   : BOOLEAN;
 END;

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••
  • Routine : Virus_Found
  • Purpose : Test if any viri exist within the program or system file
  • Input   : (none)
  • Output  : Virus_Found - True --> virus was found in program or system
  •           vTypes      - types of found viri
  • Notes   : Reference: Disinfectant 1.1 documentation (April 16, 1989)
  •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
IMPLEMENTATION
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
 {$R+      } { enable range checking }
 {$D+      } { place debugger symbols in object code }
 {$MC68020-} { always produce plain 68000 code here }

{ ••••••••••••••••••••••••••••••••••••••••••••••••••••••
  • Routine : Virus_Found
  •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;
 VAR
 sob_virus    : BOOLEAN;   { virus found flag }
 res_count    : INTEGER;   { resource type count }
 res_handle   : Handle;    { resource data handle }
 machine_info : SysEnvRec; { machine low-level info }
 finder_info  : FInfo;     { Finder info for a file }
 vf_error     : gt_Error;  { error result }
BEGIN { ------ Virus_Found ------ }
{ fetch the volume refnum for the Macintosh System Folder }
 vf_error := SysEnvirons(1,machine_info);
 
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                 Scores virus                +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find file “Scores” or “Desktop “ in System Folder] }
      
 vf_error := GetFInfo(‘Scores’,machine_info.SysVRefNum,finder_info);

 vTypes.virus_Scores := (vf_error = NoErr);
 IF vTypes.virus_Scores = FALSE THEN
 BEGIN
 vf_error := GetFInfo(‘Desktop ‘,machine_info.SysVRefNum,finder_info);
 vTypes.virus_Scores := (vf_error = NoErr);
 END;
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  nVir virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “nVIR” resource in app or System File] }
 res_count := CountResources(‘nVIR’);
 vTypes.virus_nVir := (res_count > 0);
        
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  JUDE virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “JUDE” resource in app or System File] }
 res_count := CountResources(‘JUDE’);
 vTypes.virus_JUDE := (res_count > 0);

{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  Hpat virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “Hpat” resource] }
 res_count := CountResources(‘Hpat’);
 vTypes.virus_Hpat := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  AIDS virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “AIDS” resource] }
 res_count := CountResources(‘AIDS’);
 vTypes.virus_AIDS := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  MEV# virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “MEV#” resource] }
 res_count := CountResources(‘MEV#’);
 vTypes.virus_MEV := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  INIT29 virus               +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “INIT” 29 resource] }
 res_handle := GetResource(‘INIT’,29);
 vTypes.virus_INIT29 := (res_handle <> NIL);
 IF res_handle <> NIL THEN ReleaseResource(res_handle);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  ANTI virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: ?????????????????????????] }
 vTypes.virus_ANTI := FALSE; { ??? NEED TO ADD TEST ??? }
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  MacMag vir                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: ?????????????????????????] }
 vTypes.virus_MacMag := FALSE; { ??? NEED TO ADD TEST ??? }
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++      result of the virus hunt to caller     +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
 sob_virus := FALSE; { assume no viri were found }
 WITH vTypes DO
 BEGIN
 IF virus_Scores THEN sob_virus := TRUE;
 IF virus_nVir   THEN sob_virus := TRUE;
 IF virus_Hpat   THEN sob_virus := TRUE;
 IF virus_AIDS   THEN sob_virus := TRUE;
 IF virus_MEV    THEN sob_virus := TRUE;
 IF virus_INIT29 THEN sob_virus := TRUE;
 IF virus_ANTI   THEN sob_virus := TRUE;
 IF virus_MacMag THEN sob_virus := TRUE;
 IF virus_JUDE   THEN sob_virus := TRUE;
 END; { WITH vTypes }
        
 Virus_Found := sob_virus;
      
 END;  { ------ Virus_Found ------ }
END.

 
AAPL
$570.56
Apple Inc.
+13.59
MSFT
$29.11
Microsoft Corpora
-0.65
GOOG
$609.46
Google Inc.
+8.66
MacTech Search:
Community Search:
See All

Fruit Ninja Gets New Update With Powerup...
Fruit Ninja is about to get its biggest update yet to celebrate its second anniversary on Thursday, May 24th. The key new element in the game appears to be that players will now be able to earn an in-game currency, called starfruit, that can be used... | Read more »
Fotor – CameraBag Review
Fotor – CameraBag Review By Jennifer Allen on May 23rd, 2012 Our Rating: :: PLENTIFULiPhone App - Designed for the iPhone, compatible with the iPad A photography app that wants to be able to do everything that could ever be asked... | Read more »
playGO AP1 is the Next Generation of Aud...
With all of Apple’s relatively recent success in the smartphone and tablet market, we can forget sometimes that what kicked off their modern dominance was a device that simply played music. BICOM, Inc. has been recognizing how important music is to... | Read more »
Monkey Pong Review
Monkey Pong Review By Angela LaFollette on May 23rd, 2012 Our Rating: :: BALL BUSTING ACTIONiPhone App - Designed for the iPhone, compatible with the iPad Help the hungry monkey reach all the fruit by bouncing a ball in this family... | Read more »
Heroes & Generals Enters Closed Beta
Creators of Hitman, Roto-Moto, has launched a closed beta of their game, Heroes & Generals. The game is a massively multiplayer first-person shooter involving online fighting between the Axis and Allied forces in Europe. | Read more »
FeedFriendly Review
FeedFriendly Review By Angela LaFollette on May 23rd, 2012 Our Rating: :: EASY TO USEUniversal App - Designed for iPhone and iPad Combine the top three social network newsfeed updates into one location with the help of FeedFriendly... | Read more »
Favorite 4: Euro 2012 Apps
In a matter of weeks, one of the biggest soccer tournaments out there begins: Euro 2012. Qualification is over and 16 European teams are all lined up to prove which one is the best of the bunch. As a Brit, I’m ever hopeful that England will achieve... | Read more »
See All

Price Scanner via MacPrices.net

Are You Sure You Really Want A Retina Display MacB...
Apple didn’t invent the laptop computer, but over the past 21 years they’ve continuously set and reset the bar for laptop innovation and engineering advances, with PC competitors mostly playing catch... Read more
Two PC Pundits Weigh In On PC To Mac Switching (Or...
ZNet’s Stephen Chapman and Forbes’ Brian Caulfield have posted recent blogs on the topic of their personally switching from Windows PCs to Macs. From PC to Mac 10-Months Later ZNet blogger Stephen... Read more
Apple Maintains Top Mobile PC Share in Q112 on Str...
Apple shipped nearly 17.2 million mobile PCs in Q112, accounting for 118% year-over-year shipment growth, according to preliminary results from the latest NPD DisplaySearch Quarterly Mobile PC... Read more
Apple offering refurbished 17″ MacBook Pros for $3...
 The Apple Store has Apple Certified Refurbished 17″ 2.4GHz MacBook Pros available for $2119 including free shipping. That’s $380 off the price of new models. Apple’s one-year warranty is standard. Read more
Week’s Best MacBook Deals
We’ve posted the Week’s Best Deals on MacBook Airs and MacBook Pros for Wednesday, the 23rd of May. Find the lowest price or the best set of bundles from Apple’s Authorized Resellers with these deals... Read more
MacBook Airs on sale for up to $101 off MSRP, free...
 Adorama has MacBook Airs on sale today for up to $101 off MSRP including free shipping. NY and NJ sales tax only. Their prices are among the lowest available for these models from any Apple... Read more
Open-box special: 2.3GHz Mac mini for $493
MacMall has open-box return 2.3GHz Mac minis available for $493 including free shipping. That’s $106 off MSRP. Apple’s one-year warranty and all materials are included. Act now if you’re interested,... Read more
Apple iPhone Charger’s Secrets And Engineering Sup...
Blogger Ken Shirriff’s has posted a thoroughgoing Apple iPhone charger teardown and analysis, the one-line takeaway being: “quality in a tiny expensive package.” Shirriff says that disassembling... Read more
 

Jobs Board

*Apple* Solutions Consultant-Retail Sal...
Requisition Number 15545402 Job title Apple Solutions Consultant-Retail Sales Location Mobile Country United States City Mobile State Alabama Job type Job description Read more
iPhone Developer at Mastech (Los Angeles...
We are currently seeking an Android/ iPhone Developer for our client in the Insurance domain. We value our professionals, providing comprehensive benefits, exciting challenges, and the opportunity... Read more
24 funny 2d Charaters for iPhone game. a...
We are developing an iPhone game and desire to have 24 characters drawn to our specification. Attached is the detailed spec. Desired Skills: Cartoon, Illustration Read more
*Apple* Solutions Consultant-Retail Sal...
Requisition Number 15545261 Job title Apple Solutions Consultant-Retail Sales Location Spanish Fort Country United States City Spanish Fort State Alabama Job type Job Read more
Android and Iphone Application at Elance...
I need an interval timer application to be created for iphone and android platforms... I am on a tight budget but this ... & IPHONES) not just one so if you can only do one don't waste your time... Read more

  • Generate a short URL for this page:



All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.