TweetFollow Us on Twitter

Virus Scout
Volume Number:7
Issue Number:1
Column Tag:Programmer's Forum

Virus Scout

By David T. Craig, Kansas City, MO

A Simple Macintosh Virus Scout Pascal Unit

In the past year the Apple Macintosh computer has become plagued by viruses. My work place was struck twice by a virus last year. As a Macintosh programmer I became determined to provide a software solution to this growing problem. My solution is called the Virus Scout, a Pascal unit that attempts to detect the existence of several viruses in either an application or the System file.

Virus Scout is a very simple anti-virus unit written in MPW Pascal. It should easily be portable to other Macintosh Pascal compilers such as Think Pascal. Virus Scout attempts to detect the following viruses:

Scores nVIR Hpat AIDS MEV# INIT29 JUDE

The viruses ANTI and MacMag are listed in the unit source but are not detected since I don’t have any technical information on how to detect them. Once Virus Scout has detected a virus you should immediately run one of the many virus buster programs. I prefer Disinfectant since it appears to do a through job.

Using Virus Scout is very simple from an application. Once compiled and linked to your application you may call its single entry point:

{1}

FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;

The Virus_Found function returns TRUE if at least one virus was found in either the application or the System file. The vTypes parameter is a record of booleans each corresponding to a virus type. Your program should call Virus_Found shortly after starting and if a virus was found you should display a dialog and immediately quit to the Finder. Refer to the source code for the methods used to detect a virus.

Virus Scout is only a beginning in the fight against Macintosh viruses. I hope other programmers will extend my Virus Scout to detect more viruses and hopefully even eradicate them.

Listing 1:  Virus_Scout.p

{ ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
 • MODULE ..... Virus Scout
 • DATE ....... June 1990
 • AUTHOR ..... David T. Craig
 • ADDRESS .... 9939 Locust # 4013, Kansas City, MO 64131
 • LANGUAGE ... Apple MPW Pascal 3.0
 • COMPUTER ... Apple Macintosh
 ••••••••••••••••••••••••••••••••••••••••••••••••••••• }

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••
 •
 • FILE INFORMATION:
 •
 • This file contains a very simple virus detection routine.  This routine 
attempts to detect the following viri:
 •
 • Scores  nVIR  Hpat  AIDS  MEV#  INIT29  ANTI  MacMag  JUDE
 •      
 • If one of these viri is found, then a flag is set in the output parameter 
for the particular virus.
 •
 • Refer to the superb Disinfectant program and its documentation for 
the details behind Macintosh viri.
 •
 • Note: Viri ANTI and MacMag are not detected since I don’t have any 
technical information on how to detect them.
 •
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

UNIT Virus_Scout;
 
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
INTERFACE
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

USES
 MemTypes, QuickDraw, OSIntf, OSUtils, ToolIntf, PackIntf, Traps, Printing, 
Picker, Perf, PasLibIntf;

{$S SgVirusScout}

TYPE
 gt_VirusTypes   = PACKED RECORD
 virus_Scores : BOOLEAN;
 virus_nVir   : BOOLEAN;
 virus_Hpat   : BOOLEAN;
 virus_AIDS   : BOOLEAN;
 virus_MEV    : BOOLEAN;
 virus_INIT29 : BOOLEAN;
 virus_ANTI   : BOOLEAN;
 virus_MacMag : BOOLEAN;
 virus_JUDE   : BOOLEAN;
 END;

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••
  • Routine : Virus_Found
  • Purpose : Test if any viri exist within the program or system file
  • Input   : (none)
  • Output  : Virus_Found - True --> virus was found in program or system
  •           vTypes      - types of found viri
  • Notes   : Reference: Disinfectant 1.1 documentation (April 16, 1989)
  •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }

FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;

{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
IMPLEMENTATION
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
{ •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
 {$R+      } { enable range checking }
 {$D+      } { place debugger symbols in object code }
 {$MC68020-} { always produce plain 68000 code here }

{ ••••••••••••••••••••••••••••••••••••••••••••••••••••••
  • Routine : Virus_Found
  •••••••••••••••••••••••••••••••••••••••••••••••••••••••• }
FUNCTION Virus_Found (VAR vTypes : gt_VirusTypes) : BOOLEAN;
 VAR
 sob_virus    : BOOLEAN;   { virus found flag }
 res_count    : INTEGER;   { resource type count }
 res_handle   : Handle;    { resource data handle }
 machine_info : SysEnvRec; { machine low-level info }
 finder_info  : FInfo;     { Finder info for a file }
 vf_error     : gt_Error;  { error result }
BEGIN { ------ Virus_Found ------ }
{ fetch the volume refnum for the Macintosh System Folder }
 vf_error := SysEnvirons(1,machine_info);
 
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                 Scores virus                +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find file “Scores” or “Desktop “ in System Folder] }
      
 vf_error := GetFInfo(‘Scores’,machine_info.SysVRefNum,finder_info);

 vTypes.virus_Scores := (vf_error = NoErr);
 IF vTypes.virus_Scores = FALSE THEN
 BEGIN
 vf_error := GetFInfo(‘Desktop ‘,machine_info.SysVRefNum,finder_info);
 vTypes.virus_Scores := (vf_error = NoErr);
 END;
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  nVir virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “nVIR” resource in app or System File] }
 res_count := CountResources(‘nVIR’);
 vTypes.virus_nVir := (res_count > 0);
        
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  JUDE virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “JUDE” resource in app or System File] }
 res_count := CountResources(‘JUDE’);
 vTypes.virus_JUDE := (res_count > 0);

{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  Hpat virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “Hpat” resource] }
 res_count := CountResources(‘Hpat’);
 vTypes.virus_Hpat := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  AIDS virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “AIDS” resource] }
 res_count := CountResources(‘AIDS’);
 vTypes.virus_AIDS := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  MEV# virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “MEV#” resource] }
 res_count := CountResources(‘MEV#’);
 vTypes.virus_MEV := (res_count > 0);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  INIT29 virus               +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: find “INIT” 29 resource] }
 res_handle := GetResource(‘INIT’,29);
 vTypes.virus_INIT29 := (res_handle <> NIL);
 IF res_handle <> NIL THEN ReleaseResource(res_handle);
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  ANTI virus                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: ?????????????????????????] }
 vTypes.virus_ANTI := FALSE; { ??? NEED TO ADD TEST ??? }
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++                  MacMag vir                 +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ [method: ?????????????????????????] }
 vTypes.virus_MacMag := FALSE; { ??? NEED TO ADD TEST ??? }
            
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
{ +++++      result of the virus hunt to caller     +++++ }
{ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ }
 sob_virus := FALSE; { assume no viri were found }
 WITH vTypes DO
 BEGIN
 IF virus_Scores THEN sob_virus := TRUE;
 IF virus_nVir   THEN sob_virus := TRUE;
 IF virus_Hpat   THEN sob_virus := TRUE;
 IF virus_AIDS   THEN sob_virus := TRUE;
 IF virus_MEV    THEN sob_virus := TRUE;
 IF virus_INIT29 THEN sob_virus := TRUE;
 IF virus_ANTI   THEN sob_virus := TRUE;
 IF virus_MacMag THEN sob_virus := TRUE;
 IF virus_JUDE   THEN sob_virus := TRUE;
 END; { WITH vTypes }
        
 Virus_Found := sob_virus;
      
 END;  { ------ Virus_Found ------ }
END.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Latest Forum Discussions

See All

Combo Quest (Games)
Combo Quest 1.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0 (iTunes) Description: Combo Quest is an epic, time tap role-playing adventure. In this unique masterpiece, you are a knight on a heroic quest to retrieve... | Read more »
Hero Emblems (Games)
Hero Emblems 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: ** 25% OFF for a limited time to celebrate the release ** ** Note for iPhone 6 user: If it doesn't run fullscreen on your device... | Read more »
Puzzle Blitz (Games)
Puzzle Blitz 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: Puzzle Blitz is a frantic puzzle solving race against the clock! Solve as many puzzles as you can, before time runs out! You have... | Read more »
Sky Patrol (Games)
Sky Patrol 1.0.1 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0.1 (iTunes) Description: 'Strategic Twist On The Classic Shooter Genre' - Indie Game Mag... | Read more »
The Princess Bride - The Official Game...
The Princess Bride - The Official Game 1.1 Device: iOS Universal Category: Games Price: $3.99, Version: 1.1 (iTunes) Description: An epic game based on the beloved classic movie? Inconceivable! Play the world of The Princess Bride... | Read more »
Frozen Synapse (Games)
Frozen Synapse 1.0 Device: iOS iPhone Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: Frozen Synapse is a multi-award-winning tactical game. (Full cross-play with desktop and tablet versions) 9/10 Edge 9/10 Eurogamer... | Read more »
Space Marshals (Games)
Space Marshals 1.0.1 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0.1 (iTunes) Description: ### IMPORTANT ### Please note that iPhone 4 is not supported. Space Marshals is a Sci-fi Wild West adventure taking place... | Read more »
Battle Slimes (Games)
Battle Slimes 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: BATTLE SLIMES is a fun local multiplayer game. Control speedy & bouncy slime blobs as you compete with friends and family.... | Read more »
Spectrum - 3D Avenue (Games)
Spectrum - 3D Avenue 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: "Spectrum is a pretty cool take on twitchy/reaction-based gameplay with enough complexity and style to stand out from the... | Read more »
Drop Wizard (Games)
Drop Wizard 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: Bring back the joy of arcade games! Drop Wizard is an action arcade game where you play as Teo, a wizard on a quest to save his... | Read more »
See All

Price Scanner via MacPrices.net

Our MacBook Price Trackers will show you the...
Our Apple award-winning MacBook Price Trackers are continually updated with the latest information on prices, bundles, and availability for 16″ and 14″ MacBook Pros along with 13″ and 15″ MacBook... Read more
Amazon is offering a 10% discount on Apple’s...
Don’t pay full price! Amazon has 16-inch M4 Pro MacBook Pros (Silver and Black colors) on sale today for 10% off Apple’s MSRP. Shipping is free. These are the lowest prices currently available for 16... Read more
13-inch M4 MacBook Airs on sale for $150 off...
Amazon has new 13″ M4 MacBook Airs on sale for $150 off MSRP right now, starting at $849. Sale prices apply to most colors and configurations. Be sure to select Amazon as the seller, rather than a... Read more
15-inch M4 MacBook Airs on sale for $150 off...
Amazon has new 15″ M4 MacBook Airs on sale for $150 off Apple’s MSRP, starting at $1049. Be sure to select Amazon as the seller, rather than a third-party: – 15″ M4 MacBook Air (16GB/256GB): $1049, $... Read more
Amazon is offering a $50 discount on Apple’s...
Amazon has Apple’s 11th-generation A16 iPads in stock on sale for $50 (or a little more) off MSRP this week. Shipping is free: – 11″ 11th-generation 128GB WiFi iPads: $299 $50 off MSRP – 11″ 11th-... Read more
Clearance 13-inch M1 MacBook Airs available f...
Walmart has clearance, but new, Apple 13″ M1 MacBook Airs (8GB RAM, 256GB SSD) available online for $649, $360 off original MSRP, in Space Gray, Silver, and Gold colors. These are new MacBooks for... Read more
iPad minis on sale for $100 off Apple’s MSRP...
Amazon is offering $100 discounts (up to 20% off) on Apple’s newest 2024 WiFi iPad minis, each with free shipping. These are the lowest prices available for new minis among the Apple retailers we... Read more
AirPods Max headphones on sale for $479, $70...
Amazon has AirPods Max with USB-C on sale for $479.99 in all colors. Shipping is free. Their price is $70 off Apple’s MSRP, and it’s the lowest price available today for AirPods Max. Keep an eye on... Read more
14-inch M4 Pro/M4 Max MacBook Pros on sale th...
Don’t pay full price! Get a new 14″ MacBook Pro with an M4 Pro or M4 Max CPU for up to $320 off Apple’s MSRP this weekend at these retailers…they are the lowest prices available for these MacBook... Read more
Get a 15-inch M4 MacBook Air for $150 off App...
A couple of Apple retailers are offering $150 discounts on new 15″ M4 MacBook Airs this weekend. Prices at these retailers start at $1049: (1): Amazon has new 15″ M4 MacBook Airs on sale for $150 off... Read more
 

Jobs Board

  • Generate a short URL for this page:



All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.