I'm no expert on this, but as far as I know it works something like this: the normal scan checks each file against a "signature" database. It doesn't contain any actual instructions from specific viruses, but it has a fingerprint of each virus that it can search for in files. This might be some sort of checksum, or it might be actual plaintext (well, ascii). Their is also something known as a heuristic (sp?) scan, that guesses whether a certain file is (or contains) a virus. The Heuristic scans are less forgiving and frequently flag innocent files (like fdisk). The heuristic scan looks for common virus traits, like self-replication. It used to be pretty straightforward - you search in .exe, .com, and .bat's for nasty looking code and take care of it. Nowadays Exploder will execute any damn piece of vbs code it can get it's grimy little hands on. I remember telling people 3 or 4 years ago that no, you can't get a virus simply by reading an e-mail message. Outhouse has changed all that. Thanks a lot Microsoft. Adam Maloney Systems Administrator Sihope Communications On Mon, 20 Nov 2000, Timothy Houck wrote: > How does the McAfee scanner detect virii? I'm assuming it has an internal > database of "suspicious combinations of instructions" that it extracted > from it's list of known virii, and just checks executables/files for > instances of suspicious instruction combinations. > > I can't think of a way it would work otherwise -- please enlighten me. > > If this is true for DOS/Win, is it the same for Linux? I've only used > virus scanners on Linux when it was an SMB server and had Windows clients > using it. Does it have a database of linux virii to scan for? > > I always wondered how they detected virii and not just "fdisk" or > "regedit". (Of course, most of Windows should raise alarms anyway) > > On Mon, 20 Nov 2000, Bill Layer wrote: > > > Oh my! > > > > > > Anyone ever run McAfee on a linux/Unix box? > > > > MacAfee - The worst antivirus for Win32, coming to a platform near you! :) > > > > Is there any way to convince them otherwise? Why not use a modern Antivirus > > product like AVX (www.avp.com) instead of a backwards, broken piece > > of junk like Crapafee? Even Norton products would be preferable.. > > > > --------------------------------------------------------------------- > Timothy Houck > thouck at thouck.com > www.thouck.com > > _______________________________________________ > tclug-list mailing list > tclug-list at lists.real-time.com > https://mailman.real-time.com/mailman/listinfo/tclug-list >