I noticed while testing the command line output that the switches
recommended in the manual doesn't include /NOBOOT and as a result, F-Prot
will scan your boot sectors every time it is run. This would waste clock
cycles. I also included the /PACK option which is said to unpack
compressed
I checked and it scanned the boot records without it, and didn't scan
the boot records with it. I think it is undocumented.
Matt
R. Scott Perry wrote:
I noticed while testing the command line output that the switches
recommended in the manual doesn't include /NOBOOT and as a result,
Can you tell us what things the test checks for? That might help us fine
tune our configurations based on the traffic we see.
No -- we don't want spammers knowing what we check for. Spammers have
actually purchased copies of Declude JunkMail, so it would not be
unreasonable to think that they
Understood...thanks, anyway.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, January 25, 2004 10:43 AM
Subject: Re: [Declude.Virus] NOLEGITCONTENT
Can you tell us what things the test checks for? That might help us fine
tune
Here's what I have used for over a year and recommended to the list at that
time:
# F-Prot
SCANFILE1
C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM
-PACKED -SILENT -TYPE -REPORT=report.txt
VIRUSCODE1 3
VIRUSCODE1 6
VIRUSCODE1 8
REPORT1 Infection:
I include the
I include the VIRUSCODE 8 for holding suspicious files, and -AI to
enable neural-network virus detection. I'm not sure why Scott did not add
at least the -PACKED switch back then, figured maybe he though I was just
being overly cautious.
The -PACKED switch is used for .exe files that are
The Help shows the commands beginning with
dashes. FPCMD.EXE recognizes the dashes as commands, however it fails to
remove them from the argument list and ends up scanning for the arguments as
additional file specifications. Try it both ways and note the output - it
says it searches for
Mike, I did some very basic testing using the - and / on different size
files ranging from under 1mb to 50mb, and what I found was that the tests
either ran at the same speed or the tests with the / ran a bit slower (out
of ten tests I ran, 4 ran slower with the /). Here is one example:
==
I think those results may be anecdotal. A program wouldn't execute
more slowly to the extent that you could detect it based on using
either a hyphen or slash. These arguments are read once per file, or
once per session I would assume, and there's no way that the process of
translating one into