Dr Solomon (see for good general info!),
Datafellows, producer of F-Prot,
Command Software, also with F-Prot,
Massively Distributed Systems (IBM's AV stuff),
IBM On-line av mag and AV Software site
McAfee(not very useful) and McAfee's ftp site.
ThunderBYTE, (the fastest scanner)(software only)
Trend's InterScan (UNIX-based e-mail server scanner. This scans e-mail attachments as they pass through.)
Safetynet, Inc. Security and Anti-Virus,(should also work)
Symantec,(content empty?)
Doug Muth's homepage has a good range of AV info and links, with a minor plug for ARF
(Slow, but good)
The Free Money Hoax (based on the Make Money Fast, etc. hoaxes)
A wonderful parody of a CERT bulletin on a new virus triggering July 4th. CERT issues regular warnings in just this format, pointing out newly discovered security holes in computer software, and advising appropriate steps. Excellent job.
NCSA (National Computer Security Association
Robert Slade's reviewing AV software FAQ
Pete Radatti's site on UNIX attacks
CIAC (Computer Incident Action Commitee)
A large collection of AV software at U Hamburg (Germany).
Nat. Inst. Standards and Tech.'s Comp. Security Research Clearinghouse
Here is another source of links to AV and Security sites.
I have spent a fair amount of time researching the virus problem because of the insidious nature of the problem and the fact that lne virus incident can have a major effect on someone's life, be they end-user or manufacturer or support person. I personally have run across more viruses that I would like, and all of them in the wild. The list (best as I can remember) includes Form and Stoned, two very classic examples, as well as Disk Killer, Jerusalem-B, NYB (also reported as B1), Da'Boys, Stealth_C, Anti-CMOS, Antiexe.a, NATAS(.4744a and b), Junkie(.1027), Sampo, Angelina.a, Ripper, Azusa, EmpireMonkey.a and b, Tentacle.1966, Wobbling, JS.Exception.Exploit, WM.Concept.a, WM.Npad.b, WM.Wazzu.a, WM.Cap, and XM.Laroux (both .a and .dx). We also tripped over an AOL password sniffer on a customer's computer (a file named PICS.VXD that DSAV 7.79 saw as "AOLpsTrojan.au") and another file that seems to be a different password sniffer ("APSTrojan.gen" , or "AOLpsTrojan.y" according to an older version of DSAV). We have tripped over Happy99, which is an e-mail attachment that, when opened, replaces the wsock32.dll with one that automatically forwards that same attachment with each outgoing e-mail. I have also been sent PrettyPark.exe and ILoveYou.vbs, other e-mail attachment viruses. I was sent Life_stages, another .VBS attachment virus, but the virus was cleaned out at the mail server before it made it to me.
One of the incidents was a severe hit on an RPI engineering lab, and another took out my hard drive before I isolated the problem. More than one have definitely come from hardware manufacturers with their products. All too often, the virus has been lurking around far too long to be able to easily trace to a source. (By the way, none of them have come via the internet.)
I must admit, I am concerned about the availability of some viruses on the net. Now, I know that there will always be shadow sites, pirate, cracker stuff. However, I did a search on Yahoo (DMV AND virus), and in the first 25 entries, there was a site, "devoted to preventing viruses", with hundreds of viruses, both those "in the wild" and many not "in the wild". There was also a file claiming to be WM.Formatc (DSAV 7.64 didn't detect it, which it claims it should, and I didn't want to test it!). The last, according to DSAV is not in the wild and not likely to be, since it doesn't replicate. However, if the file is there to be played with, then it can cause damage to unsuspecting victims. I doubt there is a solution to this...I think this issue just helps define the world we live in.
It is important to realize that the primary cost of virus infections is in the time and labor to clean out the infection, check every disk and system to make sure the infection is eradicated, and to check the integrity or the data and files.
As far as Anti-virus software packages, I recommend Dr. Solomon's as my first choice. Since that is going away due to its purchase by McAfee/Network Associates, the next choice would be McAfee's VirusScan line of products. While they have a history of a higher than optimum false-detection rate, the merger of technology with Dr Solomon's should lead to a very, very strong product. F-Prot and ThunderByte are my secondary choices
Denis Parslow dgp@world.std.com
.
Last edited 2/24/2002.