McAfee updates: Is there a way to read the virus definitions list?

R

rt

I updated to v4285 today. I opened 4 dat files in Worpad that are in
C:\Program Files\McAfee.com\VSO:
clean.dat
extra.dat
names.dat
scan.dat
The text is coded strings. I viewed their properties but didn't see any
version numbers. Is there a way to read a list of virus names in DAT v
4.0.4285?
tia,
rt
 
D

David H. Lipman

With every DAT release there is a README.TXT file. If will provide the latest infectors
that the release finds and or corrects.

Dave

The following is extracted from the readme.txt from v4285...

NEW VIRUSES DETECTED AND REMOVED

Hundreds of new viruses and variants appear
each month. Those which are detected and
cleaned by AVERT's generic methods are added to
the total virus count listed but they are not
listed separately here.

Total viruses and variants, Trojan horse
programs, and other malicious software
detected: 78372


NEW DETECTIONS

Total number of new items detected with this
release: 76

BOOT-SECTOR VIRUSES (0)
-----------------------
No new detections

DOS FILE-INFECTING VIRUSES (1)
------------------------------
EXEBUG.DR

INTERNET WORM (18)
------------------
LOTH.WORM!IRC
W32/ANTINNY.WORM
W32/ARITIMA.WORM
W32/ARITIMA.WORM.DLL
W32/DARBY.WORM
W32/GOTORM.WORM
W32/LOOF.WORM
W32/LOVSAN.WORM.A
W32/LOVSAN.WORM.B
W32/LOVSAN.WORM.B.DR
W32/NOFEAR.G@MM
W32/PREDEC.GEN@MM
W32/RENOL.WORM.GEN
W32/SPYBOT.WORM.LX
W32/SPYBOT.WORM.LZ
W32/SPYBOT.WORM.MD
W32/TZET.WORM.B
YOUGDOS.B@MM

LINUX/UNIX FILE-INFECTING VIRUSES (2)
-------------------------------------
LINUX/BRUNFLY
LINUX/CALIFAX

MACRO VIRUSES (3)
-----------------
A97M/ACCEV
W97M/ZONDA
X97M/RIPPET

MULTIPARTITE VIRUSES (0)
------------------------
No new detections

WINDOWS PORTABLE EXECUTABLE FILE VIRUSES (7)
--------------------------------------------
W32/BORLER.OW
W32/CASAL
W32/CHITON.DAM
W32/EMLINF
W32/SANKEI
W32/WABREX.OW
W95/PUNCH.DAM

SCRIPT VIRUSES (11)
-------------------
BAT/BWG.DR
JS/LIEBE
VBS/APPCHILD
VBS/BISQUIT
VBS/BOOMREG
VBS/DECOBE
VBS/DIEHAD
VBS/SEVENC
VBS/TRIUNFO
VBS/WINRUN
VBS/ZONDA

TROJAN HORSE PROGRAMS/MALWARE (27)
-----------------------------------
AIM-FLOOD.B
ADCLICKER-S
BACKDOOR-AXX
BACKDOOR-AXY
BACKDOOR-AXZ
BACKDOOR-AYA
COOLFOOL
COOLFOOL.DLL
DOWNLOADER-DN
EXPLOIT-GENERIC
FAKEICF
FLOOD-SMASH
GALORION
IRC-FYLE
IRC-ONWE
IRC/FLOOD.CX
IRC/FLOOD.CY
IRC/GENERIC FLOODER
KIT-SEVENC
LADMIN
LINUX/BACKDOOR-CYM
LINUX/BACKDOOR-NOTE.A
LINUX/BACKDOOR-NOTE.B
LINUX/BACKDOOR-SMALL
MULTIDROPPER-HA
PWS-TAKEABYTE
SPAM-SHADOW

POTENTIALLY UNWANTED PROGRAMS(7)
--------------------------------
ADWARE-ADTOMI
CRACK-SMARTDRAW
DIALER-RAS.BE.GEN
DIALER-RAS.BF.GEN
PORTSCAN-SUSCA
RPCDCOM
SPY007


NEW REMOVALS

Total number of new items removed with this
release: 66

McAfee software removes a virus either by
deleting the infecting virus code from files or
by deleting the file from your computer.

NOTE:
The New Removals list notes when the DAT
files do not include the ability to remove
certain types of viruses. In these cases,
you must remove the virus yourself, either
by deleting the infected file or by removing
harmful code. For more information, see the
McAfee Virus Information Library.


BOOT-SECTOR VIRUSES (0)
-----------------------
No new removals

DOS FILE-INFECTING VIRUSES (1)
------------------------------
EXEBUG.DR

INTERNET WORM (18)
------------------
LOTH.WORM!IRC
W32/ANTINNY.WORM
W32/ARITIMA.WORM
W32/ARITIMA.WORM.DLL
W32/DARBY.WORM
W32/GOTORM.WORM
W32/LOOF.WORM
W32/LOVSAN.WORM.A
W32/LOVSAN.WORM.B
W32/LOVSAN.WORM.B.DR
W32/NOFEAR.G@MM
W32/PREDEC.GEN@MM
W32/RENOL.WORM.GEN
W32/SPYBOT.WORM.LX
W32/SPYBOT.WORM.LZ
W32/SPYBOT.WORM.MD
W32/TZET.WORM.B
YOUGDOS.B@MM

LINUX/UNIX FILE-INFECTING VIRUSES (0)
-------------------------------------
No new removals

MACRO VIRUSES (2)
-----------------
W97M/ZONDA
X97M/RIPPET

MULTIPARTITE VIRUSES (0)
------------------------
No new removals

WINDOWS PORTABLE EXECUTABLE FILE VIRUSES (7)
--------------------------------------------
W32/BORLER.OW
W32/CASAL
W32/CHITON.DAM
W32/EMLINF
W32/SANKEI
W32/WABREX.OW
W95/PUNCH.DAM

SCRIPT VIRUSES (11)
-------------------
BAT/BWG.DR
JS/LIEBE
VBS/APPCHILD
VBS/BISQUIT
VBS/BOOMREG
VBS/DECOBE
VBS/DIEHAD
VBS/SEVENC
VBS/TRIUNFO
VBS/WINRUN
VBS/ZONDA

TROJAN HORSE PROGRAMS/MALWARE (27)
----------------------------------
AIM-FLOOD.B
ADCLICKER-S
BACKDOOR-AXX
BACKDOOR-AXY
BACKDOOR-AXZ
BACKDOOR-AYA
COOLFOOL
COOLFOOL.DLL
DOWNLOADER-DN
EXPLOIT-GENERIC
FAKEICF
FLOOD-SMASH
GALORION
IRC-FYLE
IRC-ONWE
IRC/FLOOD.CX
IRC/FLOOD.CY
IRC/GENERIC FLOODER
KIT-SEVENC
LADMIN
LINUX/BACKDOOR-CYM
LINUX/BACKDOOR-NOTE.A
LINUX/BACKDOOR-NOTE.B
LINUX/BACKDOOR-SMALL
MULTIDROPPER-HA
PWS-TAKEABYTE
SPAM-SHADOW


NEW EXTENSIONS

The scan engine now scans files with these
extensions:

none
 
R

rt

David H. Lipman said:
With every DAT release there is a README.TXT file. If will provide the latest infectors
that the release finds and or corrects.

Dave
Click to expand...
<snip>
Thanks. Where is the readme located? I only saw one readme in the McAfee
dir.
rt
 
D

David H. Lipman

Art:

That's a tough one. The commandline scanners scan.exe and scanpm.exe don't conform to the
standard rules of I/O
redirection as you have noted. The only way I can think of is to do it in DOS and within a
batch file.

The console is considered a file such as "LPT1:" and "COM1:" and is called "CON:"
Output is always assumed to go to CON: unless redirected by the ">" greater than sign such
as the command;
type readme.txt >LPT1:

The idea is to create a batch file that forces all "standard output" to be forced to be
redirected to a disk file or the printer, preferably a disk file. The "scan.exe /virlist"
command is then executed. Then forced back to the "standard output" the "CON:" device. The
DOS command is 'CTTY'. It is a MS DOS internal command found through WinME (PC DOS and
maybe in Novell/DR DOS/Caldera) but is NOT found in the CMD.EXE or COMMAND.COM, DOS
emulators of NT4, Win2K and WinXP. It is also fund in the NDOS and 4DOS command
interpreters. However the 'ctty' command can not be redirectedto a disk file.

The following will work, but ONLY under DOS, Win95, Win98 and WinME.

The following assumes; C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX (location of
SCAN.EXE) is in the path...

virlist.bat
-----------
@echo off
ctty LPT1:
scan /virlist
ctty CON:

Be prepared for many pages to be dumped on the printer, there are >78K names in the list.

Dave

PS: I had to think "real hard" to remember the CTTY command. It was never used often and
is very obscure.



| On Sat, 16 Aug 2003 18:21:23 GMT, "David H. Lipman"
|
| >With every DAT release there is a README.TXT file. If will provide the latest infectors
| >that the release finds and or corrects.
|
| <snip>
|
| To see the full list of malwares detected, you can use the command
| line scanner as:
|
| scanpm /virlist
|
| but pipeing to a text file using
|
| scanpm /virlist >virlist.txt
|
| doesn't work. So you have to skillfully use the Break key to make it
| stop scrolling periodically.
|
| Anyway, have you a method of dumping the list to a text file?
|
|
| Art
| http://www.epix.net/~artnpeg
 
N

null

Art:

That's a tough one. The commandline scanners scan.exe and scanpm.exe don't conform to the
standard rules of I/O
redirection as you have noted. The only way I can think of is to do it in DOS and within a
batch file.
Click to expand...

Thanks David, but see my response to the other poster who has the
solution. Simply type

scanpm /virlist /report virlist.txt


Art
http://www.epix.net/~artnpeg
 
D

David H. Lipman

I'm so dumb !

Why didn't I remember that ?
In the words of Homer Simpson -- Doh !

In addition an HTML report can be generated by:

scan /virlist /html c:\virlist.html

Thanx Janne !

Dave

| Try 'scan /virlist /report C:\virlist.txt'
|
| It creates list of viruses detected.
 
D

David H. Lipman

No matter what Art, It was a good excersize.

But now I have to forget how to use CTTY again !

Dave

|
| I know I did it years ago and had forgotten. So double Doh!
| I keep forgeting what happens to you when you get old :)
|
| Art
| http://www.epix.net/~artnpeg
 
F

FromTheRafters

<snip>

To see the full list of malwares detected, you can use the command
line scanner as:

scanpm /virlist

but pipeing to a text file using

scanpm /virlist >virlist.txt

doesn't work. So you have to skillfully use the Break key to make it
stop scrolling periodically.
Click to expand...

Does scanpm /virlist|more work?
Anyway, have you a method of dumping the list to a text file?
Click to expand...

I'm surprised the mentioned method doesn't work, but
maybe within a batch file it will.
 
D

David H. Lipman

No, neither will work.

The answer is...

scan /virlist /html c:\virlist.html
or
scan /virlist /report c:\virlist.txt

Dave



|
| > On Sat, 16 Aug 2003 18:21:23 GMT, "David H. Lipman"
| >
| > >With every DAT release there is a README.TXT file. If will provide the latest
infectors
| > >that the release finds and or corrects.
| >
| > <snip>
| >
| > To see the full list of malwares detected, you can use the command
| > line scanner as:
| >
| > scanpm /virlist
| >
| > but pipeing to a text file using
| >
| > scanpm /virlist >virlist.txt
| >
| > doesn't work. So you have to skillfully use the Break key to make it
| > stop scrolling periodically.
|
| Does scanpm /virlist|more work?
|
| > Anyway, have you a method of dumping the list to a text file?
|
| I'm surprised the mentioned method doesn't work, but
| maybe within a batch file it will.
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VirusScan DAT files download disaster 2
Recovering from the Flawed McAfee Update 7
McAfee/AVERT announces dailt DAT file release 18
Updating DATS for McAfee Viruscan 2
FYI: AVERT Medium Threat Advisory: W32/Sober.r@MM -- The latest McAfee DAT is v4599 5
McAfee DAT v4585 dat files have been released due to mutliple new variants of Bagle 2
McAfee VirusScan - way to just check for DAT updates? 16
McAfee V 6.02 and I can't update my DAT files- without buying the newest program 2

Top