Short: V1.85 Check for Archive/Packer/Virus Author: stoecker@epost.de (Dirk Stoecker) Uploader: stoecker@epost.de (Dirk Stoecker) Type: util/arc Requires: util/arc/xadmaster.lha util/pack/xfdmaster.lha util/virus/xvslibrary.lha util/pack/xpk_User.lha Version: 1.85 This program uses xfdmaster.library (see util/pack/xfdmaster.lha) and xvs.library (util/virus/xvsLibrary.lha) for packer and virus scanning. The xadmaster.library (see util/arc/xadmaster.lha) is used to dearchive file and disk archives. The xfdmaster.library (V39) and xadmaster.library (V10) are needed to run the utility. The xvs.library is recommended! The xpkmaster.library is needed with ASKPWD password only (and to decrunch XPKF files). NOTE: xadmaster.library is Shareware, so think about registering when using this utility. See conditions in xadmaster.library distribution. CheckX unpacks archives and packed files as deep as possible: - you can unarchive a crunched archive as well - multiple crunched files can be decrunched - multiple archives can be extracted - multiple disk archives can be extracted - linked and crunched and archived files are no problem This all depends mainly on your memory size! If have around 50MB and have only little problems with really large files. Call CheckX with a ? and you get following argument list: FROM,LOG,SAVE/K,ALL/S,ASKPWD/S,PRINTALL/S,PRINTEXEC/S, NODECRUNCH/S,NOUNLINK/S,NOUNARCHIVE/S,NOUNTRACK/S,NOSILENT/S, NOSTRIP/S,NOVIRUS/S,DEBUG/S,QUIET/S,SAVEALL/S,SECTORCHECK/S Enter a ? again and you get a short doc: FROM source file or directory - may contain patterns LOG log file name SAVE directory, where decrunched files are saved ALL scan deep into directories ASKPWD ask for password when needed (needs xpkmaster.library) PRINTALL print all filenames PRINTEXEC print names of all executable files NODECRUNCH do not decrunch files with xfdmaster NOUNLINK do not unlink files with xfdmaster NOUNARCHIVE do not call archiver for unarchiving file archives NOUNTRACK do not call archiver for unarchiving track archives NOSILENT do not disable dos requests NOSTRIP do not strip useless hunks NOVIRUS do not scan with xvs.library for viruses DEBUG also output texts to serial debug engine QUIET do not output texts to console SAVEALL saves all files (also uncrunched) except address files SECTORCHECK checks the files for virus infected sectors A bit more explanation: LOG The output is written to a file as well as to the standard output stream. The main purpose CheckX was written for is to scan for crunched files and to test the decrunch routines. So the logging may take some more time, but is very stable, as the last log-entry is always the file which possibly crashed the machine. The logfile can be accessed by other programs for read and write the whole time CheckX works (and surely after that). But writing is not recommended, as this may produce a corrupted file. SAVE If this keyword is given, all uncrunched/unlinked/stripped files will be saved in the directory given with that keyword. The directory must already exist! Sub directories are created automatically. If files are unlinked, they get saved with .1, .2, ... extensions. Address crunched files are not saved. Use xfdDecrunchAddr or xfdDecrunch to do so. DEBUG Should not be used normally. This brings the normal output to serial debugging terminal or catcher tools like Sushi. This allows a lot easier to detect files producing hits. ASKPWD Calls the xpkmaster.library password request to get a password. For archive files, the password is asked after first decrunching it and getting an password error. The inserted password is reused for next entries of this archive and only if it is wrong it is again requested. SECTORCHECK enables XVS sector checking. Note that CheckX checks all files and thus may produce wrong detections with normal files (althought this should be very rare). This is done to get all disk images checked also. CheckX has following return values: 0 - all ok 5 - either no virus checking possible or virus found 20 - an error occured and CheckX was unable to do anything CheckX cannot scan files, which are read-protected. You get CheckX error 4 as result in that case. Unprotect files and scan again when you want. For files contained in archives, the protection bits are ignored. CheckX is completely reentrant and may work fine twice or more times parallel (You can set the pure file protection bit and make it resident). But it is not recommended to call it multiple times as CheckX normally needs lots of memory. This is a batch tool, so drink a coffee or two or three during its work. Check the logfile afterwards. Use a text-editor and scan case sensitive for "-Virus" and you get lines which are related to viruses (and mostly only the important lines). A scan with "XFD-", "XAD-", "CheckX-" or "-Error" brings lines which produced errors. The complete number of found viruses is logged at the file end, if the scan found some of them. Also the scan time and the number of errors (if some appeared) is logged. If the permanent file scrolling slows down your computer try setting the output stream to a raw mode display using following redirect command: ">RAW:0/11/640/50/CheckX-Output/AUTO/CLOSE/WAIT". To get CheckX really silent either use LOG option and call CheckX with QUIET or redirect normal output into logfile with ">filename". CheckX detects all the viruses found by xvs.library, which contains the complete antivirus knowledge of VirusZ utility by Georg Hörmann, Alex van Niel and Jan Erik Olausen. CheckX cannot remove detected viruses. You still need antivirus software like VirusZ, VirusExecutor, VT or Virus_Checker. I always run VirusZ in the background to check for viruses. CheckX also scans disk archive information texts for packers and viruses, bootsectors of dearchived disks and is able to scan for destroyed sectors. The memory is scanned once after starting CheckX. Error 11 (Could not check for virus) mostly means, that the file is a bit to large and such files are normally archives only. So in most cases this error is harmless! If there are serious errors, please report them, but CheckX has a long way of development and I hope it is really stable now. Send me files, which cause the system to bring Enforcer/MungWall/PatchWork hits or crash the computer. If the files are larger, please contact me first. This program is Freeware. Use it as you want, but WITHOUT ANY WARRANTY! Contact me at: ********************************************************************* * snail-mail: * e-mail: * * Dirk Stoecker * stoecker@epost.de * * Geschwister-Scholl-Str. 10 * dirk@dstoecker.de * * 01877 Bischofswerda * world wide web: * * GERMANY * http://www.dstoecker.de/ * * phone: * pgp key: * * GERMANY +49 (0)3594/706666 * get from WWW pages or keyservers * ********************************************************************* Following is my PGP signature for the corresponding LhA-File. Use ' pgpv CheckX.readme -o CheckX.lha ' to check it. Key fingerprint: B9 F2 3A 1A 29 02 75 16 6A C6 5B 7D 5E F6 16 CF. All my releases after April 2001 have a PGP signature with this key. Be alarmed if signature is missing or wrong. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: WYc2PhxBEQhV3qPoh7KeBwgxOqXoxBU+ iQCVAwUAO063RbOTsAT/iOY9AQGIbQP/UzhC0lsIXeb7UWcJYDw/MpJEcvBmACVQ QF2JzzzRrR3WB4CMfJlWsV0CMcb2ZQ+wcf1Hlm6nTfheLd0wV/5B0GioKZxNsto0 bhEGg9zDEG3xNOZspErJT3Aor6UP20pCTxumXEl0hh4BqH8Csrb8D55YHFjCuhpP 1aYCPLdIxPE= =NmYH -----END PGP SIGNATURE----- ------------------------------------------------------- Archive has been checked and a .sig file has been added so you can verify there was no tampering with the file after placed on the server. MD5SUMS and binary .sig PGP signed by: Charlene e-mail: ml-clm@mailandnews.com md5sum: ftp.vapor.com/pub/3rdparty/ [Start md5sum checksum file]----------------------- 89c447f10449eb93b47c27399ee04b8a *CheckX/sources/Include/SDI_compiler.h e5ce746a5a4a6b39fa64a8bc35457b43 *CheckX/sources/CheckX.c 7be1f0e454b30a0016190106f12030de *CheckX/sources/SMakeFile bc84799c00078f880d93f614f31b5408 *CheckX/sources/StartCode.a 1f939155359625a46e49bfddc652ef9a *CheckX/sources/StartCode.o 95ad61a3b13b6daba74d07a7ec93b057 *CheckX/CheckX 1bea9e826c69ac9db941108eebc41024 *CheckX/CheckX.readme 079fcc05f5fd10c6cdd6ce5e3307c0ce *CheckX.info [End md5sum checksum file]-----------------------