FPROT 3.12d Questions

null.DeleteThis@zilch.com wrote:

> What about FAT32 on NTFS based OS? I don't think F-Prot for DOS is
> specified for use on these OS (because of different folder and file
> naming possibilities that F-Prot for DOS can't handle).

I just tried it with a FAT32 partition on Windows 2000 SP4. That
partition has 29586 files. With the /dumb switch, F-Prot claims to have
scanned 4366 files out of 4420.

To be honest I am at loss now. But this is not so much of a problem for
me since I rarely do full scans with F-Prot. I use it mostly to scan new
files and it does that just fine.

Mind you, maybe I don't interpret the results correctly.
 >> Stay informed about: FPROT 3.12d Questions 

One possible reason for the additional files being scanned is compressed
files (i.e. it counts all files within .zip/.lha/etc. when scanning).,


"Frederic Bonroy" <bidonavirus.RemoveThis@yahoo.fr> wrote in message
news:2jjps0F12lqi4U4@uni-berlin.de...
> null.RemoveThis@zilch.com wrote:
>
> > What about FAT32 on NTFS based OS? I don't think F-Prot for DOS is
> > specified for use on these OS (because of different folder and file
> > naming possibilities that F-Prot for DOS can't handle).
>
> I just tried it with a FAT32 partition on Windows 2000 SP4. That
> partition has 29586 files. With the /dumb switch, F-Prot claims to have
> scanned 4366 files out of 4420.
>
> To be honest I am at loss now. But this is not so much of a problem for
> me since I rarely do full scans with F-Prot. I use it mostly to scan new
> files and it does that just fine.
>
> Mind you, maybe I don't interpret the results correctly.
 >> Stay informed about: FPROT 3.12d Questions 

> 3.14e is here: ftp://ftp.f-prot.com/pub/f-prot.zip

Thanks for the link.


> I just tried it with a FAT32 partition on Windows 2000 SP4. That
> partition has 29586 files. With the /dumb switch, F-Prot claims to have
> scanned 4366 files out of 4420.


mines w2k ntfs, and mine reports- 2931 scanned, but drive has 47,084
files. weird huh. still no boot sector scan either and have
everything turned on. for nt systems maybe it's something in the
autoexec.nt / config.nt files. looked, some .exe's launch, don't
know.

jdc
 >> Stay informed about: FPROT 3.12d Questions 

jdc_tech wrote:

>>3.14e is here: ftp://ftp.f-prot.com/pub/f-prot.zip
>
> Thanks for the link.
>
>>I just tried it with a FAT32 partition on Windows 2000 SP4. That
>>partition has 29586 files. With the /dumb switch, F-Prot claims to have
>>scanned 4366 files out of 4420.
>
> mines w2k ntfs, and mine reports- 2931 scanned, but drive has 47,084
> files. weird huh. still no boot sector scan either and have
> everything turned on. for nt systems maybe it's something in the
> autoexec.nt / config.nt files. looked, some .exe's launch, don't
> know.

for nt based operating systems you should be using fpcmd out of the
f-prot for windows package, rather than f-prot for dos...

--
"maxwell can tell he's in hell
just wants you to visit him there
same old game that he's playin'
his rules are never fair"
 >> Stay informed about: FPROT 3.12d Questions 

On 19 Jun 2004 13:29:58 -0700, jdc_tech.RemoveThis@yahoo.com (jdc_tech) wrote:

>Heard of a 3.14 but don't see it on the ftp site. Anyway, has anyone
>noticed that when you tell fprot to scan an entire drive (c) that it
>only scans a portion?

For F-Prot for DOS: Yes, in the following contexts:

1) Accessing NTFS via SystemInternals' free NTFS=from-DOS driver
2) If used within XP (and prolly earlier NT)
3) As (2) but more so if NTFS
4) If paths are "too deep" for DOS

Issues (2-4) are limitations of the DOS API - a matter of OS
interference (2), NTFS permissions issues (3) and DOS API itself (4).
Issue (1) is a limitation of the SystemInternals NTFS-from-DOS driver.

>On my machine, it scans fromt the root of the
>(c) directory tree down to documents.settings/activeuser/appdata then
>stops, calls the scan complete. also it always states the boot sector
>is never scanned yet all the appropriate choices have been selected.

What OS are you scanning from?
What OS was that F-Prot written for?
What file system?



>-------------------- ----- ---- --- -- - - - -
No, perfection is not an entrance requirement.
We'll settle for integrity and humility
>-------------------- ----- ---- --- -- - - - -
 >> Stay informed about: FPROT 3.12d Questions 

On 20 Jun 2004 00:12:58 -0700, jdc_tech RemoveThis @yahoo.com (jdc_tech) wrote:
>> 3.14e is here: ftp://ftp.f-prot.com/pub/f-prot.zip

>> I just tried it with a FAT32 partition on Windows 2000 SP4. That
>> partition has 29586 files. With the /dumb switch, F-Prot claims to have
>> scanned 4366 files out of 4420.

This isn't a rational use of F-Prot for DOS, which has only two useful
roles on an NT system:
- formal scanning of all files (when system's not running)
- on-demand scanning of material before it runs

Here, you know the ?infected OS is running, and thus presumably the
malware too. You know the OS is going to defend parts of itself from
access, and thus protect any malware sheltering there - either by way
of NTFS permissions, or because parts of NTFS are inaccessible to the
DOS API, or because the OS simply disallows access regardless of these
two factors. It's worse than useless, in that malware that's av-aware
may detect your attempts to find it and strike back punitively.

So it's a bit like saying "if I submerge my cigarette lighter under
the petrol in the gas tank, the flint gets soggy and won't spark".

>mines w2k ntfs, and mine reports- 2931 scanned, but drive has 47,084
>files. weird huh.

Yep. Either a wall-out effect or failure to recurse (or both - i.e. a
disallowed target breaks recursion of the tree).

>still no boot sector scan either

No surprise; NT disallows that level of raw HD access. Try using
DiskEdit to read sectors, or IDEID to query the HD's firmware; you
will get the same blank-stare non-answers.

Wrong strokes for these folks



>-------------------- ----- ---- --- -- - - - -
Trsut me, I won't make a mistake!
>-------------------- ----- ---- --- -- - - - -
 >> Stay informed about: FPROT 3.12d Questions