Short: V1.94 Check for Archive/Packer/Virus Author: stoecker@epost.de (Dirk Stoecker) Uploader: stoecker epost de (Dirk Stoecker) Type: util/arc Version: 1.94 Requires: util/arc/xadmaster.lha util/pack/xfdmaster.lha util/virus/xvslibrary.lha util/pack/xpk_User.lha Architecture: m68k-amigaos This program uses xfdmaster.library (see util/pack/xfdmaster.lha) and xvs.library (util/virus/xvsLibrary.lha) for packer and virus scanning. The xadmaster.library (see util/arc/xadmaster.lha) is used to dearchive file and disk archives. The xfdmaster.library (V39) and xadmaster.library (V10) are needed to run the utility. The xvs.library is recommended! The xpkmaster.library is needed with ASKPWD password only (and to decrunch XPKF files). NOTE: xadmaster.library is Shareware, so think about registering when using this utility. See conditions in xadmaster.library distribution. CheckX unpacks archives and packed files as deep as possible: - you can unarchive a crunched archive as well - multiple crunched files can be decrunched - multiple archives can be extracted - multiple disk archives can be extracted - linked and crunched and archived files are no problem This all depends mainly on your memory size! I have around 50MB and have only little problems with really large files. Call CheckX with a ? and you get following argument list: FROM,LOG,SAVE/K,ALL/S,ASKPWD/S,PRINTALL/S,PRINTEXEC/S, NODECRUNCH/S,NOUNLINK/S,NOUNARCHIVE/S,NOUNTRACK/S, NOSECTOR/S,NOSILENT/S,NOSTRIP/S,NOVIRUS/S,DEBUG/S,QUIET/S, SAVEALL/S,CRC/S,DEEPNAME/S,SINGLEVIRUS/S Enter a ? again and you get a short doc: FROM source file or directory - may contain patterns LOG log file name SAVE directory, where decrunched files are saved ALL scan deep into directories  ASKPWD ask for password when needed (needs xpkmaster.library) PRINTALL print all filenames  PRINTEXEC print names of all executable files NODECRUNCH do not decrunch files with xfdmaster NOUNLINK do not unlink files with xfdmaster  NOUNARCHIVE do not unarchive file archives with xadmaster  NOUNTRACK do not unarchive track archives with xadmaster  NOSECTOR do not check the files for virus infected sectors  NOSILENT do not disable dos requests  NOSTRIP do not strip useless hunks NOVIRUS do not scan with xvs.library for viruses  DEBUG also output texts to serial debug engine  QUIET do not output texts to console  SAVEALL saves all files (also uncrunched) except address files CRC print CRC32 in fornt of each filename DEEPNAME print own name for every part (e.g. unliked parts) SINGLEVIRUS do not count one virus infected file multiple times A bit more explanation: LOG The output is written to a file as well as to the standard output stream. The main purpose CheckX was written for is to scan for crunched files and to test the decrunch routines. So the logging may take some more time, but is very stable, as the last log-entry is always the file which possibly crashed the machine. The logfile can be accessed by other programs for read and write the whole time CheckX works (and surely after that). But writing is not recommended, as this may produce a corrupted file. SAVE If this keyword is given, all uncrunched/unlinked/stripped files will be saved in the directory given with that keyword. The directory must already exist! Sub directories are created automatically. If files are unlinked, they get saved with .1, .2, ... extensions. Address crunched files are not saved. Use xfdDecrunchAddr or xfdDecrunch to do so. DEBUG Should not be used normally. This brings the normal output to serial debugging terminal or catcher tools like Sushi. This makes it a lot easier to detect files producing hits. ASKPWD Calls the xpkmaster.library password request to get a password. For file and disk archives the password is asked after first getting an password error. The inserted password is reused for next data and only if it is wrong it is again requested. For individual files the password is requested every time. NOSECTOR disables XVS sector checking. Note that CheckX normally checks all files and thus may produce wrong detections with normal files (although this should be very rare). This is done to get all disk images checked also. CRC This calculates an CRC32 for every file and prints it in front of the output. You may use this to check your system for modifications. Especially useful with PRINTALL/PRINTEXEC option (and sometimes with DEEPNAME). DEEPNAME This prints a new name for all passes (like unlinking, decrunching and all the others). The output thus will be much more wasted with name elements. The only useful usage of this is together with CRC option to find out the checksums of intermediate files. SINGLEVIRUS Sometimes XVS recognices crunched and linked versions of viruses as well as the uncrunched variants. CheckX thus also reports the virus multiple times. Also there may be multiple viruses in one file. This option only affects the status at end of output. It reduces the number of reported viruses to the number of infected files by eliminating multiple reports. The virus output itself is not affected. This may be useful to compare output with other virus checkers. The default options are best for virus-checking, so it is not recommended to turn on any of the options starting with "NO". Also to be really sure you found all viruses, install newest versions of XFD, XAD and XVS libraries. CheckX has following return values: 0 - all ok 5 - either no virus checking possible or virus found 20 - an error occured and CheckX was unable to do anything CheckX cannot scan files, which are read-protected. You get CheckX error 4 as result in that case. Unprotect files and scan again when you want. For files contained in archives, the protection bits are ignored. CheckX is completely reentrant and may work fine twice or more times parallel (You can set the pure file protection bit and make it resident). But it is not recommended to call it multiple times as CheckX normally needs lots of memory. This is a batch tool, so drink a coffee or two or three during its work. Check the logfile afterwards. Use a text-editor and scan case sensitive for "-Virus" and you get lines which are related to viruses (and mostly only the important lines). A scan with "XFD-", "XAD-", "CheckX-" or "-Error" brings lines which produced errors. The complete number of found viruses is logged at the file end, if the scan found some of them. Also the scan time and the number of errors (if some appeared) is logged. If the permanent file scrolling slows down your computer try setting the output stream to a raw mode display using following redirect command: ">RAW:0/11/640/50/CheckX-Output/AUTO/CLOSE/WAIT". To get CheckX really silent either use LOG option and call CheckX with QUIET or redirect normal output into logfile with ">filename". CheckX detects all the viruses found by xvs.library, which contains the complete antivirus knowledge of VirusZ utility by Georg Hörmann, Alex van Niel and Jan Erik Olausen. CheckX cannot remove detected viruses. You still need antivirus software like VirusZ, VirusExecutor, VT or Virus_Checker. I always run VirusZ in the background to check for viruses. CheckX also scans disk archive information texts for packers and viruses, bootsectors of dearchived disks and is able to scan for destroyed sectors. The memory is scanned once after starting CheckX. Error 11 (Could not check for virus) mostly means, that the file is a bit to large and such files are normally archives only. So in most cases this error is harmless! If there are serious errors, please report them, but CheckX has a long way of development and I hope it is really stable now. Send me files, which cause the system to bring Enforcer/MungWall/PatchWork hits or crash the computer. If the files are larger, please contact me first. SortCheckX: This little tool sorts the output of CheckX by filename (keeping the tree structure intact). This is very helpful when comparing older logfiles with newer ones (as the scanning order may differ). Also The option OLDFIX allows to change some of the older texts to their newer variants, to reduce differences. This tools wants a filename as input and possibly also a filename as output. If there is no output filename, it outputs to standard output. Do not expect anything useful for other files than CheckX output! The CRC option sorts files created with CRC option. Short history (full history see source code): 1.85 12.07.01 : added sector checks, reduced final file size 1.86 30.09.01 : sector check is default now, bug fixes 1.87 27.01.02 : added CRC calculation and DEEPNAME option 1.88 31.08.02 : added ASKPWD for disk archives 1.89 06.10.02 : workaround for file 42.zip 1.90 20.11.02 : fixed CRC problem 1.91 29.12.02 : readded bootblock virus detection after XVS changed in this point. 1.92 30.12.02 : Last version produced to many wrong virus hits, fixed 1.93 01.01.03 : fixed missing TAG_DONE 1.94 03.01.03 : fixed bug related to 42.zip workaround, added SINGLEVIRUS This program is Freeware. Use it as you want, but WITHOUT ANY WARRANTY! Contact me at: ********************************************************************* * snail-mail: * e-mail: * * Dirk Stoecker * stoecker@epost.de * * Geschwister-Scholl-Str. 10 * dirk@dstoecker.de * * 01877 Bischofswerda * world wide web: * * GERMANY * http://www.dstoecker.de/ * * phone: * pgp key: * * GERMANY +49 (0)3594/706666 * get from WWW pages or keyservers * ********************************************************************* Following is my PGP signature for the corresponding LhA-File. Use ' pgpv CheckX.readme -o CheckX.lha ' to check it. Key fingerprint: B9 F2 3A 1A 29 02 75 16 6A C6 5B 7D 5E F6 16 CF. All my releases after April 2001 have a PGP signature with this key. Be alarmed if signature is missing or wrong. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: 1sl08lsldo4LMECpHELK51Uxw1j50E9z iQCVAwUAPmsxkrOTsAT/iOY9AQG+qwP9EdpzjRQiTxZdEwklD155eX991n33hbZ2 gsqskkJWMflPJfCOnz/bEQM2UTwwYEGqnqzKqQWCT0VWAm73iwjff4BJHPdkva34 ogWnkI880kUAKV4mRar44iMyhJzS679V7OtwFD/OxMB3TDhNd+ur5/8khgWmeCMy 40aTJ9WklPk= =KSR1 -----END PGP SIGNATURE-----