F-PROT for DOS

[puff-m-d]

Hello all,

I use Eset NOD32 as my primary avp and was trying out F-PROT for DOS as a secondary or backup scanner. *The problem that I am having is no matter how I configure it, it only scans about 4000 files. *I have around 65,000 files on my system though. *I tell it to do a dumb scan (which supposedly means all file extensions?) and to scan all of my C drive. *Am I doing something wrong or will F-PROT for DOS not scan my entire hard drive?

Eagerly awaiting whatever I am missing,
Kent

[Tinribs]

I presume you've configured it to scan packed and archived files also?

[wizard]

Which file system do you use? NTFS or FAT32?

There is a problem with NTFS when you try to scan your hard drive. Any folders you enter will be scanned correct but not the whole harddrive. I think it is not a F-Prot issue but a limitation of NTFS or Win2k, WinXP operating system. From my research I found the following solution:

If you have a Win9x computer or maybe one of your friends has one: format a diskette with the option to 'boot' the diskette. I think you need at least two maybe three diskettes to install F-Prot for DOS on them. Only the first diskette needs be formated as a 'boot diskette'. Install F-Prot for DOS and check documentation for how to do or ask me and I will look which files you need.

So now you can scan your computer with the help of that boot diskettes. This method has one advantage: If a virus is already active in your system it might can 'fool' your anti virus to find it. If you boot from clean diskettes the virus is inactive and can be recognized easier.

Then go to http://www.sysinternals.com They offer a free tool which allows to access NTFS files from MS DOS. Download it and put the files on the first diskette. Maybe you should create an autoexec.bat to start and put the ntfs command in it.

And there is a very good hint for F-Prot for DOS users: If you start F-Prot for DOS with the option /AI it actives a very strong heuristic feature for detecting Win32 viruses. I tested it yesterday with some Win32 viruses:
With this special heuristic you get more than the double detection rate as with the normal heuristic option on 'unknown' Win32 viruses. Before anybody gets concerned about undetected viruses: I used an old signature file to test the heuristic feature. Samples were detected with the latest signature file.

wizard

[puff-m-d]

Hello all,

First of all I have the options checked as follows:
SEARCH: C:\*
ACTION: Report Only
FILES: "Dumb" scan of all files
Scan inside archives
Scan compressed executables
Scan subdirectories
Scan a normal system
List only infected files
Beep when a virus is found
Use hueristics

Secondly, I have Windows XP Home using FAT32.

I am beginning to think it is one of those obscure WinXP bugs?

Kent

[wizard]

Quote:

I am beginning to think it is one of those obscure WinXP bugs?

I do not have WinXP so I can not test it. Normaly also WinXP emulates a full ms dos. Also most of the old ms dos viruses still work in that command line inferface. So I see actually no problem why F-Prot does not work there. If viruses work an anti virus software should work too.

Can you test my tip with the diskettes? Leave the NTFS driver part out.

But your problem gives me an idea. I will do some research over the weekend and try to build an free alternative to create such boot diskettes without the need of Win9x and knowledge in creating such a boot diskette or writing a short tutorial for it. This should be based on an alternative MS DOS. There should be one or two available over the internet.

wizard

[puff-m-d]

Wizard,

Sorry, but at current I have no access to a Win98 machine so I guess I will eagerlly await your response next week.

Thanks,
Kent

[wizard]

F-Prot for DOS works perfectly under FreeDOS scanning a NTFS (Win2k) partition. I will do tomorrow a test run on a WinXP computer. If that goes without problems I updload the disk image files somewhere.

wizard

[puff-m-d]

Thanks for the reply and help....

I was beginning to think this was a dead thread. *In any case it seems I have a rare problem.

Kent