From owner-freebsd-questions  Wed Mar 31 16: 5:20 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
	by hub.freebsd.org (Postfix) with ESMTP id 7BD0014CA6
	for <questions@freebsd.org>; Wed, 31 Mar 1999 16:05:13 -0800 (PST)
	(envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id QAA22305;
          Wed, 31 Mar 1999 16:04:41 -0800 (PST)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Wed, 31 Mar 1999 16:04:40 -0800 (PST)
From: Doug White <dwhite@resnet.uoregon.edu>
To: NIcky Lai <nickylai@sirius.com>
Cc: questions@freebsd.org
Subject: Re: ?? Virus detected on CD FSB_330A ???
In-Reply-To: <01BE7AD7.2BC5E760.nickylai@sirius.com>
Message-ID: <Pine.BSF.4.03.9903311602230.19913-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 30 Mar 1999, NIcky Lai wrote:

> I just bough the FreeBSD Version 3.0 CD and the book Complete FreeBSD 2nd 
> edition. I am doing backup of the CDs before I install the FreeBSD, during 
> the process the Trend PC-cillin 98 program with virus Pattern #502 detected 
> a virus on CD number one as follows:
> 
> Virus name:   PRESTO *
> TOOLS\OSBSBETA.EXE (OS-BS\OS-BS.COM)
> TOOLS\OSBS135.EXE (OS-BS\OS-BS.COM)
> 
> 
> On the other hand, I am beginning to read the book before I do the 
> installation. The name PRESTO is being use as an example in page 46 and may 
> be other pages as well. Could this be a coincident that the word use in one 
> OS will misinterpreted as virus in another OS? Anyway, I like to point it 
> out because you people know it much better.

This is probably a false positive.  OSBS is a boot manager which installs
itself into the system MBR.  Heuristic virus checkers may mistake that for
a virus action.  (I know that older virus checkers often mistake the
installed boot sector image as ANTI-EXE or something of that order.)  

If you're worried about it, those are self-extracting archives, so you
could use unzip to unpack them instead of executing them directly.  Or, I
think they should be zipped in the \TOOLS\SRC directory on the disc.

Doug White                               
Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message