Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!ginosko!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: JFORD1%UA1VM.BITNET@VMA.CC.CMU.EDU (James Ford)
Newsgroups: comp.virus
Subject: Re: Posting to VALERT-L re: M-1704 (PC)
Message-ID: <0006.8910031107.AA02205@ge.sei.cmu.edu>
Date: 2 Oct 89 23:18:56 GMT
Sender: Virus Discussion List 
Lines: 18
Approved: krvw@sei.cmu.edu

I recently posted a question on VALERT-L about the file M-1704.EXE.
SCAN V36 stated that it was infected.  I now know, from McAfee and
others, that the 1704 virus is encrypted.  Since it is, M-1704 must
have a specific hex search string in it....one that will indeed cause
SCAN to flag it.  This is *normal* (thats as technical as I can
get....I don't know more, and what I just said is probably techincally
wrong).

I hope that my posting of the VALERT-L message does not reflect
negatively on the Wellspring BBS.  The Wellspring BBS is a top-notch
BBS, and its anti-viral file collection is among the best in the
country.  If I gave you a wrong impression of Wellspring, I apologize.
I would post this statement about the Wellspring BBS on VALERT-L, but
have been informed that VALERT-L is not suppost to be carrying such
postings.

                                  JF
Acknowledge-To: