Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!ginosko!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: JFORD1%UA1VM.BITNET@VMA.CC.CMU.EDU (James Ford) Newsgroups: comp.virus Subject: Re: Posting to VALERT-L re: M-1704 (PC) Message-ID: <0006.8910031107.AA02205@ge.sei.cmu.edu> Date: 2 Oct 89 23:18:56 GMT Sender: Virus Discussion ListLines: 18 Approved: krvw@sei.cmu.edu I recently posted a question on VALERT-L about the file M-1704.EXE. SCAN V36 stated that it was infected. I now know, from McAfee and others, that the 1704 virus is encrypted. Since it is, M-1704 must have a specific hex search string in it....one that will indeed cause SCAN to flag it. This is *normal* (thats as technical as I can get....I don't know more, and what I just said is probably techincally wrong). I hope that my posting of the VALERT-L message does not reflect negatively on the Wellspring BBS. The Wellspring BBS is a top-notch BBS, and its anti-viral file collection is among the best in the country. If I gave you a wrong impression of Wellspring, I apologize. I would post this statement about the Wellspring BBS on VALERT-L, but have been informed that VALERT-L is not suppost to be carrying such postings. JF Acknowledge-To: