Free Software for DOS
Antivirus

9 Dec 2005

Global Menu:
Go back to Front Page Menus

This page:
ANTIVIRUS SCANNERS

FILE CHECKSUM UTILS

DISK SECURITY

ANTIVIRUS SCANNERS

F-Prot — Antivirus monitor, scanner, and disinfectant.

* * * * *

[updated 2005-07-01]

F-Prot is a shareware antivirus package that has received rave reviews. Not only is it free for individual (non-commercial) use, but it is updated frequently in order to keep pace with new virus types. Can scan within archives (arj / cab / lzh / rar up to v2.5 / zip), many packed executables and email. Requires 80386+.

Usage: F-PROT [drive, file or directory] [options]

If a drive, file or directory is given, F-PROT will enter
command-line mode, unless the /INTER option is given as well.

    /AI         Enable neural-network virus detection.
    /APPEND     Append to existing report file.
    /ARCHIVE=n  Scan inside archives (n levels deep)
    /AUTO       Automatic virus removal.
    /BEEP       Beep when a virus is found.
    /CDROM      Scan any attached CD-ROM drives.
    /COLLECT    Scan a virus collection.
    /DELETE     Delete infected files.
    /DISINF     Disinfect whenever possible.
    /DUMB       Do a "dumb" scan of all files.
    /EXT        Scan only files with default extensions.
    /FREEZE     "Freeze" the program if a virus is found.
    /HARD       Scan the hard disk(s).
    /HELP       Display this list.
    /INTER      Force interactive mode.
    /LIST       List all files checked.
    /LOADDEF    Load DEF files from a floppy.
    /NET        Scan network directories mapped to a drive.
    /NOBOOT     Do not scan boot sectors.
    /NOBREAK    Do not abort scan if ESC is pressed.
    /NOFILE     Do not scan files.
    /NOFLOPPY   For use on system without floppy drives.
    /NOHEUR     Disable heuristics.
    /NOLFN      Disable long file name support.
    /NOMEM      Do not scan memory for viruses.
    /NOSUB      Do not scan subdirectories.
    /OLD        Do not complain when using outdated DEF files.
    /ONLYHEUR   Only use heuristics, not "normal" scanning.
    /PACKED     Unpack compressed executables.
    /RENAME     Rename infected COM/EXE files to VOM/VXE.
    /REPORT=    Send the output to a file.
    /SERVER     Activate mail filter heuristics.
    /TYPE       Select files by type. (default)
    /VIRLIST    List the known viruses.
    /VIRNO      Count the known viruses.
    /WRAP       Wrap text so the report fits in 78 columns.

Special options for command-line mode:

    /PAGE       Pause after each page.
    /SILENT     Do not generate any screen output.

Special macro virus options:

    /NOMACRO    Do not scan for macro viruses.
    /ONLYMACRO  Only scan for macro viruses.
    /REMOVEALL  Remove all macros from all documents.
    /REMOVENEW  Remove new variants of macro viruses by
                removing all macros from infected documents.
    /SAFEREMOVE Remove all macros from documents, if a known
                virus is found.

Author: Friðrik Skúlason / Frisk Software International, Iceland (2005).

2005-04-07: v3.16b.

Download all three files (always current):
Program + docs
f-prot.zip
(~2.7MB)
Virus signature files
fp-def.zip
(~3.1MB)
Macrovirus signature files
macrdef2.zip
(~255K)

Go to Frisk Software International's Home page and to the Current versions page, for F-Prot for other OSes (free for Linux, BSD, Solaris, but not Windows), assorted other files, virus news & more.


RHBVS (ROSE SWE's Heuristic Based Virus Scanner) — Command line scanner.

* * * * on DOS-only disks

[added 2000-05-13, updated 2005-12-08]

RHBVS differs from other scanners listed here because it's based solely on heuristic analysis of file characteristics. Compared with their conventional, counterparts, heuristic scanners don't require the often huge virus signature databases, and consequently tend to be smaller and shouldn't require as much updating (except for engine revisions). A good heuristic scanner should be able to detect novel and mutated viruses that are not yet in databases. On the downside, the detection capability of heuristic scanners is only as good as the underlying algorithms. Many heuristic scanners seem to generate more false positives than their conventional counterparts (in our use, RHBVS has tended to bite on DOS TSR executables and on some Windows files). Heuristic scanners can also be slower. Minimum requirements: DOS 5.0, 2MB RAM, 80486. Runs under DOS, DOS32, OS/2, Win32.

From the docs:
...quite small, reasonable speed, high detection rate, option-rich... Detection modules for batch viruses, Trojans, malware, scripting viruses like Corel Draw, VBS, HTML, Windows Batch (WBT), JavaScript and IRC script worms are also included...
Run RHBVS.EXE with
/?   or   -?   to see the current supported options.
/??   or   -??   or   /UNDOC   to see a list of the advanced options.
Help -?
[ Usage ]=-------- RHBVS  [-/options] [drive:[\path1] [path2]] [-/options]
                        +--  root in drive c:  ---  rhbvs c:
Scan recursivly from  --+--  given path        ---  rhbvs drive:\path
                        +--  current folder    ---  rhbvs .

-----[ Options ]--------------------------------------------------------------
-help, -?   Show this short help. See also RHBVS.DOC. Try also -??
-all        Scans all files *.*   (Default: Executables, Scripts, HTML & Mirc)
-auto       Scan in all local and remote drives              (Without A: & B:)
-beep       Beep when a virus is found.                         (Default: OFF)
-comp       Include generic DOS companion detection             (Default: OFF)
-del -delYN Deletes infected files without any query/with query (Default: OFF)
-showerr    Shows file access errors etc.
Help -??
-----[ Undocumented switches ]-----------------------------------------------
For experienced users only :-))

/Extr        Extracts signature from executable files.           (Default: OFF)
/FileType    Prints after each infected file the file type (DOS COM/EXE)
/NoCheckCRC  Skip selftest - useful if RHBVS is infected by a virus
/NoLiveBait  Skips "Live Bait Test" suite.   /NoMem, skips quick memory test
/NoPathCompanion   Skip "Path Companion" tests.   /NoHMA, skips HMA memory test
/NoSig       Skip RHBVS.SIG                                      (Default: OFF)
/NoSub       Do not recursive scan sub directories, only specified directory
/NoVBS       Skip scanning of VBS/Mirc/HTML & JS viruses (Default: Do scanning)
/OnlyFull    Shows only fully detected script viruses (only useful for teachin)
/Raw         Converts DOS charset to UNIX readable format, e.g. -- gets ==
/Rename      Smart renaming, depending on the entry point, e.g. MZ/ZM gets .EXE
/RenMarx     Smart renaming, using extension .??$        (used by Andreas Marx)
/Renumber    /Rename and create unique filename, based on a counter
/Renumber=Value    Start counting/renameing with "value".
/RenPE       Rename Win/NT portable EXE files to .PE/LX/NE/LE instead of .EXE
/SigOnly     Use only RHBVS.SIG for scanning.                    (Default: OFF)
/Trj- /NoTrj unload the signature file VIRSCAN.TRJ              (Default: LOAD)
/Report      Logs all scanned files, regardless if infected or not. Req. /LOG=
/UnDoc -??   This guru help (what did you expect?)
/Virsort     Generate a log suitable for VirSort & ZOO-Sort     (requires /LOG)
/Whole       Analyse the whole file (only useful to examine virus behaviour)

Limitations: No repair functions, doesn't handle boot sector infectors.

Our recommendations: Use it in addition to, not in place of, a good database-type scanner with repair functions. To avoid the risk of losing Windows files, back them up or turn renaming and deleting off.

Author: Ralph Roth / ROSE Software Engineering (ROSE SWE), Germany (2005). Suggested by CyberRax.

2005-11-03: v4.62 build 914.

Download rhbvs_v4-62.zip (601K).

More in these pages from Rose SWE.


Kaspersky Antivirus 32 (KAV, KAV32) — Antivirus scanner and disinfectant.

* * * * *

[added 2005-08-22]

KAV is one of the best antivirus programs, with thorough scans, many user options, and hourly updates of its databases. Runs from command line with parameters typed in, from batch file, or from graphical shell. Settings can be stored in a plain-text file (default name DEFDOS32.PRF). 32-bit program (DOS extender built in), requires 80386+.

Some features:
Usage: KavDos32.exe [options] path[\name][...]
         Path - any DOS path, * or *: - all local disks
         Name - wildcards * or ?  Default is executable files
 Valid options are:
     /-  disinfect                       /D daily
     /E  delete infected files           /F=filename load alternate profile
     /XF=masks exclude files             /@=filename check files by list
     /XD=masks exclude directories        /@! delete list after scanning
     /1  check only one floppy disk      /*[-]  check all files
     /M[-]  skip memory test             /S[-]  sound off
     /P[-]  skip Master Boot Record test /R[-]  do not scan subdirectories
     /B[-]  skip DOS Boot Sector test    /W[T|A][+|-][=filename] save report
     /U[-]  disable unpack                 T truncate existing report
     /A[-]  disable extract                A appends to existing report
     /H[-]  disable heuristic analysis     - or + extended/normal report
     /V[-]  enable redundant scanning    /MD[-] check mail databases
     /K[-]  disable pack info            /MP[-] check plain mail
     /O[-]  write OK messages            /Y[-]  skip all dialogs
     /Z[-]  disable aborting             /?  help screen
     /VL[=filename] display virus list
 For all options '-' inverts the default meaning.

Return codes (DOS Errorlevel) for use in batch files:
  0 - No viruses were found
  1 - Virus scan was not complete
  3 - Suspicious objects were found
  4 - Known viruses were detected
  5 - All detected viruses have been deleted
  7 - File KAVDOS32.EXE is corrupted

Scan times can be very long: Rather than one or a few database files, Kaspersky supplies a large number of small, specialized files – loading and switching slow operation down. Help: Configure carefully, to avoid scanning unchanged files repeatedly. Run overnight.

Author: Eugene Kaspersky / Kaspersky Lab, Russia (2001).

2001-05-31: v3.0 build 135 (05-01). Last for DOS, no longer supported. Program, batch and configuration files use English, but the optional Windows localization file and the README are in Russian only. A separate, small package contains an English localization file and README.

Downloads



kavdos32.rar
(329K)
Program package
avp_loce.zip
(8K)
Optional English-language files

Virus data files are online at these sites:
Russia 1  |  Russia 2  |  Russia 3  |  Russia 4  |  Germany  |  US 1  |  US 2
Get cumul.zip (~6.9MB, all data files). Update with weekly.zip (~1.1MB, released every Friday) or daily.zip (~500K, released hourly, but getting it three times a week is probably good enough).

Go to Kaspersky Lab for versions for other OSes, more programs, virus news & info. Pages in Russian, English, French, German, Chinese, Japanese, Polish, Dutch.


FILE CHECKSUM UTILS

Using a variety of algorithms, these utils calculate a unique signature or "fingerprint" for a file. By calculating the checksum value for a program file you can compare this value to a reference, valid value and determine if the file has been modified by viruses, hacking / editing, transmission errors, or other actions.


MD5SUM — Calculate and verify MD5 hash values for files.

* * * * *

[added 2000-08-09, updated 2005-12-08]

This program, originally for Unix, will calculate an MD5 value for a given file and also allows you to check the values against an existing, valid value to determine if the file has been changed/corrupted. MD5SUM is most often used to validate the integrity of transferred files which have a reference MD5 value stored on the server. But I employ it as a cheap, antiviral "checksum comparer" for files on my local hard drive. 16-bit program, w/ source in package.

As a simple usage example, first generate a file (TEST.MD5) holding a baseline MD5 value for a given file (MY.ZIP):

MD5SUM -b MY.ZIP >TEST.MD5
(-b: assume binary file). To check the MD5 value of the file at a later date (or to validate copy of file) use,
MD5SUM -b -c TEST.MD5
If the values match, output will be:
"C:\MY.ZIP: OK"
If new value doesn't match:
"C:\MY.ZIP: FAILED"

Notes: MD5SUM doesn't accept wildcards – if you want to obtain many file values at once, write an appropriate batch file. For an entire drive, you could use an easy batch helper like Locate to collect baseline values, e.g., all *.exe files on drive C, write a batch similar to:

locate C:*.exe /o:"MD5SUM -b &F>>BASELN.MD5"> MD5DRV.BAT
Run MD5DRV.BAT at any time, or just replace the  /o  switch above with  /c  to execute immediately.

Run
MD5SUM -c BASELN.MD5
after MD5DRV.BAT, to compare later values against baselines.

Authors: Branko Lankester, Netherlands; Colin Plumb, Canada (1993). Compilation & docs by Michael Paul Johnson (1995, 2000

1995-02-04: Unnumbered release.
2000-08-14: Revised documentation.

Download md5sum.zip (34K).

For a 32-bit version w/ Win9x LFN support, see GNU Textutils – Summarizing Files.


CHKSUM — Calculates 32 bit CRC and 16 bit checksums.

unrated

[added 1999-06-12, updated 2000-06-05]

CHKSUM calculates two checksums for each file: a 32-bit CRC and a 16-bit checksum. Also 16- and 32-bit "master" total checksums are calculated for all files successfully processed. Handles Win9x long pathnames. Runs on any PC, 8086 & up. NASM source included, distributed under GNU Public License.

Syntax:  CHKSUM  [filespecs] [switches]
         /S  recurse into subdirectories
         /M  page output
         /H  do not hook critical errors

Filespecs may include DR DOS-style file lists.

Author: Charles Dye / Freeware, FreeDOS and 4DOS-related stuff (2000).

2000-04-24: v1.04a.

Download chksum.zip (37K).


DISK SECURITY

ADinf (Advanced Diskinfoscope) — Antiviral, disk integrity checker.

unrated

[added 1999-04-13, updated 2005-06-01]

From the docs:
... a unique and powerful disk integrity checker which scans a disk, reading its sectors...through BIOS. It does not utilize DOS tools in searching for infectors and, therefore, can trap formidable stealth viruses that are known to intercept more than twenty DOS functions. It also traps infectors in disk drivers and hitherto unknown viruses...Unlike other anti-virus tools...ADinf detects viruses on booting a system from the hard disk...[B]esides detecting infectors, ADinf scrupulously x-rays a system for full data integrity and security, and for other data modifications...
ADinf reads vital data about such parameters as the memory size, the address of Int 13h handler in BIOS, Hard Disk Parameter Tables, the master boot record and boot sectors, bad clusters, directory tree, and data on all files under control; then creates a [hidden] diskinfo table for every drive and saves [table in root directory]... At subsequent starts, ADinf first reads these parameters and compares them with those in its diskinfo tables. During scanning it notes any changes in the size of the memory allotted to DOS, Hard Disk Parameter Tables, master boot record, boot sectors of every logical drive, as well as new bad clusters, directories and files newly created or deleted since the last check, and changed files.

Includes Cure Module (ADinfExt), "A Curing Companion to Advanced Diskinfoscope"

Authors: ADinf by Dmitry Mostovoy (2000); ADinfExt by Vitaly Ladygin, Denis Zuyev & Dmitry Mostovoy; Russia (1999). Suggested by Yves Bellefeuille's Best freeware for DOS and Windows 3.1.

2000-05-31: v12.14, last for DOS. Lacks some features found in the commercial (32-bit) version. Available in Russian, German, English language packages. History in Russian package only.

Downloads
English
(337K)
Russian
(353K)
German
(351K)

Get related files at the ADinf ftp archive at the Keldysh Institute of Applied Mathematics, Russia. Note: Link to French version is wrong – gets English only.

Get info on the 32-bit version for DOS & Windows at the ADinf Web-site, in Russian, or in English.


DISKSECURE — Protects basic disk files from Viruses.

unrated

[added 1998-10-25]

Reviewed by Howard Schwartz (10-06-98)

DISKSECURE: There are three critical files (well, not actually files) at the beginning of your hard disk that perhaps up to 1/3 of the viruses in the wild like to hide in, or like to attack and corrupt:
  1. The "Master Boot Record" contains basic software that your computer executes every time you start up and boot your computer. If they hide here, "stealth" and/or "boot sector" viruses can get executed each time you start your computer, and then hide in ram.
  2. The "Partition Table" describes how many partitions you have on your disk, what type they are, and where they are.
  3. The "File Allocation Table" probably should be called the directory allocation table. It describes where to find all the directories on each partition, and, where to go on the disk, to find out which files are in each directory.
By corrupting or destroying any one of these three items, a virus can make a disk completely unusable. DISKSECURE protects items #1 and #2 from viruses:

DISKSECURE also includes a program that bypasses its defenses if you want a program to be able to access your hard disk's beginning sectors directly. DISKSECURE cannot protect your File Allocation Table in this way because it is constantly being written to and changed as new files are created, old ones deleted, etc. To protect this critical table, use a utility like STF.COM (save the FAT) to back it up each time you start your computer.

Author: Padgett Peterson (1994).

1994-03-20: v2.42 (03-94).

Download ds242.zip (31K).


Go to Top | Front Page ]


©1994-2004, Richard L. Green.
This Edition ©2004-2005, Richard L. Green and Short.Stop.