515 posts
Location
Australia
Posted 06 July 2012 - 05:59 PM
Hello! This is a rescue disk/antivirus that I wrote which can (hopeully) detect and remove viruses on your CC Computer
You must have the HTTP API Enabled (And working)Also, on the first time, you must run the program when you know your computer's startup is clean.Features:Window GUI and Auto-updating database
You have to run the program from a disk as startup.
You can download the program by using
pastebin get hLnnpXtZ /disk/startup
Note: If you get an message saying that the disk is infected, reinstall the antivirus.Constructive feedback/criticism is welcome. Please post if you get any false-positives or any viruses being undetected. Feel free to post ideas and improvements to make. Btw, editing the file will cause you to get a message saying the dis is infected XD.
378 posts
Location
In the TARDIS
Posted 07 July 2012 - 11:36 AM
How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?
515 posts
Location
Australia
Posted 07 July 2012 - 01:00 PM
How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?
Did you get a false positive or something? If so, you can check the logs
(use "edit /disk/avlog.log") and compare it to the database (below) to see what triggered it
Anyway, it reads a database from
http://pastebin.com/xJhGLZeVWhat it does is it scans through all of your files/folders (except for rom and disk) for things like:
That your startup has been modified since you last ran the rescue disk
files named as system files in the root directroy. Like edit or pastebin
Programs which try to mask functions.
And others which I came across on the CC server I play on.
The format for the database is:
Name
Snippet
It just scans through all files for the snippit.
445 posts
Posted 07 July 2012 - 02:44 PM
How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?
Did you get a false positive or something? If so, you can check the logs
(use "edit /disk/avlog.log") and compare it to the database (below) to see what triggered it
Anyway, it reads a database from
http://pastebin.com/xJhGLZeVWhat it does is it scans through all of your files/folders (except for rom and disk) for things like:
That your startup has been modified since you last ran the rescue disk
files named as system files in the root directroy. Like edit or pastebin
Programs which try to mask functions.
And others which I came across on the CC server I play on.
The format for the database is:
Name
Snippet
It just scans through all files for the snippit.
So easy to get around :P/>/>
378 posts
Location
In the TARDIS
Posted 07 July 2012 - 03:40 PM
No I was just curious how this system works. Really interesting if I say so myself. It covers most of the viruses you can do with CC
515 posts
Location
Australia
Posted 07 July 2012 - 05:23 PM
So easy to get around :P/>/>
lol
No I was just curious how this system works. Really interesting if I say so myself. It covers most of the viruses you can do with CC
Thanks!
445 posts
Posted 07 July 2012 - 06:04 PM
it doesn't cover if someone uses rawset to change a function from what i've seen :P/>/>
also seems you could write a new function and do
function myFunc() end
rs.setOutput = myFunc
or
rawset(rs,"setOutput", function() end )
One could also encode their functions as hex, decimal, binary or whatsoever and have the code generated and executed at runtime
Or one could use compiled lua + loadstring
etc
515 posts
Location
Australia
Posted 08 July 2012 - 10:48 AM
it doesn't cover if someone uses rawset to change a function from what i've seen :)/>/>
also seems you could write a new function and do
function myFunc() end
rs.setOutput = myFunc
or
rawset(rs,"setOutput", function() end )
One could also encode their functions as hex, decimal, binary or whatsoever and have the code generated and executed at runtime
Or one could use compiled lua + loadstring
etc
Well…. I'll add support for rawset and os.function = myfunction. But as for encoding code, I'll just wait until I see one and add it to the database XD
797 posts
Posted 14 July 2012 - 01:51 PM
i want to download this to test my virus but dont know how…can you upload the file pls?
515 posts
Location
Australia
Posted 15 July 2012 - 01:20 AM
i want to download this to test my virus but dont know how…can you upload the file pls?
sure,
http://pastebin.com/download.php?i=hLnnpXtZ
797 posts
Posted 15 July 2012 - 09:55 AM
it didnt work??? it says attempt to index (a nil value)
515 posts
Location
Australia
Posted 15 July 2012 - 04:48 PM
it didnt work??? it says attempt to index (a nil value)
You sure you have the HTTP API Enabled?
797 posts
Posted 15 July 2012 - 07:11 PM
how do you enable it? i dont think its enabled
515 posts
Location
Australia
Posted 16 July 2012 - 02:22 AM
how do you enable it? i dont think its enabled
Go to
.minecraft/config/ComputerCraft.cfg
And make sure enableHTTPAPI is set to 1
(or something like that)
I made some changes recently so you may have to re-download it.
8 posts
Posted 17 July 2012 - 04:36 AM
i have the same problem but i have httpapi enabled to 1
515 posts
Location
Australia
Posted 17 July 2012 - 06:10 AM
i have the same problem but i have httpapi enabled to 1
Telling me what line the error occurs would be helpful :P/>/>
Go to the lua prompt
(type lua into shell)
then type "http" (without the quotes) and hit enter
what does it return?
429 posts
Posted 14 December 2012 - 01:35 AM
Can i include this in Aurora OS (Sorry no question mark)
63 posts
Location
The Netherlands
Posted 14 December 2012 - 01:41 AM
To prevent errors, add at the top of the script:
if http == false then print("HTTP API required. Please change this in the config.") error() end
Might help you :P/>
1054 posts
Posted 14 December 2012 - 03:20 AM
To prevent errors, add at the top of the script:
if http == false then print("HTTP API required. Please change this in the config.") error() end
Might help you :P/>
Wouldn't you rather do:
if not http then error("HTTP API required. Please change this in the config.") end
I don't think http ever equals false, rather nil.
3790 posts
Location
Lincoln, Nebraska
Posted 14 December 2012 - 03:48 AM
I personally like it written like this.
if not http then print("HTTP API required. Please change this in the config.") return end
It looks cleaner, because you don't actually error out the console, you just exit the program.
515 posts
Location
Australia
Posted 14 December 2012 - 09:24 PM
Rickydaan I know how to prevent http errors XD its just that this program is WAYY out of date and out of development. And yes you can include this in your OS, though it'll probably be better to use the updated version at
http://www.computercraft.info/forums2/index.php?/topic/4678-rescue-disk-v10/page__p__36566#entry36566
15 posts
Posted 15 December 2012 - 07:52 AM
Oh well, i did something similar, but i didn't release it 'cause the NICE guys over at #computercraft discouraged me from this. >.> THANK YOU guys from #computercraft (jk)
150 posts
Posted 29 September 2013 - 01:40 PM
This is AMAZING i was looking for ways to make my own. how does the database define the CC viruses
150 posts
Posted 03 October 2013 - 10:06 PM
it does not work i is short a couple end and i can not put them in
it does not like it interesting code though i would like to know how
it works
515 posts
Location
Australia
Posted 04 October 2013 - 09:53 AM
it does not work i is short a couple end and i can not put them in
it does not like it interesting code though i would like to know how
it works
This is probably like my second ever released program… You wouldn't want to use this as an example to follow xD
8543 posts
Posted 04 October 2013 - 10:21 AM
Locked by request.