Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

F-PROT for DOS not scanning all files on NTFS drives

1 view
Skip to first unread message

Aloke Prasad

unread,
Dec 1, 2001, 7:45:46 AM12/1/01
to
Using F-PROT 3.11a with latest definitions (Nov 25, 01) on a Win2000 system
DOS prompt window, NTFS volumes, logged in with Administrator rights.

Search Local hard drives; /ARCHIVE /PACKED /COLLECT

The scan finishes in 50 seconds, having scanned only 2936 files which is way
too small a list. McAfee and Norton take 20 mins to 1/2 hrs to scan the
system.

For some reason, F-PROT is finishing the scanning way too soon. Any idea
why?

--
Thanks.

Aloke
---
To reply by e-mail,
Remove 123 and change invalid to com

Ron & Ree

unread,
Dec 1, 2001, 10:55:42 AM12/1/01
to
Under options does it say 'Do not scan subdirectories'?
If so, use the arrow keys to highlight it and the spacebar to toggle it to
'Scan subdirectories'. You might check the other options also and make sure
they are set to what you want.

Ron Williams

Art Kopp

unread,
Dec 1, 2001, 11:34:01 AM12/1/01
to
On Sat, 01 Dec 2001 12:45:46 GMT, "Aloke Prasad"
<apras...@columbus.rr.invalid> wrote:

>Using F-PROT 3.11a with latest definitions (Nov 25, 01) on a Win2000 system
>DOS prompt window, NTFS volumes, logged in with Administrator rights.
>
>Search Local hard drives; /ARCHIVE /PACKED /COLLECT
>
>The scan finishes in 50 seconds, having scanned only 2936 files which is way
>too small a list. McAfee and Norton take 20 mins to 1/2 hrs to scan the
>system.
>
>For some reason, F-PROT is finishing the scanning way too soon. Any idea
>why?

Try it adding the /dumb switch so it scans all files.

Art

Aloke Prasad

unread,
Dec 1, 2001, 11:57:50 AM12/1/01
to
Scan in subdirectories is enabled (I don't have 2936 files in the root
directory of C:\).

It checks part ways into one directory tree and then thinks that it is done.

Thus the puzzle.

--
Thanks.

Aloke
---
To reply by e-mail,
Remove 123 and change invalid to com

"Ron & Ree" <ron...@DELpacbell.net> wrote in message
news:247O7.332$3z3.51...@newssvr14.news.prodigy.com...

Dmitry O. Gryaznov

unread,
Dec 1, 2001, 5:50:23 PM12/1/01
to
Aloke Prasad wrote:
>
> Using F-PROT 3.11a with latest definitions (Nov 25, 01) on a Win2000 system
> DOS prompt window, NTFS volumes, logged in with Administrator rights.
>
> Search Local hard drives; /ARCHIVE /PACKED /COLLECT
>
> The scan finishes in 50 seconds, having scanned only 2936 files which is way
> too small a list. McAfee and Norton take 20 mins to 1/2 hrs to scan the
> system.
>
> For some reason, F-PROT is finishing the scanning way too soon. Any idea
> why?

It's a well-known problem with NTFS partitions and DOS-based programs.
Basically, it's an NT bug (or feature :)). Use a Win32 version of F-Prot
(and/or other AV) for NT and/or Win9x: in addition to solving that NTFS problem,
Win32 versions also support long filenames, long pathnames, etc.

Dmit

Art Kopp

unread,
Dec 1, 2001, 6:41:45 PM12/1/01
to

Win9x? I just ran an experiment on my Win 98 PC using F-Prot for DOS.
There are several subdirectories under c:\Program Files with 39
character directory names. I copied eicar.com to one of these and
renamed it to eicar67890123456789012345678901234567890.com
F-Prot had no problem detecting it.

So precisely what is the problem and the limitation of DOS scanners
when used in a Win 9X environment?

Art

Dmitry O. Gryaznov

unread,
Dec 2, 2001, 2:02:42 AM12/2/01
to

Well, the Win9x situation is different from the NTFS problem, of course,
and the potential problems with DOS scanners are not as serious.

By "long pathnames" I meant not the length of a path component
(a subdirectory name) - those, as well as filenames, are visible as 8.3 to
a DOS program - but the total maximum length of a pathname. The maximum
possible pathname under Win9x is much longer than that under DOS and not
all DOS-based programs would support the longer pathnames. Also, there
is a limit on how long a DOS command line may be (126 characters) and
if you want to scan a subdirectory or file whose pathname is longer than
that, it will be problematic with a DOS scanner.

Dmitry

Aloke Prasad

unread,
Dec 2, 2001, 7:35:16 AM12/2/01
to

"Dmitry O. Gryaznov" <gr...@dial.pipex.com> wrote in message
news:3C095E9E...@dial.pipex.com...

Ah! But Win32 F-Prot is not free :-)

I'm already paying for McAfee ver 6 and Norton 20001. I thought that the
free F-prot would be a good 3rd safety net.
Additionally, I use Zonealarm and Ad-Aware.

No point going overboard with security stuff, especially the non-free ones
.. :-)

Thanks for pointing out that this is a known bug with DOS programs under
NTFS file systems..

--

Lucius Chiaraviglio

unread,
Dec 5, 2001, 12:25:31 AM12/5/01
to
"Aloke Prasad" <apras...@columbus.rr.invalid> wrote:
>Using F-PROT 3.11a with latest definitions (Nov 25, 01) on a Win2000 system
>DOS prompt window, NTFS volumes, logged in with Administrator rights.
>
>Search Local hard drives; /ARCHIVE /PACKED /COLLECT
>
>The scan finishes in 50 seconds, having scanned only 2936 files which is way
>too small a list. McAfee and Norton take 20 mins to 1/2 hrs to scan the
>system.
>
>For some reason, F-PROT is finishing the scanning way too soon. Any idea
>why?

I have also seen this problem when scanning volumes under Windows
2000 (didn't seem to happen a couple of years ago on Windows NT 4.0, but this
might have changed for the worse). Nevertheless, a couple of workarounds are
possible. One workaround takes advantage of the fact that F-PROT actually can
read the files as long as you are not using an NTFS volume with 8.3 filename
generation turned off -- it just gets confused somehow. Thus, save its report
(make sure that you have it set to report all files scanned -- Option "List
all files scanned" in the pseudo-GUI or "/LIST" at the command line) to see
which files it missed. When it misses files, it misses whole subdirectory
trees, so it is only a moderate amount of work to tell it to scan those
subdirectory trees manually on a disk with ~4 Gbytes of stuff on it. Keep
repeating this process (a couple of times per Gbyte on the average, it seems)
until all files have been scanned. Inspect all of the reports together to
make sure it didn't miss anything. The other workaround is less work, but
requires more disk space (so I haven't tested it yet): use the XCOPY command
with the "/N" option to make a copy of everything with 8.3 names. Of course,
if you are not using NTFS (or if you have NTFS and NTFSDOS and actually trust
this to work), you could boot from a DOS/Win9x floppy to be really sure that
you scan everything.

--
Lucius Chiaraviglio
E-mail address is approximately: lucius1@telo_large_urban_area.com
To get the exact address: ^^^^^^^^^^^^^^^^^
Replace indicated characters with common 4-letter word meaning the same thing
and remove underscores (Spambots of Doom, take that!).

Aloke Prasad

unread,
Dec 5, 2001, 6:14:39 AM12/5/01
to

"Lucius Chiaraviglio" <lucius1@telo_large_urban_area.com> wrote in message
news:3c0dad1f...@news.telocity.com...

I am just glad to see that it was not just I who was affected by this :-)

Your ideas sound like too much work. In my case, F-Prot is quitting way too
early, and missing lots of subdirectory trees.

As F-prot was going to be 3rd line of defense (I use McAfee and Norton),
I'll just drop the whole F-prot idea.

Fridrik Skulason

unread,
Dec 5, 2001, 1:14:18 PM12/5/01
to
"Aloke Prasad" <apras...@columbus.rr.invalid> wrote:
>Using F-PROT 3.11a with latest definitions (Nov 25, 01) on a Win2000 system
>DOS prompt window, NTFS volumes, logged in with Administrator rights.
>
>Search Local hard drives; /ARCHIVE /PACKED /COLLECT
>
>The scan finishes in 50 seconds, having scanned only 2936 files which is way
>too small a list. McAfee and Norton take 20 mins to 1/2 hrs to scan the
>system.
>
>For some reason, F-PROT is finishing the scanning way too soon. Any idea
>why?

I guess you are using the DOS version of F-PROT, right?

The problem is that when you have a NT/2000 system with NTFS file system
where you have disabled short file name support (that is, the system does
not guarantee that every file has an equvalent 8.3 character file name),
DOS programs *may* have problems accessing files or directories. This
problem is not limited to F-PROT - other DOS programs may have a similar
problem.

Two solutions:

* Use the Windows version of F-PROT, not the DOS version.

* Don't disable the short file name support.

-frisk

--
Fridrik Skulason Frisk Software International phone: +354-5-617273
Author of F-PROT E-mail: fr...@complex.is fax: +354-5-617274

Aloke Prasad

unread,
Dec 6, 2001, 6:15:31 AM12/6/01
to

"Fridrik Skulason" <fr...@complex.is> wrote in message
news:9ulo5q$ome$1...@banani.complex.is...
> "Aloke Prasad" <apras...@columbus.rr.invalid> wrote:

> >For some reason, F-PROT is finishing the scanning way too soon. Any idea
> >why?
>
> I guess you are using the DOS version of F-PROT, right?

Correct.

> The problem is that when you have a NT/2000 system with NTFS file system
> where you have disabled short file name support (that is, the system does
> not guarantee that every file has an equvalent 8.3 character file name),
> DOS programs *may* have problems accessing files or directories. This
> problem is not limited to F-PROT - other DOS programs may have a similar
> problem.
>
> Two solutions:
>
> * Use the Windows version of F-PROT, not the DOS version.
>
> * Don't disable the short file name support.

How does one do that? Mine is a default installation (clean install) of
Win2000+SP2.
I don't remember disabling the 8.3 name support.

How do I enable it?

Aloke Prasad

unread,
Dec 6, 2001, 5:55:27 PM12/6/01
to

"Fridrik Skulason" <fr...@complex.is> wrote in message
news:9ulo5q$ome$1...@banani.complex.is...
> "Aloke Prasad" <apras...@columbus.rr.invalid> wrote:
> >Using F-PROT 3.11a with latest definitions (Nov 25, 01) on a Win2000
system
> >DOS prompt window, NTFS volumes, logged in with Administrator rights.
> >
> >Search Local hard drives; /ARCHIVE /PACKED /COLLECT
> >
> >The scan finishes in 50 seconds, having scanned only 2936 files which is
way
> >too small a list. McAfee and Norton take 20 mins to 1/2 hrs to scan the
> >system.
> >
> >For some reason, F-PROT is finishing the scanning way too soon. Any idea
> >why?
>
> I guess you are using the DOS version of F-PROT, right?
>
> The problem is that when you have a NT/2000 system with NTFS file system
> where you have disabled short file name support (that is, the system does
> not guarantee that every file has an equvalent 8.3 character file name),
> DOS programs *may* have problems accessing files or directories. This
> problem is not limited to F-PROT - other DOS programs may have a similar
> problem.
>
> Two solutions:
>
> * Use the Windows version of F-PROT, not the DOS version.
>
> * Don't disable the short file name support.

I looked up MSKB article

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q210638

By default, 8.3 file names are enabled. One has to toggle

HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreatio
n

from 0 (default) to 1 to disable 8.3 name genaration.

On my system, the 8.3 names are enabled.

So, we still don't know why F-PROT (DOS) is unable to funtion properly.

Fridrik Skulason

unread,
Dec 7, 2001, 7:50:58 AM12/7/01
to
In <zHSP7.39437$Y11.13...@typhoon.columbus.rr.com> "Aloke Prasad" <apras...@columbus.rr.invalid> writes:


>I looked up MSKB article

>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q210638

>By default, 8.3 file names are enabled. One has to toggle

>HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation

>from 0 (default) to 1 to disable 8.3 name genaration.

>On my system, the 8.3 names are enabled.

>So, we still don't know why F-PROT (DOS) is unable to funtion properly.

Now THAT Is strange. We have been able to reproduce the problem only
by disablung the short name support - I really wonder what is going on here.

Can you send me (directly, not to the newsgroup) the F-PROT report file and
the names of some directories it refuses to scan?

Lucius Chiaraviglio

unread,
Dec 13, 2001, 3:19:11 AM12/13/01
to
fr...@complex.is (Fridrik Skulason) wrote:
>In <zHSP7.39437$Y11.13...@typhoon.columbus.rr.com> "Aloke Prasad" <apras...@columbus.rr.invalid> writes:
>>I looked up MSKB article
>>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q210638
>>By default, 8.3 file names are enabled. One has to toggle
>>HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation
>>from 0 (default) to 1 to disable 8.3 name genaration.
>>On my system, the 8.3 names are enabled.
>>
>>So, we still don't know why F-PROT (DOS) is unable to funtion properly.
>
>Now THAT Is strange. We have been able to reproduce the problem only
>by disablung the short name support - I really wonder what is going on here.
>
>Can you send me (directly, not to the newsgroup) the F-PROT report file and
>the names of some directories it refuses to scan?

I don't have a report file any more, but I do have some additional
information: this problem occurs not only on NTFS volumes, but also on FAT32
volumes; however, it occurs on the latter ONLY when running under Windows 2000
(I know that it was at least SP1, but might have been SP2). FAT32 volumes are
scanned properly under Windows 95 DOS (at least in the limited testing I have
done).

Under Windows NT 4.0 SP6a, no problem* occurs with either FAT16 (don't
have the SysInternals FAT32 driver, so I can't test that) or NTFS. The number
of objects (including objects in compressed files) scanned under Win98-DOS (E:
volume: 2,283) and Windows NT 4.0 SP6a (E: volume: 2,284) is as close as one
can get considering that some programs (mainly Free Agent, NetScape, and
Internet Explorer) created and removed some files (my least disturbed volume
having at least 400 Mbytes of stuff in it is E:, so I report it instead of
everything). To see if anything would go wrong under NTFS, I converted my
(almost) empty F: volume to NTFS and copied everything on E: except
PAGEFILE.SYS and the Recycle Bin to it, and then scanned it with the same
settings (except for specification of what to scan), and got almost the same
result (2,283 objects).

(* Minor problem: F-PROT for DOS cannot display long file/directory names
other than those inside compressed files when run under Windows NT 4.0 or
Windows 2000, even though it can -- or at least used to be able to -- do so
under Windows 95/98. I don't have Windows 95/98 at home except for the boot
floppies, so I can't test this again.)

Test configuration at home: Micron Millennia XKU PII-266 with 64
Mibytes of RAM and a 4 Gbyte hard drive, running Windows NT 4.0 SP6a except
when booted from a Win98-DOS floppy. All volumes FAT16 except F: is NTFS.
F-PROT version is version for DOS supplied with Command AntiVirus 4.62.4 for
Windows NT, with F-PROT.EXE dated 2001-10-01, SIGN.DEF and SIGN2.DEF dated
2001-12-04, and MACRO.DEF dated 2001-11-30. F-PROT settings: Scan inside
archives; Scan compressed executables; Scan subdirectories; Scan a normal
system; List all scanned files; Beep when a virus is found; Use heuristics;
Report only; Standard file extensions*.

(* For a serious scan I would use Ignore document extensions, because it scans
many more files and takes only ~15% longer, but for the purpose of this test,
I needed consistency with my first scan under Win98-DOS.)

Windows 2000 is only at work and so are some horrible deadlines, so I
can't retest Windows 2000 to create a report file (or anything else under
Windows 2000) for you right now.

0 new messages