Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Autocad DWG & Viruses

115 views
Skip to first unread message

Richard Devereux

unread,
Feb 26, 1999, 3:00:00 AM2/26/99
to
Can an Autocad DWG of any release carry any type of
virus's? We have a customer who believes that a virus they
found one of their systems could have only come from a
drawing.

Does anyone have any comment?

Thanks

Richard.


Jon Fleming

unread,
Feb 26, 1999, 3:00:00 AM2/26/99
to
In article <36D645E9...@uq.net.au>, Richard Devereux wrote:
> Can an Autocad DWG of any release carry any type of
> virus's? We have a customer who believes that a virus they
> found one of their systems could have only come from a
> drawing.

No. An AutoCAD DWG is data. AutoCAD reads and interprets that data. If
the data does not mean anything to AutoCAD, it gives up. If the data does
mean something to AutoCAD, it draws lines on the screen. That's all.
There are no viruses that are distributed as data.

Note that Word and Excel files are (or can be) a mixture of data and
program code. Word and Excel file viruses are distributed in the code
portion.

jrf


Mark McDonough

unread,
Feb 26, 1999, 3:00:00 AM2/26/99
to
I've seen the AutoCAD acad.exe itself become infected with a virus (anti-exe
virus) in the days before we had a comprehensive antivirus program in place.
In my exeperience, most viruses seem to be the type that attack the boot
sector or are memory resident types. I have received diskettes, that when
virus checked with McAfee, reported having all of the files infected with
one or more viruses, including drawing files.

Mark McDonough
mmcdo...@sasaki.com


Richard Devereux wrote in message <36D645E9...@uq.net.au>...


>Can an Autocad DWG of any release carry any type of
>virus's? We have a customer who believes that a virus they
>found one of their systems could have only come from a
>drawing.
>

Darko Bogdan

unread,
Feb 27, 1999, 3:00:00 AM2/27/99
to
My customer had a simmilar idea. He claimed that he was exchanging only disks
with AutoCAD drawings, but when I explained to him (right on his computer)
that he has "A,C,..." boot sequence turned on in his BIOS, and that he is
forgetting his disks in floppy drive all the time (obviously some of them with
boot viruses)... My recipe: as soon as "birth troubles" with my new computer
stops, I am changing booting sequence into "C,A,...", stopping my computer to
suck viruses on hard disk from floppy...

Darko Bogdan

Jon Fleming wrote:

> In article <36D645E9...@uq.net.au>, Richard Devereux wrote:

> > Can an Autocad DWG of any release carry any type of
> > virus's? We have a customer who believes that a virus they
> > found one of their systems could have only come from a
> > drawing.
>

Alex Januszkiewicz

unread,
Feb 27, 1999, 3:00:00 AM2/27/99
to

I don't quite agree with Jon.
DWG cannot contain virus that spreads to other type of files. However certain data can spread and multiply very much like a virus in AutoCAD environment (with AutoCAD loaded), contaminating thousands of drawings on the system, bloating them into tens of megabytes. Another possibility would be messed up ObjectARX application that is demand loaded by custom ARX object. This, in concert with object data could spread, multiply and also do to the system whatever executable can do (ARX is windows DLL).

For an example of junk data virus visit http://www.cal.shaw.wave.ca/~intelcad

Alex Januszkiewicz
alexj.i...@shaw.wave.ca


Jon Fleming <jo...@fleming-group.com> wrote in article <VA.0000077...@main.fleming-group.com>...

Jon Fleming

unread,
Feb 27, 1999, 3:00:00 AM2/27/99
to
In article <01be61ee$24bc3f20$0c021fac@pc667>, Alex Januszkiewicz wrote:
> However certain data can spread and multiply very much like a virus in
> AutoCAD environment (with AutoCAD loaded), contaminating thousands of
> drawings on the system, bloating them into tens of megabytes.

I'm not sure I agree with that ... can you give an example that does _not_
involve the user explicitly copying or inserting?

> Another
> possibility would be messed up ObjectARX application that is demand
> loaded by custom ARX object. This, in concert with object data could
> spread, multiply and also do to the system whatever executable can do
> (ARX is windows DLL)

True, but I would say the DWG does not contain a virus; it contains a
virus trigger, harmless in itself. The executable code in the ARX is the
virus. You can safely load the DWG on any system that does not have the
ARX and no harm will be done.

jrf

Jon Fleming

unread,
Feb 27, 1999, 3:00:00 AM2/27/99
to
In article <7b7mj1$ko...@adesknews2.autodesk.com>, Mark McDonough wrote:
> I have received diskettes, that when
> virus checked with McAfee, reported having all of the files infected with
> one or more viruses, including drawing files

There is a thing called a "false trigger". Virus scanners look for (among
other things) certain patterns. The presence of a virus pattern in a file
indicates but does not prove contamination. The pattern can arise by
chance.

Since a DWG file is not executable, and cannot contain executable code, the
presence of a virus pattern is a false trigger.

Of course, a DWG file can contain a _reference_ to executable code. I
would argue that the executable code to which it refers can be a virus but
the DWG still does not contain a virus. Opening the drawing, _without_ the
executable code available, is harmless.

jrf


Stephen S

unread,
Feb 27, 1999, 3:00:00 AM2/27/99
to
Like Darko Bogdan said in his post, I would suspect the
disk the file was delivered on not the DWG file itself.
It would be difficult to tell when the virus had infected
the disk. It might have been long before the DWG file
was written to it.

------------------------------------------------
Stephen Steinhauer
CAD Operator
ste...@creekelectric.com
Creek Electric Inc.
------------------------------------------------

Richard Devereux wrote in message <36D645E9...@uq.net.au>...

>Can an Autocad DWG of any release carry any type of
>virus's? We have a customer who believes that a virus they
>found one of their systems could have only come from a
>drawing.
>

Alex Januszkiewicz

unread,
Feb 28, 1999, 3:00:00 AM2/28/99
to
Jon Fleming <jo...@fleming-group.com> wrote in article
<VA.0000078...@main.fleming-group.com>...

> I'm not sure I agree with that ... can you give an example that does
_not_
> involve the user explicitly copying or inserting?

If the R14 drawing references another drawing that contains in a RegApp
table invalid entry with name "*", every time you open that drawing new "*"
RegApp anttries are added to it. No copying or inserting. The drawing will
start sucking junk RegApps as soon as they contaminate xref. It bloats
small drawings into megabytes. It's not a virus in classical definition,
but it spreads through CADD system through xrefs and multiplies like hell,
causing lot's of expensive damage as each drawing is usually worth few
thousands dollars. I cleaned the system that contained >700 corrupted
drawings and if not stopped, eventually all 12000 drawings on the project
would get messed up.

> True, but I would say the DWG does not contain a virus; it contains a
> virus trigger, harmless in itself. The executable code in the ARX is the

> virus. You can safely load the DWG on any system that does not have the
> ARX and no harm will be done.

Agree with that.

Alex Januszkiewicz
http://www.cal.shaw.wave.ca/~intelcad
alexj.i...@shaw.wave.ca


0 new messages