How VirusBuster sorts his virii collection ------------------------------------------ In this article i'll explain a question that many people asked me: how i sort my virii collection. I store my collection in HD and i make all processes over there. You will ask: isn't dangerous? My answer is "no, if you take care". The most important thing is make backups. Don't come later crying and saying you lost your collection. The best solution is a CD burner and make backups in CD. How do i process the collection to sort it? I use a batch file that processes automatically the collection. So, i only sit down and wait. On my old 486 33MHz i used to sit and wait up to +6 hours. Then it's better if you get a fast computer. ;) I'll show how the BAT file looks like and i'll comment it. --- x --- x --- x --- x --- x --- x --- x --- x --- x --- x--- x --- x --- C: CD \ MD BACKUP CD BACKUP MD VIRUS CD VIRUS DEL *.ZIP XCOPY C:\CDVIR\VIRII\*.* I change to C:\BACKUP\VIRUS and i copy the virii ZIPs from C:\CDVIR\VIRII (the directory where i have my collection) Why do i do this? Because maybe we have a crash meanwhile we are processing the collection and it's better if we have stored our collection in two different places in HD. If you don't like have compressed your collection in ZIP files, you will not need to decompress/sort/compress files. CD \ MD C:\M MD C:\M\NOSEND MD C:\M\AD MD C:\M\EG MD C:\M\HN MD C:\M\OR MD C:\M\SU MD C:\M\VZ I make the directories where i'm going to decompress the virii from the ZIP files. CD \M\NOSEND PKUNZIP C:\CDVIR\VIRII\NOSEND.ZIP CD \M\AD PKUNZIP C:\CDVIR\VIRII\VIRII-AG.ZIP A*.* B*.* C*.* D*.* CD \M\EG PKUNZIP C:\CDVIR\VIRII\VIRII-AG.ZIP E*.* F*.* G*.* CD \M\HN PKUNZIP C:\CDVIR\VIRII\VIRII-HN.ZIP CD \M\OR PKUNZIP C:\CDVIR\VIRII\VIRII-OU.ZIP O*.* P*.* Q*.* R*.* CD \M\SU PKUNZIP C:\CDVIR\VIRII\VIRII-OU.ZIP S*.* T*.* U*.* CD \M\VZ PKUNZIP C:\CDVIR\VIRII\VIRII-VZ.ZIP I decompress the virii from the ZIP files. Meanwhile you have a few virii (less than 4000) you can store all files in one unique ZIP file. Don't store more than 4000 virii in one ZIP file and directory. It will slow down the process. CD \M OD NE /S OD is an utility to sort directories. So, later in the logs and in ZIP files, the virii will be sorted by name. CD \CDVIR\VIRII DEL *.ZIP PKZIP -EX NOSEND C:\M\NOSEND\*.* PKZIP -EX VIRII-AG C:\M\AD\*.* PKZIP -EX VIRII-AG C:\M\EG\*.* PKZIP -EX VIRII-HN C:\M\HN\*.* PKZIP -EX VIRII-OU C:\M\OR\*.* PKZIP -EX VIRII-OU C:\M\SU\*.* PKZIP -EX VIRII-VZ C:\M\VZ\*.* I store the sorted files in ZIPs again. CD \CDVIR\UTILITIE\TBWEEDER TBWEEDER C:\M /ADD /DEL /LOG TBWEEDER is an utility to delete duplicate files. Here we make a database with the virii in our collection. So later, we can delete duplicated virii without have to scan them, saving time. CD \CDVIR\LOGS DEL *.LOG C:\CDVIR\ANTIVIR\F-PROT\F-PROT C:\M /DUMB /ARCHIVE /PACKED /NOMEM /COLLECT /REPORT=F-PROT.LOG C:\CDVIR\ANTIVIR\AVP\AVPDOS32 /S /Y /* /M /B /P /V /W=AVP.LOG C:\M I store my log files at C:\CDVIR\LOGS. I go to C:\CDVIR\LOGS and i run the antivirus in order to make the log files. CD \CDVIR\UTILITIE\VS2000 DEL *.DAT COPY C:\CDVIR\LOGS\*.* VS2000 -B F-PROT.LOG AVP.LOG DEL *.LOG VS2000 is an utility to make a database of the virii in our collection using log files. I move the logs to C:\CDVIR\UTILITIE\VS2000 that it's the place where i store VS2000's files and i make the DAT files. Note: Read VS2000's help in order to know what the parameters mean. CD \ DELTREE M /Y MD M CD M CLS I delete the directory where the virii were allocated and that's all, folks! With a few utilities and using a simple batch file you will only have to type SORT.BAT at prompt to get your collection sorted, make new log files, ... simple but effective. ;-) Final notes: + TBWEEDER is a 16 bit file weeder. It's more slow than other tools as VWEEDER, by Poltergeist. Then i suggest you to try other file weeders. + I use PKZIP, the 16 bit version. It means i'm not able to store large file names. If you want LFN, you should use PKZIP25, the 32 bit version. + I only use AVP and F-Prot to trade. You can use other antivirus. VS2000 has support for many antivirus.