VEnd 0.67 beta (16-Jun-1993)
============================

(c) Jon Ribbens of DoggySoft, 1993



Licence
=======

This program may be freely distributed as long as you don't make any money
out of doing so, and as long as all the files are included and are unaltered.
If you alter it or try to make money out of it then you're probably breaking
the law (at least, that's the idea).

There is no warranty, express, implied or anything, that this program will do
anything at all, that it will work as described, that it won't do things that
are not described, or that it won't run off and sob quietly in a corner. I am
not liable for any loss or damage caused by use or misuse of this program.
I CAN tell you that it hasn't done anything wrong while I've been using it,
however.



This version
============

This version of VEnd is a beta-release - it will only be uploaded to Arcade
BBS, and I would prefer it if nobody else distributed it.

Unless any bugs are found in it, this will be the last beta release. The next
release will be the full version, which I'll send of to the magazines and
some PD libraries as well. This should be in about a fortnight (today is the
16th of June).



Installing VEnd
===============

VEnd uses my WimpExtension module, which is a public-domain module to do many
many things, including 3D borders, heap management, linked windows, etc. It
is in the !VEnd directory, but can optionally be located in the
!System.Modules directory, so if you don't have WimpExtension 2.17 or later
then you may like to copy it out of the !VEnd directory into the
!System.Modules directory. WimpExtension is free and can be used in your own
programs - the documents are downloadable from Arcade BBS.



Introduction
============

If you have ever caught a virus, and not had a virus killer to kill it, then
you will know how annoying viruses are. If you have ever caught a virus, and
had a virus killer to kill it, you will appreciate how useful a virus killer
can be.

Unfortunately, although things got off to a promising start, with at least as
many virus killers as viruses up to about a year/two years ago, nowadays the
only virus killer that is still up-to-date and at all worth using is Killer.

You see, what I think a virus killer should be like (unlike Killer) is that
it should take a small amount of memory, it should be unobtrusive, it should
be fast, and it should quietly and reliably mash into little pieces any
viruses it finds.

So, VEnd is my virus killer. It is designed to be as close as possible to my
idea of the 'ideal' virus killer as described above. It takes only 58k, it
loads very quickly, it doesn't slow the computer down, it scans very quickly,
it will remove viruses from memory and disc, and it's very user friendly
(well, it's friendly to me...)

VEnd has been carefully crafted to be as reliable as possible - it should be
extremely reliable (I hope). I have tried very hard to make it so that, no
matter what happens, it should carry on working properly. ie. it should cope
sensibly with unexpected errors, strange files, locked files, etc.



Support
=======

Although I can't provide 24-hour 'hotline' support - this IS a FREE program,
after all :-) - you can write to me at the address at the end of this
document, or you can send me electronic mail on Arcade BBS.

You can also phone me on (0494) 774293, although I'd prefer if you wrote
unless it's an emergency. Weekday evenings or weekends are best.



Dangerous viruses
=================

Most viruses for the Arc are relatively harmless - they just copy themselves
around and take up memory; some of them print silly messages. A few viruses,
however, are written by sick and perverted people who think it's funny to
destroy other peoples' data. If VEnd finds a copy of a dangerous virus on
your disc it would be a VERY good idea to immediately scan all your other
discs for the virus.

Of the viruses known to VEnd, the following are dangerous (ie. they can
destroy data):

  Parasite        T2

Please see the AVRD for more details.

The TrapHandler virus destroys the !Boot files of applications it infects.
I don't think this is deliberately malicious, however, merely a reflection of
the fact that the person who wrote it wasn't very good at programming.



Virus not known to VEnd
=======================

VEnd doesn't kill every single virus ever made. It certainly can't kill
viruses that have not yet been made. So, if you catch a virus that VEnd
doesn't know about, please send me a copy (on Arcade or by mail, but remember
to mark it 'Virus', and please remember to include the ENTIRE virus,
including any !Boot or other files it might have made). It is in your
interests to do this, because the more viruses VEnd kills, the safer your
machine is.

VEnd will only kill viruses it knows about - it is not feasible to remove
unknown viruses. The 'Protection' options can help to prevent you catching
viruses that VEnd doesn't know about, however - and then you can send me a
copy and VEnd will be updated to kill that virus.

One of the points made in defence of Killer by somebody was that when some
new viruses came out, Pineapple had a new version in the post in a couple of
weeks. Hopefully, I should be able to upload a new version of VEnd to kill
new viruses within a few days of me getting a copy of them - and you'll
receive it quicker, too, as you can download it almost immediately I upload
it.



Using VEnd for ... Defensive measures
=====================================

When VEnd is first loaded, it will remove any viruses it knows about from
memory (and warn you about them). While VEnd is in your machine, it will
prevent any viruses that it knows about from getting loaded, and warn you
about any that try. So, if you load VEnd in your boot sequence then you are
completely safe from all the viruses described in the accompanying file
"Viruses". Even if you have files already infected with the virus, the virus
won't be able to load itself - which means it can't crash your machine or
print silly messages, and it can't infect any more files.

When VEnd finds a virus in memory, it will beep immediately (a different beep
to the computer's usual error beep). When multitasking resumes, a window will
appear telling you what happened.

Note that VEnd won't necessarily entirely remove the virus from memory - it
may just render it harmless. Don't worry, it won't be able to mysteriously
resurrect itself.

If VEnd warns you about a virus being in memory, it is a very good idea to
scan the disc you were just using, and all your other discs, as described in
the next section, 'Aggressive measures'.

NB VEnd now WILL detect Icon2616 and ExtendV2 in memory, even if they were
-- loaded before VEnd. (As far as I know, VEnd is currently the ONLY virus
   killer that can do this :-) )

NB VEnd will only protect you from viruses if the VEnd Wimp task is active.
-- Basically, this means 'If the icon is on the iconbar.'



Protection
==========

VEnd supports 'Protection', which helps to prevent the spread of unknown
viruses (and can also help to stop you accidentally deleting files ;-) ).
Note that protection is for trying to prevent UNKNOWN viruses - known viruses
are removed from memory automatically by VEnd and cannot spread whether you
use the protection or not. The protection level is set in the options window.
There are four levels:

 0) No protection
      The protection is switched off - the computer acts as normal.
 1) Protect existing code files
      Programs will be prevented from altering the contents of existing
      program files (but not from saving over them). Program files are
      defined as files such as Absolute files, Obey files, etc.
 2) ... and prevent deletion
      Programs will be prevented from deleting files, as well as from
      altering the contents of existing program files.
 3) ... and all write operations
      Programs will be prevented from doing ANY write operations.

Remember that VEnd will stop legitimate programs from performing the actions
you disallow, as well as viruses - there is no way to tell the difference.
(Wait a hundred years or so for artifical intelligence...)

These operations apply equally to ALL filing systems - this means nearly all
output devices. eg. if you set maximum protection then you may find that you
are prevented from sending things to the printer, as the printer is treated
as a 'filing system' by RISC OS. You can get round this on RISC OS 3 by using
the 'only path' and 'except path' options (see below).

There are four other options:

  * Prevent DiscOp 2,4
      If enabled, then as well as the protection already specified, programs
      won't be allowed to write directly to disc using FileCore_DiscOp.
  * Except applications
      If enabled, then applications (BASIC programs and other programs in the
      range &8000-&1000000) WILL be allowed to write to disc, even if the
      protection is turned on.
  * Except ROM modules
      If enabled, then ROM modules (anything above &2000000) WILL be allowed
      to write to disc, even if the protection is turned on.
  * Report attempts
      If enabled, then VEnd will tell you when somebody tries to do something
      forbidden by the protection. This is because the program which tried to
      do it won't necessarily have reported the error.

On RISC OS 3, you can also specify which paths the protection is to apply to.
'All paths' means that the protection applies to all files, no matter where
they are stored. 'Only specified path(s)' means you can specify a list of
paths to be protected; the protection will only apply to files in those
directories (or a subdirectory of those directories). 'All except specified
path(s)' means all paths will be protected EXCEPT for the ones specified.
This can be useful, for example, if you keep all your work files in a
directory on your hard disc, and you don't want the protection to apply to
that directory. To specify more than one directory, separate them with
commas. eg. 'RAM:,adfs::IDEDisc4.$.Work'. Note you MUST use full pathnames
with discnames where appropriate. eg. 'adfs::4.$' won't work.

If you use the protection system, you will probably find that the first
protection level ('Protect existing code files') is the best - it allows
nearly all applications to work normally while preventing nearly all viruses
from infecting files.

If you unexpectedly get an error 'Operation disallowed by VEnd' when you
don't expect it - ie. something has unexpectedly tried to write to disc, then
you can open the Watcher window to see what exactly happened. If the
operation looks suspicious, you might like to do a CTRL-Reset to clear any
potential virus code out of memory.

NB Protection is turned off during a scan - otherwise VEnd would prevent
-- itself from killing viruses! It is also turned off while the options file
   is being saved.



The Watcher
===========

The Watcher keeps an eye on what's going on in your computer. It keeps a list
of the most recent events. It displays new tasks appearing, any write
operations to filing systems, and any file-loading operations.

If the VEnd's protection options prevent an operation then its entry in the
Watcher window will go red.



Using VEnd for ... Aggressive measures
======================================

One of the main features of VEnd is that you can ask it to check discs (and
other storage systems) for the presence of viruses, and remove any it finds.
You can start a scan in several ways:

  * By dragging the VEnd iconbar icon to a filer iconbar icon
    (to scan the root directory of that device)
  * By dragging the iconbar icon to a directory display
    (to scan that directory)
  * By dragging an archive, directory or file to the iconbar icon
    (to scan that archive, directory, or the directory containing that file)
  * By double-clicking on the iconbar icon and typing in the path to scan
    (to scan that path)
  * By single-clicking on the iconbar icon
    (to scan whatever you scanned last)
  * By selecting 'Last scan' from the iconbar menu
    (to scan whatever you scanned last)
  * By pressing CTRL-SHIFT-TAB with the pointer over a filer iconbar icon
    (to scan the root directory of that device)
  * By pressing CTRL-SHIFT-TAB with the pointer over a directory display
    (to scan that directory)
  * Another task can send it a message requesting a scan     \ See below
  * By using the OS command '*VEnd_StartScan'.               /

If you use any of these methods, then a window will appear saying
'OK to scan ...' with an 'Scan' button and a 'Cancel' button beside it. If
you click 'Cancel' (or press Escape) then VEnd will abort the scan, and if
you click 'Scan' (or press Return) then VEnd will start the scan.

Assuming you clicked 'Scan', a window will now appear in the centre of the
screen, with two VEnd icons at the bottom corners. This is the 'Status'
window. The top line tells you what's happening, the next line tells you what
directory VEnd is currently looking at, and the numbers below tell you how
many files and directories it has looked at already.

While VEnd is scanning, the bug on the iconbar will go blue and wiggle its
legs and antennae at you to indicate it's doing something.

You can click 'Abort' to abort the scan, or 'Pause' to pause temporarily. If
you click 'Pause' then the iconbar icon will go grey to indicate that VEnd is
paused. The 'Pause' button will change to 'Continue', and clicking on this
will restart the scan where you left off.

If VEnd finds a virus, it will stop multitasking and open a window telling
you what virus it has found and where. You are given four options:

  'Skip' (or Escape)
    This ignores the virus and continues with the scan.
  'Skip All'
    This ignores the virus and will also ignore all other viruses of the same
    type without further confirmation.
  'Kill' (or Return)
    This attempts to remove the virus.
  'Kill All'
    This attempts to remove the virus, and will also attempt to remove all
    other viruses of the same type without further confirmation.



Log files
=========

If you tell it to (in the options window), VEnd will save any logs that it
produces to disc. These are always saved in the <VEnd$LogDir> directory,
which is set up in the !Run file to be the !VEnd.Logs directory. You can
change this by editing the !Run file. The filename it uses is of the form
'ddmmmyy-xx' where dd is the date, mmm is the month, yy is the year, and xx
is a number which starts at 00 and counts up as you save more log files.

The log files always have the same general layout. The first couple of lines
tell you what you were scanning and when. Then follows a list of what
happened during the scan. Each line may start with a symbol to tell you how
important the information on that line is:
      *    Very important - eg. "Parasite    Detected xxx"          (RED)
      !    Quite important - eg. "Couldn't scan xxx"                (BLUE)

At the end of the log file is a message telling you why the scan ended. This
is usually "Scan completed" or "Scan aborted". Then there is a count of
virus infections found, listed by virus name, or "No viruses found" if VEnd
didn't find any infections.



Options
=======

By selecting 'Options' from the iconbar menu, or by clicking Adjust on the
iconbar icon, you can bring up the options window. The various options are,
from top to bottom:

Log options:

  * Show log window
      If enabled, then VEnd will display its log in a window as it scans. The
      log window will be opened when the first message appears in it. The log
      will be displayed colour-coded; GREEN means something safe (eg. virus
      killed), BLUE means something that could mean trouble (eg. couldn't
      scan a file), RED means something that definitely IS dangerous (eg.
      virus detected). The title of the log window will be 'VEnd log' if the
      log isn't saved to a file, or the leafname of the file if it is saved.
  * Save log file
      If enabled, then VEnd will save its log to a file in the directory
      <VEndLog$Dir>. By default, this is the !VEnd.Logs directory. The
      filename is 'ddmmmyy-xx' where dd is the date, mmm is the month, yy is
      the year, and xx is a number which starts at 00 and counts up as you
      save more log files.
  * Format file to <number> columns
      If enabled, then VEnd will word-wrap its log files to the specified
      number of columns. This means that they will look a lot more readable
      in a text editor. The absolute minimum value is 40 columns, although
      this would look really silly. A suggested value is 77 columns. Note
      this has no effect on the log window, only the log file.
  * Include error messages
      If VEnd cannot read a file, then normally the message 'Couldn't scan
      <file>' or similar is reported in the log. If this option is enabled
      then the message 'Due to: <reason>' will be included as well, on the
      next line.
  * Include suspicions
      If this option is enabled then VEnd will report in the log anything it
      finds suspicious - see 'Notes on Suspicions'.

Scan options:

  * Skip viruses/Kill viruses/Prompt user
      These icons allow you to tell VEnd what to do when it finds a virus.
      If 'Skip viruses' is chosen, then VEnd will not attempt to remove
      viruses from the disc, but will merely report them. 'Kill viruses'
      will try to remove all viruses found without any further confirmation.
      'Prompt user' will ask the user what to do if and when a virus is
      found.
  * Scan archives
      If enabled, then VEnd will use ArcFS (if loaded) to scan archives. VEnd
      cannot scan archives inside archives, but since these aren't useful,
      and ArcFS 2 doesn't allow these anyway, this shouldn't be a problem.
      VEnd can remove viruses from inside archives if you have a read/write
      version of ArcFS. ArcFS 2 (read-only) is available free from Arcade
      BBS, and many other bulletin boards and PD companies.
  * Slow and pointless
      Usually, VEnd will only scan certain types of files (eg. Sprite, Data)
      if they are referred to in an application's !Boot (or !Run) file. This
      is because it is not possible for these types of files to be infected
      by a virus unless they are referred to by the !Boot file. If you enable
      this option then these types of files will be scanned anyway. This
      makes scanning about 30% slower and is rather pointless - it's included
      for paranoid people (and James said I should put it in). Note that it's
      possible that VEnd will report the same virus twice if this option is
      on and you don't choose to kill the virus.
  * Report errors
      If VEnd cannot read a file, or fails to remove a virus from a file,
      then normally the message 'Couldn't scan xxx' or similar is reported in
      the log file, and VEnd will continue. If this option is enabled then as
      well as the message in the log file, VEnd will pause when it finds an
      error and display it on the screen. Scanning (and multitasking) will
      continue when the user clicks 'OK'. This option isn't particularly
      useful.

Default path options:

  * Default path
      This writeable icon allows you to enter the default scanning path. This
      is the path which will be scanned if you select 'Last scan' from the
      iconbar menu before doing any other scans. You will probably always
      leave this as 'adfs::0.$' but it's entirely up to you.
  * Use immediately
      If this option is on, then when you click on 'OK' or 'Save' in the
     options window, this path will be made the 'last' path, so if you
      select 'Last scan' from the menu then this is the path that will be
      scanned.

Miscellaneous options:

  * Hide options
      If this option is on, then the 'Options' menu item will be shaded and
      clicking Adjust on the iconbar has no effect - ie. the options are
      hidden. You can get at the options window by clicking ALT-Adjust on
      the iconbar icon. This option is so that if you have VEnd installed on,
      say, a school machine you can hide the options and other people can't
      change them.
  * Hide quit
      If this option is on, then the 'Quit' menu item will be shaded - ie.
      there is no way to quit VEnd. This option is so that if you have VEnd
      installed on, say, a school machine you can prevent other people from
      quitting VEnd.

Protection options:

      See the above section entitled "Protection".

The options are saved in the file '<VEnd$OptDir>.Options'. You can change
where this is by editing the !Run file. This might be useful if you have a
network, I suppose - it means you can run VEnd from a read-only device and
still be able to save the options.



WimpHelp
========

VEnd supports WimpHelp hypertext help. To get help on something in VEnd, put
the pointer over the window and press F1. You can also get detailed
information on viruses shown in the log window by double-clicking on them.
For example, if you see a line similar to:
  'ExtendV2        Detected      adfs::Fred.$.Nasty'
you can double-click on it to get information on the ExtendV2 virus - useful
if you don't know what sort of virus it is or whether it's dangerous or not. 

** WimpHelp is not available at the time of writing this manual (16-Jun-93).
   It will be available sometime later this year, as PD, from normal PD
   outlets (but Arcade BBS first...)



Notes on Suspicions
===================

If enabled in the options window, then VEnd will also report in the log file
any suspicious things it finds. This option is less paranoid than Killer's
Suspicious option, because the Killer (v1.390) one is rather pointless as it
is TOO suspicious (in my opinion). This means that Killer produces pages and
pages of things which it thinks could be viruses, so you have to wade through
hundreds of messages just in case one of them might be a virus - and 90% of
them couldn't possibly be a virus anyway. (At least, it's so incredibly
unlikely that you ought to worry more about your data being destroyed by a
giant mutant banana-creature from Chernobyl.)



Notes on compressed files
=========================

There are three different compressed filing systems for the Archimedes that I
have heard of. These are ArcFS, Compression, and SparkFS.

ArcFS, by Mark Smith, can automatically be used by VEnd to scan archives.
The read-only version is free and is available from Arcade BBS, as well as
other bulletin boards and PD companies. ArcFS 2 read/write is available
(commercially) from Software 42.

Compression, from Computer Concepts, is also supported by VEnd. To scan CFS
compressed files, make sure you use the CFS version of the filer. ie. drag
the VEnd icon to the CFS copy of the filer icon, or to a filer window saying
'CFS#scsi::HardDisc.$' rather than 'scsi::HardDisc.$'. Note that if you use
the drive name on the CFS icon then CFS will probably truncate it and
dragging the VEnd icon to that filer icon won't work. The solution is to use
the drive number on the CFS icon rather than the drive name (or to drag the
VEnd icon to the root directory viewer rather than the iconbar icon).

SparkFS I haven't seen, so I have no idea what it does or whether there is
anything I need to do to VEnd to make it support it...



Notes on Quitting
=================

The iconbar menu option 'Quit' has a submenu, which is a bit unusual. This is
due to the fact that clicking 'Quit' could mean the user wants to just kill
the task but not the module, or they might want to kill both the task and the
module. The submenu options are 'Temporary' and 'Permanent', which don't kill
and do kill the module, respectively. Selecting 'Quit' from the main menu is
the same as selecting 'Quit.Temporary'. The quit option can be disabled on
the options menu.



The 'time-bomb'
===============

Like many other virus killers, VEnd has a built-in 'time-bomb'. This means
that after a certain date, VEnd will give you a warning message whenever it
loads up. This is because if you are using an old version of VEnd then it is
very probable that there are several new viruses your copy doesn't known
about, and therefore you aren't protected from. The message just reminds you
that you ought to get a new copy.



Different versions of RISC OS (technical)
=============================

VEnd needs to know two things which have (as far as I know) no Acorn-approved
method of finding them out. The first is a list of Wimp tasks and the second
is the location of the vector chain.

VEnd needs to be able to get a list of currently active Wimp tasks to be able
to remove some types of virus from memory. Unfortunately, before RISC OS 3.0,
there is no reliable method of doing this. VEnd will therefore assume that if
your WindowManager module returns a version number less than 3.00, then the
TaskManager module's workspace is set out in a certain way. If your
WindowManager returns a version number greater than or equal to 3.00, then
VEnd will use the SWI TaskManager_EnumerateTasks. All this means that VEnd
should work perfectly on RISC OS 2.00, and all versions after and including
3.00, but versions in-between MIGHT be incompatible.

VEnd needs to know the location of the Vector Chain to be able to remove some
types of virus from memory. Unfortunately, Acorn have provided no way of
finding this out. The locations for different versions of RISC OS are stored
in the !Run file. I have included the values for all the major releases,
which are RISC OS 2.00, 3.00 and 3.10. (3.00 and 3.10 use the same address.)

If VEnd complains that it thinks the Vector Chain is incorrect and you have
a version of RISC OS that the !Run file doesn't know about (eg. 2.01, 2.54,
etc.) then try using FindChain to find it out:

Run 'FindChain'. You can't run FindChain with VEnd loaded as VEnd claims the
SWI vector. If FindChain says 'Failed' then you'll have to work out the
address yourself with a disassembler (Diss!). If it tells you the address of
the vector chain at the bottom of the screen then this is PROBABLY the right
address. Try including it in the !Run file.

To insert the address into the !Run file, first you need to know what version
of RISC OS you're using. I'm checking this by using the version number of the
UtilityModule module, so type '*Help UtilityModule' to find this out. Then
you'll have to insert the address and version number into the file - it
should be fairly obvious how to do this.

If the value is zero, then VEnd will simply not try to remove viruses for
which it needs to know the address of the vector chain. Note that this only
applies to ones which are in memory - it can still remove them perfectly well
from disc.

VEnd has been tested and found to work with RISC OS 2.00, 3.00 and 3.10.



Automatic methods of scanning (semi-technical)
=============================

VEnd provides two automatic methods of scanning. You can either send a
message from another Wimp task, or you can use the OS command,
'VEnd_StartScan'.

The syntax of the OS command is:

  *VEnd_StartScan [<options>] <path>

The options are: (defaults in {} brackets)
  -arcfs       Scan archives using ArcFS         {off}
  -close       Close status window after scan    {off}
  -errors      Report errors in log              {off}
  -kill        Kill viruses                      {off} *
  -load        Just load VEnd                    {off}
  -log         Show log window                   {off}
  -prompt      Prompt user if virus found        {off} *
  -quit        Quit VEnd after scanning          {off}
  -report      Report errors                     {off}
  -save        Save log to disc                  {off}
  -skip        Skip viruses                      {on}  *
  -slow        Slow and pointless scanning       {off}
  -suspicious  Include suspicions in log file    {off}
  -wait        Wait for VEnd to finish scanning  {off}

Options marked * are mutually exclusive and the result is undefined if more
than one of them are specified. The options are scanned used OS_ReadArgs so
all the usual rules of this SWI apply.

The command will return immediately (unless -wait is specified), setting a
flag to tell VEnd to start scanning when it receives the next null event. The
command will produce an error if VEnd is already scanning, or if VEnd is
waiting to perform a scan.

VEnd sets up aliases so that the VEnd module will be loaded and/or started up
if VEnd isn't loaded or active when you issue *VEnd_StartScan. (So DON'T use
*%VEnd_StartScan (with the percent) - it won't always work.)

If -wait is specified then the command won't return until VEnd finishes
scanning (or someone clicks 'Abort' or quits VEnd).

There is also another command, '*VEnd_Prompt'. This is described in the file
'Scripts'.

You can make script files from Obey files by using this command. You can also
have automatic timed scans by using the 'Task alarms' feature of Rough Time
or Alarm. See the file 'Scripts' for more information.


To start a scan from another Wimp task, using a message, the structure of the
message block is as follows:

  R1+16 = &45785 (VEnd_StartScan)
  R1+20 = Flags:
            Bit(s)     Meaning
            0          Scan archives using ArcFS if set
            1          Save log to disc if set
            2-3         00 = Skip viruses
                        01 = Kill viruses
                        10 = Prompt user if virus found
                        11 = UNDEFINED
            4          Slow and pointless if set
            5          Report errors if set
            6          Show log window if set
            7          Include error messages in log file if set
            8          Reserved; MUST BE 0
            9          Include suspicions in log file if set
            10-29      Reserved; MUST BE 0
            30         Close status window after scanning if set
            31         Quit VEnd after scanning if set
  R1+24 = Path to scan (control terminated)

The message will be acknowledged and scanning started unless one of the
following is true:
  * VEnd is not loaded
  * VEnd is not active
  * VEnd is already waiting to scan
  * VEnd is already scanning



Vaguely interesting but pointless technical notes
=================================================

To increase scanning speed, VEnd performs several checks on files to see if
they are infected with each virus. First there is a very quick check which
will definitely rule out the file being infected if it fails, but which could
indicate ordinary files as being infected. For some viruses, there is then
an intermediate check which is slightly slower and slightly more reliable.
Finally, VEnd will CRC a large portion of the file (if not all of it) to make
ABSOLUTELY sure that it IS indeed the virus. The upshot of all this is that
99.9% of the time, if the file is not infected then VEnd will decide that it
isn't very quickly, and it should NEVER decide that an ordinary file is in
fact a virus.

From version 0.35, VEnd sets up Alias variables so that *VEnd_StartScan will
work correctly even if VEnd isn't running or even loaded. Due to the way this
works, you may see VERY briefly a task 'VEnd_Loader' appear and disappear as
VEnd loads. You may also notice a task 'VEnd_Wait' appear during scans which
are started by VEnd_StartScan with the -wait flag specified.

From version 0.42, VEnd claims the SWI hardware vector. This is so that it
can detect the T2 virus loading, and it may also be needed for other viruses
in the future. VEnd tries to keep the overhead time to an absolute minimum on
this. From version 0.44, VEnd also has a 'slow' SWI claiming routine which is
used if somebody else has already claimed the vector (the fast routine can't
always be used in this case...)

From version 0.44, VEnd is supplied squeezed. This means the main VEnd
program takes up less room on the disc. It also means that its filetype is
now 'Absolute' even though it's still a module. When it is run, it is
decompressed and then initialised as a module as normal.

From version 0.48, you may notice that the VEnd$Dir variable is not set by
the !Run file. This is because it is set by VEnd itself. The reason for this
is so that if you have one copy of VEnd loaded, and then you try to load a
different copy from somewhere else, the VEnd$Dir variable won't be changed.

From version 0.51, VEnd uses the 'get canonicalised filename' feature of
RISC OS 3 to transform the scan path, so on RISC OS 3 machines if you try to,
for example, scan 'adfs::0.$' then the disc name will be read and the path
changed to 'adfs::<discname>.$'.

From version 0.55, VEnd intercepts the OS_Module call rather than the RMLoad
and RMRun OS commands. This method has fewer loopholes and also means that
VEnd won't conflict with Pineapple's VProtect module (although it is still
recommended that you don't use that at the same time as VEnd).



Plugs
=====

Buy "The Hacker", only 5 from DoggySoft. A wonderful games-hacking utility,
that makes it incredibly easy to make your own cheats for games - infinite
lives, extra time, whatever you like. You just press Alt-Alt while in the
game, and The Hacker pops up to allow you to poke around! Many features are
provided to help with making cheats. You can then return back to the game,
exactly where you left off...

Buy "Diss", coming soon from DoggySoft. Incredible value at only 10. The
BEST desktop disassembler for the Archimedes, it has FAR too many features to
list them all here, but they include:
  * multiple files
  * multiple views
  * FAST disassembly
  * Add labels to the code - so instead of:
      B       &38271738
    you get:
      B       mouse_click
  * Automatic labels generation for:
      module entry points, SharedCLibrary functions, ABCLib functions,
      BASIC assembler programs, LINKed programs
  * Automatic un-squeezing of squeezed files
  * Simple built-in assembler for editing programs
  * Search code to produce list of addresses
      Search for SWIs, instructions, values, references, etc.
  * Source code generator
etc. etc. etc... This product is indispensable for the serious programmer.

Also, look out for DoggySoft public-domain products, such as:
  WimpExtension  Desktop programming module (as used in VEnd)
  Rough Time     Excellent clock utility, with alarms
  HourMake       Make your own custom hourglass
  FileExtras     Useful file utilities
  PalettePlus    Excellent replacement palette utility and mode selector



Thanks
======

Thanks to David Cox for getting me copies of most of the viruses killed by
VEnd 0.31.

Thanks to James Ponder for uploading things to BBSes, and generally saying
things loudly in a sarcastic tone of voice ;-)

Thanks to Storm-Eye for giving me a copy of ExtendV2, and Icon-2616.

Thanks to Mark Williams for giving me a copy of Parasite.

Thanks to Bigbaddom for giving me a copy of T2.

Thanks to Matthew Israelsohn for giving me copies of NetStatus, TrapHandler,
Archie and Link viruses.

Thanks to Mephistopheles Q. Clover for being called Oliver.

Thanks to Ben Dooks for being the thinnest person around. (And I mean ROUND.)

Thanks to the authors of RISC OS for being so bloody annoying.

Thanks to Tim Browse for giving me somebody to 'argue' with.

Thanks to David Fulton for not eating any crisps at all, honest, and also
being soooo utterly good at programming.



Address
=======

Any comments, viruses, money, information, money, viruses, etc. to me at:

               Jon Ribbens
               39 Nutkins Way
               Chesham
               Bucks.
               HP5 2BE

or to me on Arcade. This may take a few days as I don't have a modem myself
but James does...
