So, I was in need of using something like a pointer in a batch script, and I wondered if it were possible. So I invented this little script to demonstrate a cmd variable usage that resembles using pointers, or what is fun to say, variable variables. I’m not sure if it works using the command.com interpreter, but it does work with cmd.exe. Let me know what you think. I named the script varvarbinks.cmd
:: setting up the pointer's value
:: set the value of what pntClient points to
:: output what %%pntClient%% would equal since %%pntClient%%
:: does not work to a temp file
for /f %%a in ('echo %pntClient%') do set %%a>%temp%varvar.tmp
:: splits the variable and value up
for /f "tokens=1,* delims==" %%a in (%temp%varvar.tmp) do (
:: clean up the temp file
erase /F /Q %temp%varvar.tmp
echo The value of %pntClient% is %valofvar%
I wish I could get away with not using a temp file, but I haven’t figured out a way to do that yet. When you run, just run varvarbinks.cmd name-of-variable
and it will show you that the name-of-variable is true.
So, all of a sudden, AVG Network Edition (version 9.0.851 Virus DB 271.1.1/305) started to call a certain VBS file an “Archive Bomb”.
For any of you who do not know what an Archive Bomb is, it is basically an archive file (zip or rar, for example) that when decompressed, it takes up a LOT more space than the original file. This could be done by zipping a large file that is filled with all binary zeroes or ones. Another type of archive bomb is zipping a zip file, and then keep zipping the resulting file until when you try to decompress it, it will keep going until the last one. Both of these methods are designed to significantly hinder a computer when trying to decompress it. So, now after that background information, here is the script that AVG saw as an archive bomb:
ForReading = 1
ForAppending = 8
Set objFso = CreateObject("Scripting.FileSystemObject")
Set txtadd = objFso.OpenTextFile("k:\script\email\email.txt", ForReading)
Set filetxt = objFso.OpenTextFile("k:\script\notify\keybank.txt", ForAppending)
Do Until txtadd.AtEndOfStream = True
str = txtadd.Readline
That is it… no compression techniques used at all. We have been playing with the file, changing some of the basic structure of the script, re-typing the script into another file, etc… anyone have any theories as to why this would be detected as an Archive Bomb?
The big problem about this was when AVG found this file and thought it was a virus, it completely stopped processing everything on one of our main server machines that AVG was running on.
So, I believe this is one more reason not to use such anti-virus tools. The best one I’ve seen that doesn’t give such obvious false positives is Windows Security Essentials, it also doesn’t seem to stop any processes when files are found. But, of course, nothing beats the best anti-virus there is, the human brain.