From: Chris Robinson 

That worked a treat - thanks John ;o)

I see what you mean about enabling Guest accounts etc... but this isn't a
typical honeypot.  This isn't a PC connected directly to the Internet (it's
on our LAN) and I'm using only to see if we get any Virus's that propogate
to Network shares onsite.  We recently had a couple of PC's that ran open
shares and they kept getting files put there by a virus.  We've since had
these changed to use a password protected share.  I just wanted to set
something up with an open share so I know if anything like this happens
again.

Thanks again,
Chris.

John Beckett wrote:

> Chris Robinson  wrote in message
> news::
> > IF %ERRORLEVEL% EQU 1 goto _POSSVIRUS
>
> I think your problem is that fc does not set errorlevel under NT4 (fc does
> set errorlevel under W2k). A trick follows. I haven't checked this much.
>
> BTW it is confused to say:
> IF ERRORLEVEL 0 GOTO _NOVIRUS
> because "if errorlevel 0" is always true.
>
> ---begin---
> dir c:\testdir > testdir-current.txt
> rem Put following two lines on ONE LINE.
> fc /L c:\testdir-clean.txt c:\testdir-current.txt |
>    find "FC: no differences encountered"
> if errorlevel 1 goto IsDif
>
> echo No differences found.
> goto :eof
>
> :IsDif
> echo Differences found.
> goto :eof
> ---end---
>
> For the test to be helpful, your NT4 computer needs Guest enabled with a
> blank password, or Administrator with a blank password, or other hideous
> stuff. I think you are supposed to install Snort instead of a
> make-your-own honeypot.
>
> John

--- BBBS/NT v4.01 Flag-4