From: Ellen K. 

That was really a very good idea BTW.

On Mon, 30 Jun 2003 10:06:28 +0100, Chris Robinson
 wrote in message
:

>That worked a treat - thanks John ;o)
>
>I see what you mean about enabling Guest accounts etc... but this isn't a
>typical honeypot.  This isn't a PC connected directly to the Internet (it's on
>our LAN) and I'm using only to see if we get any Virus's that propogate to
>Network shares onsite.  We recently had a couple of PC's that ran open shares
>and they kept getting files put there by a virus.  We've since had these
>changed to use a password protected share.  I just wanted to set something up
>with an open share so I know if anything like this happens again.
>
>Thanks again,
>Chris.
>
>John Beckett wrote:
>
>> Chris Robinson  wrote in message
>> news::
>> > IF %ERRORLEVEL% EQU 1 goto _POSSVIRUS
>>
>> I think your problem is that fc does not set errorlevel under NT4 (fc does
>> set errorlevel under W2k). A trick follows. I haven't checked this much.
>>
>> BTW it is confused to say:
>> IF ERRORLEVEL 0 GOTO _NOVIRUS
>> because "if errorlevel 0" is always true.
>>
>> ---begin---
>> dir c:\testdir > testdir-current.txt
>> rem Put following two lines on ONE LINE.
>> fc /L c:\testdir-clean.txt c:\testdir-current.txt |
>>    find "FC: no differences encountered"
>> if errorlevel 1 goto IsDif
>>
>> echo No differences found.
>> goto :eof
>>
>> :IsDif
>> echo Differences found.
>> goto :eof
>> ---end---
>>
>> For the test to be helpful, your NT4 computer needs Guest enabled with a
>> blank password, or Administrator with a blank password, or other hideous
>> stuff. I think you are supposed to install Snort instead of a
>> make-your-own honeypot.
>>
>> John

--- BBBS/NT v4.01 Flag-4