// vim:set encoding=utf8 lineEnding=dos grammar=asciidoc tabLength=2 useSoftTabs:

:author: ROSE SWE, Ralph Roth
:doctype: book
:data-uri:
:icons: font
:icon-set: pf
:lang: en
:toc: on
//:sectnums:


= RHBVS: ROSE SWE's Heuristic Based Virus Scanner

  $Id: rhbvs.txt,v 1.156 2025/10/14 10:14:18 ralph Exp $
  Format: UTF8/ISO-8859-15, Windows CR/LF, English (UK), Written in ASCII-DOC

            __________  ___ _________________   _____________
            \______   \/   |   \______   \   \ /   /   _____/
             |       _/    ~    \    |  _/\   Y   /\_____  \
             |    |   \    Y    /    |   \ \     / /        \
             |____|_  /\___|_  /|______  /  \___/ /_______  /
                    \/       \/        \/                 \/  (c)  by ROSE SWE

TIP: Behavior-based detection (also called "dynamic detection")


RHBVS, short for "ROSE SWE Heuristic-based Virus Scanner," is an anti-virus
software that employs heuristics to detect malware. Heuristics are
problem-solving strategies that rely on practical experience and general rules to
find solutions. In the context of antivirus software, heuristics are utilized to
identify malware by analyzing its behavior or characteristics, rather than
relying solely on a database of known malware signatures.

The ROSE SWE heuristic-based virus scanner functions by scrutinizing the behavior
of a program or file and comparing it against a collection of heuristics
specifically designed to identify common patterns of malicious behavior. If the
program or file exhibits behavior that aligns with one or more of these
heuristics, it is flagged as potentially malicious.

Heuristic-based anti-virus software proves effective in detecting new or
unidentified threats that have yet to be included in the database of known
malware signatures. However, since heuristics are based on general rules, they
can occasionally produce false positives, erroneously flagging benign programs or
files as malicious.

To ensure robust protection against malware, it is crucial to utilize a
comprehensive antivirus solution that incorporates multiple layers of defense,
including signature-based detection, heuristics-based detection, and
behavior-based detection. This multifaceted approach enhances the overall
security posture and minimizes the risk of both known and emerging threats.

== Introducing RHBVS

RHBVS is a DOS virus scanner for DOS file and hybrid viruses using heuristic
scanning technologies and also signature-based detection! This means that RHBVS
does not need to be regularly updated like a normal virus scanner. RHBVS also
uses an intelligent code analyser. Detection modules for batch viruses, trojans,
malware, scripting viruses such as Coral Draw, VBS, HTML, Windows Batch (WBT),
JavaScript, SHS (Windows Shell Scrap), Powershell, Bash and IRC (Mirc) script
worms are also included!

This is currently/was a unique feature - no other scanner can scan e.g. IRC,
HTML or VBS worms with heuristics!  RHBVS gives you a detailed virus analysis
based on the built-in scan engine.

== Why?

RHBVS was mainly written to be a test platform for the product VirScan Plus by
ROSE SWE. All improvements done in VirScan Plus improves RHBVS, RMS (replaces the
older FindMirc) and vice versa. For this reason RHBVS is limited in flexibility
(e.g. checking boot sectors, Windows system memory or the MBR).

== Requirements

- IBM compatible PC with a 80386 CPU and co-processor!
- 620 KB of free memory (BigMem version) or 500 KB of free memory (Overlay version)
- DOS version 5.0 or higher or
  Windows 32 bit (RHBVS will not run under Windows 64 bit)

If you are interested in sponsoring the porting of RHBVS to Windows 64-bit or
Linux, please reach out to us. While there are currently no plans for such a port
due to perceived lack of demand and sponsors, we are open to considering it with
sufficient support. In the meantime, we recommend utilizing MPScan (available for
DOS32, Win32+64, Linux32+64), a multi-platform malware scanner that incorporates
both heuristics and signature-based detection, and has comparable or even
superior detection rates.

=== SmallMem and BigMem Versions of RHBVS

With the release of RHBVS version 7.18, the size of the executable has reached
500 KB. This has led to reports that the program fails to run on systems with
insufficient available DOS memory. As RHBVS continues to be actively maintained
and enhanced, the executable is expected to grow even larger in future versions,
potentially causing further compatibility issues for systems with limited
resources.

To address this challenge, we now offer two versions of RHBVS to accommodate
different system configurations:

==== SmallMem Version (Default)

This version is specifically designed for systems with restricted DOS memory. It
employs overlay technology, a method that dynamically swaps portions of code in
and out of memory as needed, thereby reducing the memory footprint. However, this
approach comes with a trade-off:

- **Performance Impact:** The use of overlays makes the scanning process slower
compared to the original version.

- **Performance Optimization:** To mitigate this and improve scanning speed, we
recommend providing approximately **512 KB of EMS (Expanded Memory)** which the
overlay manager can utilize to optimize performance.

The SmallMem version is now the default option and is well-suited for systems
with limited memory resources.

==== BigMem Version

For users with sufficient free DOS memory (e.g. my DosBox setup has 624KB free
DOS memory), the original version of RHBVS, now called BigMem, is still available
in the `BigMem` directory. This version retains the full program in memory
without the need for overlays, offering the following benefits:

- **Faster Performance:** Without the overhead of swapping code, the BigMem
version delivers faster and more efficient scanning.

- **Recommendation:** If your system has enough free memory to support it, we
strongly recommend using this version for the best overall performance.

==== Example (If you have not enough DOS memory)

NOTE: Taken from Windows 8.1

```
C:> rhbvs c:

Runtime error found in modul: RHBVS
Error: Not enough memory to start this program properly!
I can only access 61128 bytes from total 61128 bytes.

Laufzeitfehler: Nicht genuegend Arbeitsspeicher vorhanden!
Entfernen Sie bitte einige speicherresidente Programme!
Tipp: Notfalls MS-DOS/FreeDOS/Novell DOS mit [F5/F8] nackt booten!

C:\>mem


    655360 bytes total conventional memory
    655360 bytes available to MS-DOS
    581488 largest executable program size

   4194304 bytes total EMS memory
   4194304 bytes free EMS memory

  19922944 bytes total contiguous extended memory
         0 bytes available contiguous extended memory
  15580160 bytes available XMS memory
           MS-DOS resident in High Memory Area

```

==== Summary

To ensure compatibility and optimal performance, users should select the version
of RHBVS that best fits their system's memory configuration:

- Use **SmallMem** on systems with limited DOS memory and allocate EMS memory if
possible for better performance.

- Opt for **BigMem** if memory availability is not a concern, as it provides
faster scanning and a more seamless user experience.

By offering these two versions, we aim to provide flexibility for our users while
ensuring that RHBVS remains functional and effective on a wide range of systems.

== Terms

=== Heuristic (computer science)

In computer science, a heuristic is a technique designed to solve a problem
that ignores whether the solution can be proven to be correct, but which
usually produces a good solution or solves a simpler problem that contains or
intersects with the solution of the more complex problem.

Heuristics are intended to gain computational performance or conceptual
simplicity potentially at the cost of accuracy or precision.

=== Computer Virus

In computer security technology, a virus is a self replicating program that
spreads by inserting copies of itself into other executable code or documents
(for a complete definition: see below). Thus, a computer virus behaves in a
way similar to a biological virus, which spreads by inserting itself into
living cells. Extending the analogy, the insertion of the virus into a program
is termed infection, and the infected file (or executable code that is not
part of a file) is called a host. Viruses are one of the several types of
malware or malicious software. In common parlance, the term virus is often
extended to refer to computer worms and other sorts of malware. This can
confuse computer users, since viruses in the narrow sense of the word are less
common than they used to be, compared to other forms of malware such as worms.
This confusion can have serious consequences, because it may lead to a focus
on preventing one genre of malware over another, potentially leaving computers
vulnerable to future damage. However, a basic rule is that computer viruses
cannot directly damage hardware, only software is damaged directly. The
software in the hardware however may be damaged.

While viruses can be intentionally destructive (for example, by destroying
data), many other viruses are fairly benign or merely annoying. Some viruses
have a delayed payload, which is sometimes called a bomb. For example, a virus
might display a message on a specific day or wait until it has infected a
certain number of hosts. A time bomb occurs during a particular date or time,
and a logic bomb occurs when the user of a computer takes an action that
triggers the bomb. However, the predominant negative effect of viruses is their
uncontrolled self reproduction, which wastes or overwhelms computer resources.

Today (the trend started round 2005), viruses are somewhat less common due to
the popularity of the Internet - instead malware, ransomware and Trojans
meanwhile dominate.

Malware, short for malicious software, is an umbrella term used to refer to a
variety of forms of hostile or intrusive software, including computer viruses,
worms, Trojan horses, ransomware, spyware, adware, scareware, and other
malicious programs. It can take the form of executable code, scripts, active
content, and other software. Malware is defined by its malicious intent, acting
against the requirements of the computer user and so does not include software
that causes unintentional harm due to some deficiency (e.g. bugs).

== Options and Switches

Please note that command line options in RHBVS are not case sensitive. You can
use either the slash "/" or the hyphen "-" to indicate the start of an option.
Additionally, options can be configured using the environment variable RHBVS.

                      set RHBVS=...

To disable an option set by setting RHBVS=...  you can use the "-" at the end
of the option!

when you set

                      set RHBVS=/all

than you can disable /all with

                      rhbvs c: -all-

=== Command Line Options

Run RHBVS.EXE with

  /?  to see the current supported options.

Try also

  /?? or /UNDOC to see a list of the advance options.

You can scan as many drives and directories as you want per run.

  /vb Code Analyzer (past the switches /ANALYZE or /ANALYSE)

With this switch RHBVS gives you a detailed description of all the flags the
heuristic scan engines have found.

You can use the option

  /vbk  then RHBVS waits for a key stroke after every analysis.

Use the additional option

  /log  to save the analysis into a log file.

=== The Option /virsort

A special note about this option.

NOTE: This is one of those "undocumented" switch RHBVS supports. With this
switch you can sort in viruses AVP/FProt/VSP/DrSolly etc. misses. With this
option RHBVS creates a log file suitable for Virsort or Zoo-Sort (utilities
meanwhile deprecated). Take a look at the batch file RZOOSORT.BAT which is
included in the package!

For more "undocumented" switches try also: `rhbvs -??`


== User documentation

TIP: This text file is written in AsciiDoc and has been converted into nice HTML
and PDF files. German-speaking users should download the virus scanner "VirScan
Plus" (VSPxxxx.*) and read the German documentation there for further
understanding.


== Virus classification

RHBVS classifies the different virus types, their code size and the behavior.

The classification has the following scheme:

    {Virkit:}[Main Class]{.Length{.Minor Class}{.Germs} (Flags)


    -=[ Virkit ]=----------------------------------------------

    Viruses created with a virus kit just like

    + Biological Warfare (BW)
    + DReg
    + Father_Mac
    + GOTH
    + IVP
    + NRLG, Nuke
    + PS-MPC, MPC, G2
    + TPE, MtE, GCAE, RTFM  etc.
    + VCC
    + VCL
    + VLAD


    -=[ Main Class ]=------------------------------------------

    + Backdoor- Backdoor (Trojan)
    + Bat     - DOS Batch file virus or Trojan
    + Boot    - Boot virus and EXE header infector
    + CSC     - Coral script virus
    + Companion - small companion viruses
    + Crypt   - encrypted virus
    + Fast    - fast infector, like Dark Avenger
    + File    - appending file infector
    + HLLx    - High level language viruses
                x stands for C=companion, O=overwriting, and P=parasitic
    + IIS     - MS Internet Information Server Worm
    + Joke    - Joke/Fun program. This is not a virus.
    + JS      - Java script virus
    + Mini    - larger overwriting file infector
    + MIRC    - MIRC script worm
    + Multi   - Hybrid (multipartite) files and boot infector
    + Poly    - Polymorphic encrypted virus
    + PIRC    - PIRC script worm
    + SillyR  - trivial memory resident file infector
    + Stealth - virus with stealth capabilities (size or file stealth)
    + TSR     - virus stays resident in memory
    + Tiny    - trivial appending file infector (e.g. Danish)
    + Trivial - overwriting file infector (e.g. Trivial.45)
    + WBT     - Windows Batch virus
    + VBS     - Visual Basic Scripting virus
    + VBS+VBS - multiple VBS infections of one host - yes RHBVS can
                detect multiple infections!
    + Win32,  - Windows platform specific virus or Trojan
    + Win95,98

    + exact virus name, when using the switch /TROJ
    + exact virus name if found by the polymorph decryption engine
      (Hare, MtE, BW, Grief, TPE, Lucky.Gott etc.)


    -=[ Length ]=----------------------------------------------

If possible the virus size. If there is a question mark (e.g.) Virusname.438? the
code analyzer assumes this as the virus size!

    -=[ Germs ]=-----------------------------------------------

If it is a Generation-1 sample.


    -=[ Flags ]=-----------------------------------------------

RHBVS uses the following flags as short cuts:

    A - Anti debugging or anti heuristic code is used
    B - can overwrite the boot sector/MBR (used by the payload or
        by a boot sector infector)
    D - found a decryption routine (virus seems to be encrypted)
    E - Infects EXE headers like Headerbug or Pure
    F - suspicious file access
    H - uses hardware related instructions - common for boot viruses
    I - uses INT 21h calls in a suspicious way
    M - memory resident. Code will remain resident or will control
        some of the DOS functions. Typical for resident file infector
    O - opens files for writing code into it
    R - suspicious relocation code, typical for file infector
    T - checks the date or time (usually used for a payload etc.)
    U - Virus tries to stay resident in UMB (upper memory blocks)
    W - Windows malware or windows shell code

    ! - uses at least FCB and/or directory stealth methods
    # - is encrypted or uses code to confuse a code analyzer


    Flags will be "compressed" if more than three flags were found.
    RHBVS will show them as "flag: number of occurrence", e.g.: R:4


=== Some terms

In computer terminology, polymorphic code is code that mutates while keeping the
original algorithm intact.

Polymorphic code was invented in 1992 by the Bulgarian cracker Dark Avenger (a
pseudonym) as a means of avoiding pattern recognition from anti virus software.
This technique is sometimes used by computer viruses, shell code exploits and
computer worms to hide their presence. Most anti virus software and intrusion
detection systems attempt to locate malicious code by searching through computer
files and data packets sent over a computer network. If the security software
finds patterns that correspond to known computer viruses or worms, it takes
appropriate steps to neutralize the threat. Polymorphic algorithms make it
difficult for such software to locate the offending code as it constantly
mutates.

Encryption is the most commonly used method to achieve polymorphism in code.
However, not the entire code can be encrypted, as it would be completely
unusable. A small part of it remains unencrypted and is used for the first start
and to decrypt the encrypted software. Anti-virus software targets this small
unencrypted part of the code.

Malicious programmers have tried to protect their encrypted code from this
strategy by rewriting the unencrypted decryption engine each time the virus or
worm is spread. Sophisticated pattern analysis is used by antivirus software to
find the underlying patterns in the various mutations of the decryption engine in
the hope of reliably detecting such malware.

Stealth: Some viruses try to fool anti virus software by intercepting its
requests to the operating system. A virus can hide itself by ensuring that a
request of anti virus software to read an infected file is passed to the virus,
instead of to the operating system. The virus can then return an uninfected
version of the file to the antivirus software, so that it seems that the file is
"clean". Modern anti virus software employs various techniques to counter stealth
mechanisms of viruses. The only completely reliable method to avoid stealth is to
boot from a medium that is known to be clean.


== False Positives

A false positive, also referred to as a false alarm, occurs when a test
erroneously indicates the presence of a signal when there is none. False
positives can be encountered in various detection algorithms. For instance, in
optical character recognition (OCR), the algorithm may identify an 'a' even when
there are only a few dots resembling the letter.

When developing such software, there is always a trade-off between false
positives and false negatives, where a true match is not detected. This trade-off
involves balancing the risk of Type I errors (false positives that wrongly reject
the null hypothesis) against Type II errors (false negatives that fail to reject
the null hypothesis when it is false) in statistical hypothesis testing.

Typically, there is a predetermined threshold that determines how closely a match
should resemble a given sample before the algorithm reports it as a match. By
increasing this threshold, the algorithm becomes more stringent in its detection,
requiring a closer similarity for an object to be flagged, thus reducing the
occurrence of false positives.

As RHBVS is a rules-based heuristic virus scanner, encountering false positives
is a normal part of its operation. If you come across false positives, you can
send the executable file for verification and improvement of the scanner. It is
important to note that on standard installations, RHBVS should not trigger any
false positives.

=== Known False Positives

Currently RHBVS detects some hacking tools like unHS etc. But no normal user has
this stuff on the disk drive - so no action is taken to fix it. Other known false
positives are the memory resident DOS anti-virus programs TBAV and FProt. Both
are now obsolete and no longer available.

RHBVS flags them as:

        "D:\WINDOWS\TBAV_WIN\TBSCANX.EXE  Fast.TSR.File (MBIBBMFR)"

This means code to stay resident and to intercept file operation like opening or
execution of executable files. When looking at the code analyser of RHBVS we see
that TBSCANX stays memory resident (M- flags+TSR),

INT 21h sub functions 3D, 3E & 6C which is typical for a fast infector (Fast) and
INT 13h sub function 02 which is typical for boot viruses (B- flags). Due to the
fact TBSCANX stays resident it relocates (R-flags) to get its address.

NOTE: THAT'S ABSOLUTELY RIGHT - SO RHBVS ONLY REPORTS A PROGRAM LOOKING LIKE A
STANDARD FILE VIRUS....  :))


=== False positives causes by third party software

Ralf Borgmann reported that the DSAV.VxD intercept the "Live Bait Test" and
reports an unknown virus. This is a bug and false positive of the DSAV.VxD - it
can be reproduced only by the first start of RHBVS :-))

  >>>>>>> Please send me also viruses RHBVS misses. <<<<<<<<<<


== Error Codes

RHBVS uses the following DOS return codes when terminating. You can use them in
batch files or tools like Skull Check etc.

    Error level |   Meaning
    ------------+-------------------------------------------------
        0       |   RHBVS completed without any error and without
                |   finding any suspicious program!
        1       |   Misc. errors, like video mode or DOS version!
        2       |   The help screen was invoked.
        3       |   A virus was found in memory (by Quick Memory Scan)
        4       |   One of the signatures files (RHBVS.SIG or
                |   VIRSCAN.TRJ) is damaged or the access is denied!
        5       |   An error occurred creating the log file (/LOG=).
        6       |   Not used
        7       |   Path specified to scan: Access denied
        8       |   Insufficient memory/not enough memory
        9       |   VirScan.IRC|VirScan.VBS is missing or corrupt
       10       |   One or more suspicious files have been found!
     11..18     |   DOS error, please report it to ROSE SWE!
       xx       |   Internal error, please report it to ROSE SWE!
     203        |   Heap Error. Not enough memory available for
                |   RHBVS. Please try to unload some programs
     208        |   Overlay manager not installed
     209        |   Overlay file read error

== Technology

RHBVS currently uses over 350 modules to detect the various types of computer
viruses. RHBVS can also emulate and follow a polymorphic hidden jump to the virus
body, for example used in the Nostradamus.3584 (a.k.a. Grief) viruses. All the
software modules have been taken from ROSE SWE's VirScan Plus virus scanner.

RHBVS skips files smaller than 32 bytes. The scanner can even detect and emulate
anti-heuristic programmed code! RHBVS has a detection rate of over 98% for
trivial and mini viruses and over 80% for boot (image files) and hybrid viruses.

The overall detection is (tested on my virus collection):

         Version [Samples]   0.01          0.10           1.00 /TROJ
      --[Percent]-------------------------------------------------------
      ITW-Test set Germany   30.1 [412]    36.9 [412]     39.3 [412]
      Classified viruses(1)  N/A           64.1 [6037]    66.7 [6119]
      Unclassified viruses   22.4 [1867]   27.5 [1867]    29.5 [2020]
      ------------------------------------------------------------------

         Version [Samples]   1.03 (1)      1.05 (1)       1.07 (1)
      --[Percent]-------------------------------------------------------
      ITW                    60.4 [379]    60.4 [379]     66.8 [373]
      Classified(1)          77.7 [????]   77.3 [6808]    77.9 [8122]
      Unclassified(2)        44.1 [2007]   45.6 [2371]    41.0 [1289]
      ------------------------------------------------------------------


         Version [Samples]   2.00 (1)      2.02 (1)       2.03 (1)
      --[Percent]-------------------------------------------------------
      ITW                    75.3 [402]    80.8 [647]     80.9 [649]
      Classified(1)          82.1 [8122]   84.0 [9284]    84.4 [9215]
      Unclassified(2)        45.3 [1289]   48.8 [1296]    49.6 [1203]
      ------------------------------------------------------------------


         Version [Samples]   2.04 (1)      2.05  (1)      2.10 (1)
      --[Percent]-------------------------------------------------------
      ITW(3)                 81.2 [649]    84.8 [649]     76.3 [2503]
      Classified(1)          84.6 [9301]   85.9 [9408]    85.1 [9553]
      Unclassified(2)        48.2 [1480]   50.1 [2532]    49.4 [1042]
      ------------------------------------------------------------------


         Version [Samples]   2.11 (1)      2.20 (1)       2.22 (1)
      --[Percent]-------------------------------------------------------
      ITW(3)                 84.1 [649]    76.3 [2503]    85.8 [649]
      Classified(1)          84.6 [9301]   85.3 [10181]   79.2 [12409]
      Unclassified(2)        42.8 [998]    42.4 [1962]    55.3 [978]
      ------------------------------------------------------------------


         Version [Samples]   2.30 (4)      2.35
      --[Percent]-------------------------------------------------------
      ITW(3)                 86.2 [1718]
      Classified(1)          76.4 [18329]
      Unclassified(2)        84.5 [1438]   86.8 [795]
      MIRC scripts          100.0 [1018]  100.0 [1082]
      ------------------------------------------------------------------


         Version [Samples]    2.50 (July 1999)        3.01 (Jan 2000)
      --[Percent]-------------------------------------------------------
      FProt, unique(1)        75.8 [19236/25393]
      Unclassified(2)         72.1 [546/757]          88.2 [1871/2122]
      AVP, unique             70.2 [10392/14801]      65.1 [9789/15057]
      Scripts (IRC, VBS, JS) 100.0 [1233/1233]
      ------------------------------------------------------------------


(1) Detectable by F-Prot (includes more than 700 HLL viruses & Trojans!) All
    viruses are unique (Virsort)!

(2) These are REAL viruses in my incoming directories, which are not
    scannable by the newest KAV and F-Prot versions!!!

(3) ITW test set based on Joe Wells ITW lists. Included are all ITW
    file and boot infector Some viruses used by the VTC ITW test bed
    has been added to the RHBVS ITW test bed as well as some RIMC viruses.

(4) With switches /TROJ and /HIGH

Main goal is to increase the overall detection rate as well as reduce the
false positives.


== Bugs & Limits, Future

* RHBVS runs only on DOS environments. Please provide feedback if we should port
RHBVS to Windows and Linux. The trade-off of the port will be around 20-30% less
detection (non-portable assembler routines used). Please have a look at MPSCan
that is a similar portable heuristic scanner for multiple platforms.

* This program can only handle file names with a maximum of 67+12 chars length
(including paths) because the MS-DOS box of NT. If you have longer file names
(Win95/98/NT: supports IMHO 252 chars) then you have to map your paths.
Detection has been added for LAN-Manager, Netware based networks and Microsoft
compatible networks.

* RHBVS is currently not able to scan inside archives (ARJ, ZIP, LHA etc.)

* RHBVS cannot run under some debuggers like Soft Ice due to the HackStop
security envelope.  ;-)

* RHBVS is limited in scanning MS Office documents, boot viruses as well as
Win32 executable (PE/NE).

Testing a virus scanner is not an easy task and should be only done by experts
on a large virus collection!

Suggested Options for Testing

* File viruses

   rhbvs <path> /all /high /log=c:\temp\vtc.log
                /trj is default

* Boot viruses (on disks/bootable mediums)

IMPORTANT: RHBVS is not designed to scan for (old DOS) boot viruses. Use for that task
VirScan Plus or the heuristic boot virus checker ChkPc.

== License

Please note the following: RHBVS is distributed as AnyWare, which implies that
the program and documentation are fully copyrighted by the author (ROSE SWE). The
program is freely available for use in non-commercial environments, similar to
freeware. If you find RHBVS beneficial and would like to contribute to its
improvement, please feel free to send anything, for example helpful suggestions,
such as emails, bug reports, or even monetary support to the designated contact.
Your support is greatly appreciated!

== History

=== Version 8

    06.07.2025  8.83    Better SillyComp and Trivial virus detection.

    04.06.2025  8.77    Many new viruses added. Many internal enhancements, not
                        end user visible.

    17.03.2025  8.55    Too many viruses for the old DOS compiler, so we had a
                        massive rewrite of internal code.

    14.02.2025  8.44    New AVR modules added and also hundreds of new viruses
                        added

    11.01.2025  8.30    Adjusted number of found viruses/malware. New viruses
                        added

    13.12.2024  8.00    First version to be public released with reduced memory
                        footprint. Added a lot of new viruses.

=== Version 7

    10.12.2024  7.63    Due to memory pressure the option /LIST was removed

    08.12.2024  7.53    First version that uses Overlay to reduce the memory
                        footprint RHBVS meanwhile has (500 KB EXE file). Added
                        new viruses (AVR, Signatures...).
                        Rewrote this documentation.
    24.09.2024  7.00    Added a new AVR module. New viruses added.


=== Version 6

      04.09.2024  6.93        Consolidated and updated virus signatures. More
                              viruses added. Improved AVR modules.

      18.07.2024  6.83        Better IRC detection. More viruses added.

      03.07.2024  6.79        Better entrypoint handling, better handling of false
                              positives. New viruses added. Updated documentation.

      07.06.2024  6.70        Maintenance update. Small enhancements,
                              new viruses added.

      12.03.2024  6.58        Maintenance update

      04.02.2024  6.47        Improved entry point engine. Maintenance update.
                              Small enhancements, new viruses added.

      27.12.2023  6.39        Better detection. New viruses added.

      30.11.2023  6.32        Better VCL detection.
                              Small enhancements, new viruses added.

      10.11.2023  6.26        Small enhancements, new viruses added.

      13.10.2023  6.19        AVR_Mini/Trojan.  Maintenance update.
                              Small enhancements, new viruses added.

      25.09.2023  6.18        Small enhancements, new viruses added.
                              Maintenance update.

      28.08.2023  6.17        Maintenance update adding new virus detection

      13.07.2023  6.16        Small enhancements around the AVR-Trivial engine.
                              New viruses added.

      20.06.2023  6.15        Maintenance update adding new virus detection

      05.06.2023  6.14        Maintenance update adding new virus detection

      06.05.2023  6.13        Maintenance update adding new virus detection

      08.04.2023  6.12        Maintenance update adding new virus detection

      23.02.2023  6.11        Maintenance update adding new virus detection

      07.02.2023  6.10        Added new *NIX script and batch detection
                              engine to RHBVS with more than 1000 viruses.

      31.01.2023  6.00        Rewritten IRC and Batchvirus engine. New viruses.
                              Improved entry point engine.

=== Version 5

      13.01.2023  5.71        Complete rewritten command line engine.
                              New viruses added. Improved entry point engine.

      15.12.2022  5.68        Enhanced AVR:Mini, AVR:Trivial & AVR:Silly
                              engines. Enhanced VirusKit detection. New
                              viruses added.

      25.11.2022  5.67        Enhanced AVR modules, new viruses added.

      09.11.2022  5.66        No user visible changes. Enhanced code emulation
                              and entry point detection. New viruses added.

      01.10.2022  5.65        Added 4 new AVR modules. New viruses added.

      11.09.2022  5.64        Small improvements and new viruses added

      02.09.2022  5.63        Version bump after adding a lot of new virus
                              signatures.

      25.05.2022  5.62        Fixes with UTF-8 formatting. Thus maybe 3rd
                              party scripts may be adjusted filtering the
                              output of RHBVS log file. New viruses added.

      15.05.2022  5.61        Small improvements. New viruses added.

      18.03.2022  5.60        Changes and enhancements to the internal
                              scan engine. Added new viruses.

      10.02.2022  5.54        Internal changes and improvements. Added new
                              heuristic signatures and malware detection.

      23.01.2022  5.52        Added a new AVR engine for DOS Debug script
                              viruses. Added new viruses.

      07.12.2021  5.51        New viruses added

      09.07.2021  5.50        Internal changes and optimization for the virus
                              databases. Better and faster detection.
                              New viruses added.

      24.06.2021  5.40        Internal enhancements. Added new viruses.
                              RHBVS now checks for import files using the file
                              rhbvs.cfg. All files from rhbvs.cfg must be
                              provided.

      08.06.2021  5.32        New viruses added. Changed internal database
                              format (virscan.*)

      25.05.2021  5.31        New viruses mainly from MPScan added. Small
                              enhancements.

      06.03.2021  5.30        Added the detection engine from MPScan to RHBVS.

      22.02.2021  5.22        More viruses added.

      12.02.2021  5.21        Fixed a few false positives. Added new viruses.

      14.01.2021  5.20        Rewritten "MalwareScriptViruses" engine, therefore
                              all virus databases require the internal version
                              4.00 or higher. New viruses added.

      29.10.2020  5.15        Added more than 700 viruses. Updated the AVR
                              Modules again. Added more signatures for boot
                              and multipartite viruses.

      16.10.2020  5.14        Added around 300 viruses. Changes around the
                              AVR modules (Tiny, Trivial, Mini). Enhanced
                              documentation.

      13.10.2020  5.13        Added around 400 viruses. Changes around the
                              AVR modules.

      05.10.2020  5.12        Massive changes and enhancements around the AVR
                              modules. Added hundreds of viruses.

      19.09.2020  5.11        New viruses. Added 4 new heuristic search modules

      01.09.2020  5.10        Added new viruses.

      01.07.2020  5.09        Added new viruses.

      27.03.2020  5.08        Added new viruses.

      08.12.2019  5.07        Added new viruses. More heuristic detection.

      01.11.2019  5.06        Some internal changes. Added new viruses.

      22.06.2019  5.05        Added new viruses. Documentation update.

      29.12.2018  5.04        Added new viruses. Documentation update.

      20.09.2018  5.03        Added 22.000 viruses.

      28.03.2018  5.02        This documentation was ported to AsciiDoc.

      06.12.2017  5.01        Small enhancements. Major reprogramming
                              of the signature based detection.

      29.11.2017  5.00        Trojan detection is not compatible with pre
                              5.00 releases. New viruses detection added.

=== Version 4

      27.11.2017  4.98        Public release with new viruses detection.

      09.09.2017  4.97        Public release. Enhancements and new viruses.

      15.02.2017  4.96        Enhancements and new viruses.

      22.04.2016  4.93        Public release. Enhancements and new viruses.

      20.04.2015  4.92        Public release. Enhancements and new viruses.

      10.11.2014  4.91        Public release. Enhancements and new viruses.

      30.12.2013  4.90        Generic encrypted script detection added.
                              Enhancements and new viruses.

      30.10.2013  4.84        Enhancements for better detecting Win32 and
                              Win64 viruses. Added new viruses.

      03.03.2013  4.83        5000 viruses added, changed home page URL

      30.09.2012  4.81        Small enhancements, new viruses.

      16.10.2011  4.80        New viruses added, esp. the German
                              "Staatstrojaner" (file+live test).

      07.06.2011  4.79        New viruses added. Enhancements for Win32,
                              Dos32 and Linux console output.

      03.02.2011  4.78        New virus detection added. Fixed an
                              run-time error bug.

      13.08.2010  4.77        Added a lot of windows malware and
                              windows shellcode detection stuff.
                              New viruses added.

      18.06.2010  4.76        Win32.Shellcode handler improved.
                              VBS encrypted detection improved.

      13.04.2010  4.75        New viruses added. New icon for RHBVS.
                              Documentation updated.

      19.03.2010              Major update/enhancements added to PeHead.

      14.03.2010  4.73/4.74   Small enhancements and new viruses added.

      19.02.2010  4.70-4.72   Small bug fixes and enhancements. New
                              viruses added.

      30.03.2009  4.68/4.69   Massive enhancements around the /rename
                              function. Bug fixes and new viruses added.

      06.02.2009  4.67        Small enhancements for Windows Vista.
                              New viruses added.

      16.11.2008  4.66        Small bug fixes and enhancements. New
                              viruses added.

      11.01.2007  4.65        Changes on the /Rename functions.

      30.09.2006  4.64        Enhancements, new viruses. Changed
                              virus database.

      09.08.2006  4.63        Small enhancements (e.g. .PNG detection).

      25.04.2005  4.62        Enhanced the docs. Added new signatures
                              to the heuristic scan engines.

      10.03.2005  4.60        Changed and enhanced the internal database.
                              Added new scan engines and viruses.

      06.01.2005  4.51        Enhanced VBS engine. New viruses added.

      13.11.2004  4.50        Added new viruses.

      19.08.2004  4.50-RC2    Added ~600 new viruses. Fixed a few
                              false positives.

      17.08.2004  4.50-RC1    Complete redesign of the script scanning
                              engines (VBS, Script, IRC, Batch etc.).
                              A lot of new viruses added.
                              The signature files (virscan.*) are not
                              compatible with the 4.1x and below
                              releases!

      16.06.2004  4.13        Small fixes, 400 viruses added.

      14.04.2004  4.12        Added QWTC - "Quick Windows Trojan Check"

      21.01.2004  4.11        Bug fixing of the command line handling
                              engine. New viruses added.

      09.09.2003  4.10        Bug fixing, RHBVS now requires a
                              co-processor.

      07.09.2003  4.05        Added and enhanced some scan engines
                              and added tons of new viruses. Bug fixes.
                              (EXE file is therefore 20 KB bigger!).

      06.09.2003  4.02        Ported and enhanced some of the scan
                              engines to Linux. New viruses added.

      16.07.2003  4.00        New viruses. Changed the internal Trojan
                              and malware engine to run on Linux too.

=== Version 3

      13.05.2003  3.96        Added tons of new viruses.

      25.03.2003  3.95        New and enhanced engines for VBS viruses.

      27.02.2003  3.94        Fixes for HMA/A20 gate check. Added tons
                              of new viruses.

      07.11.2002  3.93        Added tons of new viruses.

      05.11.2002  3.92        Added new viruses, therefore internal hash
                             tables had to be adjusted.

      03.11.2002  3.91        Build 433
      20.08.2002  3.91        Build 423
      18.06.2002  3.91        Documented the switch /OnlyFull. Added
                              new viruses.


      05.05.2002  3.90        New viruses added. Changed the format of
                              Virscan.trj

      25.04.2002  3.81        Added new viruses. Fixed a false positive.
      23.04.2002  3.80        Fixed a bug with Win2000/NT. Changed the
                              signature files.

      19.04.2002  3.73        Added 120 viruses.
      11.04.2002  3.72        Added 300 viruses.

      17.03.2002  3.71        Changed documentation (also renamed from
                              *.DOC to *.TXT). Added new viruses.

      22.01.2002  3.70        New viruses. DOCS changed. Bundled with Win32
                              installer.

      09.01.2002  3.64        New viruses. Added .PIF file for Win9x.

      10.12.2001  3.63        New viruses added. New option -delYN added.

      08.10.2001  3.62        New viruses added.

      15.08.2001  3.61        New viruses. New generic scan engine for
                              IIS-Worms added. Should find every worm
                              that uses the IIS Backdoor. To scan for
                              such worms, you currently need the option -ALL

      30.07.2001  3.60        Added 300 new batch and script viruses
                              using the new designed scan engines from
                              RHBVS 3.55. Those signatures are stored
                              in the new file "VIRSCAN.IRC".

      26.07.2001  3.55        Added tons of new viruses. Added .LNK as
                              default extension. Introduced a version
                              numbering to VIRSCAN.VBS (needed for new
                              generic script detection). Added generic
                              script detection engine. Added new engines.

      08.06.2001  3.51        New viruses added. Better detection of
                              anti heuristic programmed VBS viruses.

      03.05.2001  3.50        Depending on your machine (386, 486 etc.)
                              and operating system, RHBVS is now up to
                              20 percent faster. New viruses.

      16.03.2001  3.45        Added more than 100 new VBS viruses. Added
                              .JSE, .VBE, .WSH as a default extension.
                              Included on the fly decryption of MS VBS
                              encrypted files (.VBE). New signatures
                              added. VBS scan engine updated.

      17.02.2001  3.41        Update of the VBS scan engine to find
                              VBS.NeueTarife/AnnaKov. New viruses.

      19.01.2001  3.40        New viruses added (of course :). Option
                              -ShowErr added. Statistic enhanced
                              (+ time, + total errors). Some false
                              positives fixed. We have ported parts of
                              the scan engines to win32. As a benefit
                              the scanning is now much faster
                              due to the enhancements we had to do for
                              the porting.

      04.01.2001  3.32        Added four new scan engines, VBS engine
                              was enhanced. 70 new viruses added.

      27.11.2000  3.31        New viruses added.

      14.09.2000  3.30        Added Win32 Stealth Bait test. New
                              viruses added.

      25.07.2000  3.21        Added .VBA as default extension. /RenPE
                              enhanced. New viruses added.

      05.07.2000  3.20        Faster scanning due to rewrite of the VBS
                              and MIRC analyzer Add option /NoScript
                              (same as /NoVBS). New viruses. Added 180
                              Trojans. Added MS Mail scanning (MSFT).
                              Added generic VBS detection (construction
                              kits etc.). Added generic Batch file
                              detection.

      22.06.2000  3.11        Added detection for 680 Backdoors. 20 new
                              VBS viruses added. Added .VXD and .SHS as
                              default extensions. Added 70 Trojans. SHS
                              will now be scanned too (VBS.Life_Stages).

      26.05.2000  3.10        Added detection for 250 Win/Win32 Trojans,
                              Backdoor and password stealing programs.
                              Added detection for 20 new VBS viruses.
                              Added .DLL extension as default. New viruses.

      07.05.2000  3.03        Due to the various VBS.Love-Letter variants
                              we added to the virus name additionally the
                              length. When you use RZOOSORT.BAT to sort
                              your Love-Letter variants, they go now in
                              separate directories.

      28.04.2000  3.02        Added MIRC detection in .PIF files. Added
                              option /NoVBS. /NoVBS is also set if
                              VIRSCAN.VBS was not found! New viruses :)
                              Added options /NoTrj and /NoTroj

      29.01.2000  3.01        Added HLP, AVI, CHM, FTS, CNT detection.
                              Added Joke class to RHBVS. New viruses :)
                              Changed the VBS detection engine for the
                              first anti RHBVS specific viruses.

      03.12.1999  3.00        Added ACE and (WAV) Wave detection. Added
                              "T" flag (time/date). Added 750 new viruses.
                              Added new scan engines. Added the options
                              /VB, /VBK (code analyzer) and /REPORT.
                              Better Java script detection added. Nicer
                              screen output. The switch /stdout is now
                              obsolete and not supported any longer!

=== Version 2

      01.09.99  2.56          Added ARJ and LZH archive detection.
                              Renamed /ANALYSE to /WHOLE (planed to
                              add switch /ANALYSE[=language.dat]).
                              RHBVS can now handle multiple infections of
                              VBS viruses.

      11.08.99  2.54          New viruses. Tested RHBVS under Win2000b3
                              Server and fixed all bugs.

      24.07.99  2.52          Added new VBS, JS and MIRC viruses using a
                              new detection engine.

      18.07.99  2.51          WBT (Windows Batch) virus class added.
                              New viruses added.

      10.07.99  2.50          HTML, JS, CS and VBS detection added. New
                              viruses and other malware added.

      24.05.99  2.35          Approx. 500 viruses added. Basic PIRC, INF
                              and VBS detection added. Option /COMP
                              (generic companion detection) added.

      17.02.99  2.34          Option /NOMEM added. New viruses.
                              Added detection of HTML, PDF (Adobe Acrobat)
                              and MDB (MS Access) file format.

      15.01.99  2.33          Option /RAW added. Bug with long directories
                              under Win-NT fixed. Tons of new viruses and
                              Trojans added. Added Natas decryption engine
                              from VSP. Enhanced the rhbvscum.awk script.

      02.01.99  2.32          Command line handling improved. Mirc detection
                              improved. Code analyser and option /Virsort
                              enhanced. New viruses and Trojans added.
                              File sharing handling for Windows enhanced.

      29.12.98  2.31          Fixed some bugs and false positives.
                              Enhanced the Mirc classification. Added
                              the rhbvscum.awk script to the package.

      29.11.98  2.30          Added Mirc script worm detection and
                              heuristics. Improved file handling.
                              Improved /RENAME capabilities. New viruses
                              and Trojans If VIRSCAN.TRJ is found
                              automatically option /TROJ is added!

      20.10.98  2.24/2.25     Non public releases!

      24.08.98  2.23          New viruses and Trojans Added a new
                              Trojan detection. Added new entry point
                              detection. Bug fixes. RHBVS uses now the
                              same "smart renaming" engine like RFW.
                              SYS virus detection added.

      17.05.98  2.22          New viruses. Added new scan engines (VCL,
                              Mini, Trivial etc.).

      07.04.98  2.21          Fixed a lot of minor bugs in the /Rename
                              section. Better Live Bait Test. RZOOSort
                              changed. Added a new internal scan engine.
                              Tons of new viruses added :)

      18.03.98  2.20          /Rename, /Renumber now support more Excel
                              formats (.XLA, .XLS etc.), credits: A. Marx
                              Added advanced check for resident stealth
                              viruses (Stealth Live Bait Test). Added
                              more than 40 boot viruses and more than
                              70 file infector Improved the boot
                              heuristics. Minor bug fixes.
                              Currently I am working on a neural network
                              for RHBVS so it many take a time for the
                              next release :-))

      15.02.98  2.11          Added or fixed the following features:
                              + Added more than 50 new viruses.
                              + Fixed some false positives (R. Borgmann)
                              + More compatible file access. Credits
                                (Christian Ghisler & Ralf Borgmann).
                              + Added new search engines and flags.
                              + RHBVS can now only be aborted with the
                                Escape key (SR by R. Borgmann).
                              + Heuristic flag compression/sorting
                              + /Renumber=Value switch now works
                                correctly (one of those undocumented
                                features :-))

      29.01.98  2.10          Enhanced check for stealth viruses and
                              fast infector added. Added 350 new
                              viruses. Enhanced companion detection.
                              Enhanced boot virus detection. Added new
                              search engines. Improved the statistics.
                              Enhanced code analyser Fixed some false
                              positives. Added the batch file
                              RZOOSORT.BAT to the package. RHBVS does
                              now a much better classification of the
                              virus using his new code analyser.
                              Changed the heuristic to produce less
                              false positives than the 2.05 release.

      28.12.97  2.04          Now the /LOG switch supports file names,
                              e.g. /LOG=C:\TMP\RHBVS.NEW etc. Changed
                              the error level (DOS return codes) and
                              documented them in RHBVS.DOC. New viruses
                              added, fixed some false positives and
                              bugs. New flag "A" added. Added the new
                              virus group "Poly". Added an entry point
                              resolver for the _310 virus. AVR for
                              boot viruses enhanced and improved.
                              Sanity (integrity) self check added!

      13.12.97  2.03          Fixed again some false positives received
                              from Ralf Borgmann. About 230 new viruses
                              added. Now the signatures file RHBVS.SIG
                              also contains flags. Added new search
                              engines. Modified the live bait test to
                              fool the DSAV.VxD.

      21.11.97  2.02          Fixed about 10 false positives (credits
                              Ralf Borgmann). Added new search engines
                              and new viruses. Overall detection ratio
                              is now 84 percent!

      08.11.97  2.01          Fixed two false positives. Added more than
                              20 new scan engines. Enhanced the Mini
                              and Trivial scan engine. Added more than
                              200 viruses! RHBVS now scans also files
                              with the extensions .IMG, .BOT and .BIN.

      01.11.97  2.00          Added the option /LOG to generate a
                              simple log file.
                              Added more than 80 new scan engines -
                              they are the compressed and optimized
                              search strings from VirScan Plus.

=== Version 1

      12.10.97  1.07          Added new viruses. Added a new entry
                              point detection for the _1015 virus.

      20.09.97  1.06          Windows NT compatibility enhanced. Added
                              new viruses.

      09.08.97  1.05          Added some viruses and a new entry point
                              detection engine for the Demo Fraud virus.
                              Windows-NT compatibility enhanced. Added
                              a PIF file for Windows NT 4.0.

      13.07.97  1.04          Added the switch /FILETYPE. Added a check
                              for corrupted files. Added a few new
                              viruses. Fixed some false positives.

      06.07.97  1.03          Enhanced the Mini-AVR module. Added new
                              viruses. Fixed some minor bugs. Added
                              option /HEUR.  Release for SAC ftp etc.

      28.06.97  1.02          Fixed two false positives. Added a few
                              viruses. Changed the help screen.
                              Added one search engine for EXE-Header
                              viruses. Changed access mode for faster
                              accessing write protected discs. Added
                              the 'E'-Flag.

      11.06.97  1.01virnet    Changed some DOCS. Release for Virnet.
      09.06.97  1.01          Added the Option /CONT and /HIGH.
                              Enhanced one search engine to find the
                              Make2 virus.

      07.06.97  1.00          Added the option /TROJ.
                              Improved the Tiny code analyser, added the
                              flags 'H' and '#'.
                              First official release

=== Beta Versions

      29.05.97  0.10          Improved the detection rate more than 5%!

      27.05.97  0.02          Added the option /AUTO and /BEEP.
                              Added RHBVSGER.FAQ, enhanced the DOC.
                              Fixed a bug when redirecting the output
                              using the stdout option (rhbvs -stdout>file)
                              Detection on exe packers added.

      22.05.97  0.01          Initial release



== Credits

People who helped to improve this product or have given feedback.

NOTE: In alphabetical order

      Andreas Haak            code analyser & more
      Andreas Marx            technical consultant :)
      Axel Pettinger          Mirc stuff
      Bert De Rijck           Fam_????
      Carsten Kruse           Mr. "enhancements"
      Christian Ghisler       technical consultant :)
      Claus Vogt
      Frank Ziemann           Backdoor, Trojan and Worm testing
      Hanno Boeck             Mr. "false positives" :)
      Jerry Hodges            CRC32
      Joe Hartmann            Mirc, false positives, RIMC project
      Joerg Abdinghoff        initial idea for /ANALYZE, now /vb or /vbk
      Lukas-Fabian Moser
      Laurent Gerard          new virus
      Mano Schwarz
      Mathias Brunner
      Masterball/codeBreaker  HMA/A20 testing
      Michael Hering          checksum, FP, RHBVS.DOC, easily switches
      Nobert Kirch            stdout bug
      Peter Kosinar           FP, missed viruses
      Ralf Borgmann           Mr. RHBVS beta tester :)
      Robert Flogaus-Faust
      Sebastian Boehm
      Stonehead               Mr. "false positives" :)
      Tjark Auerbach          DOX
      Toralv Dirro            RIMC project
      Valentino Tosatti       Mr. "false positives" :)
      Veit Kannegieser

You? ..


== Files

   CRCHECK.TXT    checksum file of the whole distribution
   ROSEBBS.TXT    the author's address and ROSE support BBS, WWW etc.

   FILE_ID.DIZ    short description of the package
     RHBVS.XXX    checksum file for integrity check
     RHBVS.MSG    Message/language file for switch /vb
     RHBVS.DOC    this documentation
     RHBVS.EXE    the main executable
     RHBVS.PIF    Win 3.1/9x/NT/2000 program interface file :-))
     RHBVS.OVR    Overlay file for RHBVS (SmallMem version)

     RHBVS.SIG    some heuristic scan engines and flags
   VIRSCAN.TRJ    signature file for HLL viruses and Trojans
   VIRSCAN.IRC    signature file for script and batch viruses (IRC, BAT...)
   VIRSCAN.WSM    signature file for script viruses (IRC, VBS, JS, CSC...)
                  [windows scripting malware]
   VIRSCAN.MPV    signature file for multipartite DOS file viruses and
                  boot/MBR viruses. Contains also signatures for file viruses

  RHBVSCUM.AWK    AWK script to create statistics reports from RHBVS.LOG
  RZOOSORT.BAT    handy batch file to sort your unknown viruses!


== Miscellaneous

TIP: Why is RHBVS.EXE such a small program? Well it is compressed using a so called
online compressor. Here are the results finding the best compressor for RHBVS.EXE

    Original size (10.06.2000) =    342.560 bytes   **
                  (17.07.2003) =    385.120 bytes
                  (09.09.2003) =    396.928 bytes
                  (25.04.2005) =    407.344 bytes
                  (10.02.2007) =    410.944 bytes
                  (13.08.2010) =    413.280 bytes
                  (28.11.2017) =    415.664 bytes (147kb compressed)
                  (28.03.2018) =    416.832 bytes (132kb compressed)
                  (29.10.2020) =    432.640 bytes (->  136.724)
                  (02.09.2022) =    462.752 bytes (161kb)
                  (20.06.2023) =    486.032 bytes (167kb)
                  (08.12.2024) =    503.392 bytes (180kb)

When RHBVS reached 500 KB (Version 7.18) we decided to reduce the memory
footprint of RHBVS by using Overlay technology.




include::viruses.adoc[Virus Description]

== Copyright

(C)opyright by

  __________ ________    ____________________   ___________      _____________
  \______   \\_____  \  /   _____/\_   _____/  /   _____/  \    /  \_   _____/
  |       _/ /   |   \ \_____  \  |    __)_   \_____  \\   \/\/   /|    __)_
  |    |   \/    |    \/        \ |        \  /        \\        / |        \
  |____|_  /\_______  /_______  //_______  / /_______  / \__/\  / /_______  /
         \/         \/        \/         \/          \/       \/          \/

  -------------------------------------=-----------------------------------
    ROSE SWE                           See ROSEBBS.TXT for
    Dipl.-Ing. Ralph Roth              full address, FAX and PGP keys.
    http://rose.rult.at
    rose_swe@hotmail.com               All Rights Reserved!
  -------------------------------------=-----------------------------------



== End

End of the documentation! Thank you for reading it.  Bye!
