Agax Manual

Agax is currently at version 1.3.2. If you're interested you can see the change history. If you already know how to use Agax and are having problems with it, then take a look at the FAQ section at the bottom.


Agax is an antivirus application. It scans your disks and files for viruses. It also contains Defender, which is an antivirus extension. Both of these use Additives to discover and (in the case of Agax) repair infected files. Additives are stored in the folder 'Additives' in the same folder as Agax.

The main window of Agax has the title 'Log'. It records Agax's antivirus activity - in particular reporting the discovery of infected files, and the success it has in repairing them. You can perform operations on the log with the File menu.

Agax has two menus with identical contents but different titles - the 'Examine' and 'Repair' menus. These both do the same thing (scan for viruses), except that 'Repair' will attempt to remove viruses from infected files, whereas 'Examine' will just report the infection. Some files cannot be repaired, and you are given the option of deleting these (if the Additive responsible considers the file a threat) at the end of the scan. Agax displays a progress bar during its scan of a volume. To stop the scan, click the close box of the progress bar.

The 'Nasties' menu contains a list of the currently installed Additives. You can view more information about an Additive by selecting it from this menu. You can change when this Additive is used from the window which results. There are three checkboxes: 'Examine files for this virus' uses this Additive when it is examining; 'Repair files with this virus' uses this Additive when repairing; 'Proactively repel this virus' uses this Additive in Defender. Changes to the last checkbox will only take effect on restart.

These options as recorded in the preferences. When Agax starts up, it checks to see how the list of Additives has changed from last time. If any are missing, it will warn you of the fact, and if there are any new ones, it will ask you what you want to do with them (enable all, disable all, or verify them over the internet). Regardless of which you choose, you can always change which Additives are enabled later through the information boxes described in the paragraph above. If Agax can't find its preferences, it tells you and enables all Additives.

If you choose the 'Verify over Internet' option then Agax will check the authenticity of all its Additives, provided your computer is connected to the internet. It does this by fetching the authentication web page from the Agax web site. This web page contains the checksums of all known Additives, which are compared with the checksums of the Additives it found on startup. If an Additive's checksum matches one on the web page, then it is considered verified, otherwise it is considered not verified. Additives which are not verified should be treated with suspicion, as they may be corrupted or modified. This mechanism is designed primarily to prevent the dissemination of a virus in an Additive, whether by intent or infection.

The results of the verification are displayed in a large dialog box. On the left is the Master List, showing the latest versions of all the Additives mentioned on the web page. On the right are two lists for the Additives that Agax found on startup, one for the Additives that were verified against the Master List and one for those that were not. You can choose to enable or disable all the Additives in each of those two lists. Usually, the verified Additives would be enabled and the not verified Additives disabled, unless a new Additive is being tested which does not yet have an entry in the web page. In front of the name of each Additive is a tick or a cross, indicating whether or not it is currently enabled (and not whether or not it was verified - this is shown by which of the two lists it is in).

Also stored in the authentication web page is the latest news message from the Agax web site proper, usually about the release of a new Additive or a new version of Agax. This message is displayed at the bottom of the Additive verification dialog box. The message may be checked (and the verification process repeated) at any time by selecting the 'Verify over Internet' option from the bottom of the Nasties menu. This will immediately show you if there are any new or updated Additives, or a new version of Agax.


The only available option in the Edit menu is 'Preferences'. Currently, this controls only the preferences for Defender. Any changes made here only take effect on restart. The first checkbox 'Enable Defender' controls whether or not the Defender extension is installed. If the status of this checkbox has changed when you close the preferences, Agax will take the appropriate action (i.e. create or delete Defender in the Extensions folder).

When Defender is enabled, you can choose how it protects your computer. There are currently three types of protection:

- 'Examine volumes when mounted'. When a volume is mounted, it is examined. If a virus is found you are asked to run Agax on the volume. There is a further option under this: 'Simple examination' or 'Thorough examination'. 'Simple examination' is quick and will find viruses which always live in the same place on a volume (such as AutoStart worms). 'Thorough examination' does a complete scan of the volume, as if it was selected from the 'Examine' menu, but without the progress bar. As you can imagine this is very slow, so I don't recommend it.

(Note: After startup, all volumes except the system volume will be scanned in the method indicated if volume examination is enabled)

- 'Examine applications when launched'. When an application or desk accessory is launched, it is examined. If a virus is found, the launch is prevented and you are told that the application is infected. Control Panels are not examined, as they execute inside the Finder. To catch infected control panels (not that I know of any) you would have to use the next type of protection.

- 'Examine resource forks when opened'. When a resource fork is opened, it is examined. If the file is infected, the open is prevented and you are told that the file is infected. If this type is on as well as the examining launches type, clean applications will be examined twice (but it doesn't take long, so don't worry about it too much). When this type is selected, even the Finder's 'Get Info' command will warn you of infection (for applications at any rate). Note however that this option is unstable under some systems, so its use is not recommended. None of the current three Additives require this level of checking.

Alongside all of these types of protection there is the option to log when the checks occur. Even if these boxes are unchecked, infections will still be logged - unchecking them just cuts out the 'Started...'/'Completed ...' log entries. Warning: Turning this option on for resource forks is a bad idea - resource forks are opened and closed all the time - and will significantly slow down your computer. The log is also useful for determining the virus causing the infection (without running Agax), as the notification message does not tell you this information.

Defender's log is called 'Defender Log' and stored inside the System folder.

Defender too keeps track of which Additives are around - newly discovered Additives are disabled. The Additives which Defender uses are those beside the last Agax which was run - so make sure you don't run Agax from a server (actually, I haven't tested this - it might in fact mount the server during startup).

Warnings, bugs, etc.

Warning: Both Defender and Agax make an attempt to guard against themselves being infected. Thus you shouldn't fiddle with them - in particular don't change Agax's memory allocation. This will likely be improved and extended to Additives in the near future.

Agax replaces Antigax and GAx Defender - you should delete these and use Agax and Defender instead.

System Requirements

Agax should work on all systems from System 7 on a Mac with a 68000 processor up to Mac OS X on a G4. Defender should work from System 8.0 up (maybe System 7.5 too). Agax is not Carbonised and thus runs in Classic mode on Mac OS X. I have no plans to change this until the discovery of a Mac OS X virus makes it necessary.

Special Help Sections (FAQs)

I just expanded Agax and ran it, and it says it's been tampered with! I sure didn't touch it - what gives?

This error usually results when Agax itself has become infected. It will refuse to run if that happens, because the virus might re-infect files as fast as Agax repaired them.

If it was something you did (e.g. modified it with ResEdit, changed its memory requirements, etc.) then you should replace the modified Agax with a freshly expanded version.

If it was due to a virus however, then it is more than likely that this virus is in RAM (and therefore practically impossible to remove without restarting), and would infect Agax again if you re-expanded it straight away. So I suggest you do the following:

If this still doesn't work (very unlikely), then try repeating the procedure, but locking the Agax application after you expand it and before you launch it.

If Agax does not find any viruses, then it is probable that it was infected by a previously unknown virus. If this happens, then please get in touch with me!

Originally I intended to keep Agax locked, so viruses would have more difficulty infecting it, but in the initial release I neglected to do this. This turned out to be far better for everyone, because Agax inadvertently found some new viruses when they infected it - so I've decided to keep it unlocked by default. If you wish to lock it however, then by all means go ahead, but you will forgo that extra level of protection.


#include <std_disclaimer.h>

Back to Agax home page

Last updated 28/4/2002