What's New in NetShield for NetWare v3.0.3 (3007) Copyright 1994-1997 by McAfee, Inc. All Rights Reserved. Thank you for using McAfee's NetShield for NetWare. This What's New file contains important information regarding the current version of this product. It is highly recommended that you read the entire document. McAfee welcomes your comments and suggestions. Please use the information provided in this file to contact us. ___________________ WHAT'S IN THIS FILE - New Features - Known Issues - Installation - Documentation - Frequently Asked Questions - Additional Information - Contact McAfee ____________ NEW FEATURES 1. Network message alerts now can be sent to NDS users from servers with or without bindery emulation enabled. To receive the alert, the user must have a current attachment to the server (for example, a mapped network drive) and be running an appropriate message "pop-up" utility. 2. The shutdown procedure has been modified so that NetShield configuration changes will be properly saved even if the server is downed without unloading NetShield. 3. NetWare servers with long names are now supported. *ENHANCEMENTS* 1. Compatibility issues with Microsoft Client for NetWare have been addressed. 2. The SNMP MIB will now work with ManageWise. 3. Stability issues related to the scanning of Microsoft Office files have been fixed. 4. Microsoft Excel files can now be cleaned without corrupting the original files. ____________ KNOWN ISSUES 1. Installing this software to a server on which NetShield v3.0.2 has been installed will reset the NetShield configuration to default values. To perform an upgrade from NetShield v3.0.2, refer to the upgrade procedures in the "Installation" section of this document. 2. If this version of NetShield for NetWare is installed on a system with the current version of VirusScan for Windows 95, VirusScan for Windows NT, or NetShield for Windows NT, then one of the products is uninstalled, the remaining product will need to be reinstalled. 3. This version should not be installed on any system running NetShield NT v2.5.3. Doing so may render one or both of these products inoperable. Administrators requiring virus protection for their Windows NT systems are urged to use the command-line version of McAfee's VirusScan for Windows NT. Administrators requiring virus protection for their Windows 95 systems are urged to use ScanPM. 4. On 3.x NetWare servers, loading NetShield from an NCF file (such as AUTOEXEC.NCF) without first adding the NetShield directory to the search path may cause the server to abend. This is a known issue with initialization of Novell's NWSNUT NLM. To resolve this: 1) Add the appropriate SEARCH ADD statement to the AUTOEXEC.NCF file BEFORE the call to NETSHLD.NCF or BEFORE the LOAD SYS:MCAFEE\NETSHLD\NETSHLD.NLM statement. 2) Add the appropriate SEARCH ADD statement to the NETSHLD.NCF file before the LOAD SYS:MCAFEE\NETSHLD\NETSHLD.NLM statement. 5. On some workstations, the NetShield client may not be able to connect to a NetShield server. This is most often the case when using Windows 95 with Novell's Client32. If this is the case, check the network frame types that are configured for your workstation. A) From network properties, check properties for: IPX 32-bit Protocol for Novell Netware Client32 If specific frame types are listed on this page, make certain that a frame type appropriate for your network (such as "Ethernet 802.3" or "Ethernet 802.2" is listed first. B) From network properties, check properties for: IPX/SPX-compatible Protocol If the frame type is defined as "Auto," set it to the frame type appropriate for your network (such as "Ethernet 802.3" or "Ethernet 802.2"). 6. NetShield's real-time scanner will not scan files that are being accessed through the new NFS feature of IntraNetWare. However, these files can be scanned by on-demand scans. It is recommended that frequent on-demand scans be performed in environments using NFS. 7. NetShield for NetWare should not be installed to a directory with a long filename. The NLM will not run from a long filename directory. 8. If the infected file action is set to Move or Delete and NCOPY is used to copy an infected file to a server, mes- sages similar to the following will be returned to the user: General failure reading drive Abort, Retry, Fail? Press R for retry :Error setting file information No files copied This is due to the file action removing the file before NCOPY has set the file attributes. This does not occur with non-infected files. 9. NetShield may fail to load if the NETSHLD.REG file becomes corrupted. To recover, copy the NETSHLD.BAK (located in the same directory as the NETSHLD.NLM) to NETSHLD.REG and reload NetShield by typing "netshld" on the server console. 10. While viewing any Log file from the NetShield Console, the console will be unavailable for any other actions. 11. Due to a problem with Novell's Modular CLIB on NetWare v4.10, a memory leak may occur if printer alerting is enabled (approximately 240 bytes per alert). This leak does not occur with NetWare v4.11 or platforms using the monolithic CLIB. 12. Due to a known problem in the Novell DSAPI.NLM, alert message printing to NDS print queues does not work. Novell acknowledges that this problem exists and, until a fix becomes available from Novell, customers are recommended to use bindery print queues when specifying a print queue in the NetShield Alert Manager configuration screen. 13. CD-ROMs cannot be scanned if the volume name contains a period ("."). This problem can be avoided by using the "CD RENAME" command from the file server console. 14. The "scanned" counter of On Access Scanning in NetShield Statistics may display a higher file count than expected. This is because some network clients and utilities (such as Windows File Manager) may open a file multiple times when copying it to or from the server. 15. The "Detection" page of NetShield Properties shows the "Compressed Files" option greyed out. This option refers to files compressed with utilities such as PKZIP, LZH, etc. The 3.0.3 version of NetShield for NetWare does not scan these types of files for virus infection. ____________ INSTALLATION NetShield must be installed on every file server you want protected. This version should not be installed on any system running VirusScan NT or NetShield NT. * BEFORE INSTALLATION * 1. Unload the NetShield Netware-Loadable Module (NLM) if it is running. 2. Remove the Search path to any current installations of NetShield for NetWare. 3. Check for existing copies of NetShield in other directories and delete or rename them. Failure to perform this step may cause problems resulting in incorrect version display or server failures. 4. Disconnect any network connections you may already have to servers you will be installing to. 5. Have at least 4MB disk space available on the PC to install the NetShield Windows console components. 6. Have at least 2MB disk space available on each of the file servers that will run the NLM. 7. Have at least one drive letter free (D - Z); the installation requires a temporary drive 8. To create the NetShield NDS object on NetWare 4.x servers, the NetShield install requires Novell Client32. If Client32 is not present, the NetShield install will not be able to create the necessary NDS object, but will complete successfully. In this event, the administrator will need to run the NSHINST.NLM utility from the server to complete the installation. For information on this, see the "After Installation" section of this file. 9. If you do not want an NDS user to be created automat- ically, or are running NetWare earlier than 4.x, leave the NDS Context path blank. * PRIMARY PROGRAM FILES FOR NETSHIELD FOR NETWARE * Files located in the workstation install directory: =================================================== AMGRCNFG.EXE = Alert manager configuration utility BROWSENT.DLL = McAfee library file CLEAN.DAT = Virus definition file DEISL1.ISU = InstallShield uninstall file IMPTASK.EXE = Task import utility IMPTASK.TXT = Task import text file MCALYZE.DAT = Virus definition file MCALYZE.DLL = McAfee library file MCCOMM.DLL = McAfee library file MCCONSOL.EXE = NetShield console MCCONSOL.HLP = Context-sensitive help MCKRNL32.DLL = McAfee library file MCREGEDT.EXE = Maintenance utility MCRPC.DLL = McAfee library file MCRUTIL.DLL = McAfee library file MCSCAN32.DLL = McAfee library file MCSERVIC.DLL = Install/uninstall library file MCSRVSHL.EXE = Uninstall application MCUPDATE.EXE = Update configuration utility MCUTIL32.DLL = McAfee library file MCUTINST.DLL = Installation library file NAMES.DAT = Virus definition file PACKING.LST = Packing list README.1ST = McAfee information REGEMUL.DLL = McAfee library file REGINSTL.DLL = Installation library file RESELLER.TXT = McAfee authorized resellers SCAN.DAT = Virus definition file SCNCFG32.EXE = On-demand configuration utility SCNSTAT.EXE = On-demand statistics display utility SHCFG32.EXE = On-access configuration utility SHIELD.CNT = NetShield help SHIELD.HLP = NetShield help SHSTAT.EXE = On-access statistics display utility SHUTIL.DLL = McAfee library file VALIDATE.EXE = McAfee file validation program VIRLIST.EXE = Virus list utility WCMDR.EXE = Uninstall program WCMDR.INI = Uninstall initialization file WCMDRSIL.EXE = Uninstall program WHATSNEW.TXT = What's New document Files located in the NetShield server directory : CLEAN.DAT = Virus definition file MODEMS.TXT = Modem initialization strings NAMES.DAT = Virus definition file NETSHLD.BAK = Backup file of NETSHLD.REG (only appears after running NetShield) NETSHLD.NLM = NetShield NETSHLD.REG = NetShield registry NSHINST.NLM = NDS initialization program NSHINST.TXT = NDS configuration information PASSWORD.PWD = Password file (only appears after running NetShield) SCAN.DAT = Virus definition file UPDATE.MSG = External message file ACTIVITY.LOG = Activity log file (only appears after the product has written a log) ALERT = Centralized Alerting subdirectory MCALERT.MIB = SNMP MIB file QUEUE = Alert Manager temporary storage Files located in the Alert subdirectory: CENTALRT.TXT = Centralized alerting file * AFTER INSTALLATION * On NetWare 4.x servers, NetShield must create an NDS user as part of the installation process. If the NDS user is not properly created, some of NetShield's alerting capabilities will be disabled. The NetShield user object can be created in either of two ways. If the installation is done from a workstation that provides 32-bit NDS support (such as one running Novell's Client32), the object can be created automatically during installation. If the workstation does not have 32-bit support, or if the NDS object creation is not successful during the installation, then the NSHINST.NLM utility must be executed from the server console. NOTE: Microsoft's NDS support (MSNDS) only provides support for 16-bit applications. If you are using MSNDS you will need to run NSHINST.NLM from the server. To create the user, run the NSHINST utility as described below. Please refer to the document NSHINST.TXT for more detailed information about the creation and maintenance of this NDS object. Before running NSHINST.NLM, make sure that NetShield is not currently loaded. To create the NetShield user object in NDS, the NSHINST.NLM utility must be executed from each file server running NetShield. Use the command: LOAD \NSHINST.NLM Note: is where NetShield was installed on the server. By default, this would be SYS:MCAFEE\NETSHLD. Note: If the NDS object's password gets out of sync with NetShield, NetShield will no longer be able to log in to NDS. In this case, run NSHINST again, specifying the same NDS context as before. This will generate a new password for the object. * LOADING NETSHIELD NLM * The installation program is unable to automatically load NetShield on your file server. To load the NetShield NLM, go to the file-server console and execute the NETSHLD.NCF file by typing NETSHLD. * CONFIGURING NETSHIELD * NetShield is configured through the NetShield Console, a 32-bit Windows application that runs on Windows 95 and Windows NT. When you select a NetShield server to configure, you must provide the NetShield password for that server. * The default NetShield password is "netshield" * McAfee recommends you change the password immediately after installation. To change the password, select Change Password from the Tools menu of the NetShield Console. * UPGRADING FROM NETSHIELD v.3.0.2 * This version is intended to be installed on a server that does not currently have NetShield installed. As such, it will not preserve the prior configuration of NetShield. To upgrade from v3.0.2 to v3.0.3, two options are available. The first is to install patch PTNSNW02, available from the McAfee Web Site (www.mcafee.com). This patch contains both server and workstation components that can be copied to the affected computers. The second is to install NetShield v3.0.3 to a single server, then manually distribute components to other affected computers. To upgrade using the second approach, perform the following steps from the workstation that you want to upgrade. In addition, choose one server on which to install NetShield v3.0.3. 1. Unload NetShield on the selected server. 2. Save a copy of the NETSHLD.REG file from that server's NetShield directory (default directory is SYS:MCAFEE\NETSHLD). 3. Follow the normal NetShield installation procedures to update that server and workstation. 4. Restore the backed-up version of NETSHLD.REG. 5. If the server is running NetWare v4.x, run the NSHINST NLM, as described in the "After Installation" section of this document, to restore NDS access for NetShield. 6. At this point, the selected workstation and server have been fully upgraded. To upgrade additional computers, two files need to be distributed: NETSHLD.NLM - for servers MCCOMM.DLL - for workstations To upgrade additional servers: - Unload NetShield on those servers. - Copy the new NETSHLD.NLM to all servers that are to be upgraded (default directory is SYS:MCAFEE\NETSHLD). - Restart NetShield on upgraded servers. To upgrade additional workstations: - Copy MCCOMM.DLL to all workstations which are to be upgraded (default directory is "C:\Program Files\McAfee\NetShield"). - Restart Windows on the upgraded workstations. _____________ DOCUMENTATION For more information, refer to the NetShield User's Guide included on the CD-ROM versions of this program or available from McAfee's BBS and FTP site. This file is in Adobe Acrobat Portable Document Format (.PDF) and can be viewed using Adobe Acrobat Reader. This form of electronic documentation includes hypertext links and easy navigation to assist you in finding answers to questions about your McAfee product. Adobe Acrobat Reader is available on CD-ROM in the ACROREAD subdirectory. Adobe Acrobat Reader also can be downloaded from the World Wide Web at: http://www.adobe.com/Acrobat/readstep.html NetShield documentation can be downloaded from McAfee's BBS or the World Wide Web at: http://www.mcafee.com For more information on viruses and virus prevention, see the McAfee Virus Information Library, MCAFEE.HLP, if applicable, included on the CD-ROM version of this product or available from McAfee's BBS or FTP site. __________________________ FREQUENTLY ASKED QUESTIONS Q: When browsing for users or print queues to alert on a NetWare 4.x server, no data is displayed. A: The issue may be related to timing, typically on saturated networks. Close the window and try again. If there is still no data displayed, see the next question for more details. Q: The server console on NetWare 4.x has displayed the message: "Warning: NDS Authentication failed. Alerting features will be limited. Please refer to the FREQUENTLY ASKED QUESTIONS section of whatsnew.txt for resolution" A: In order to perform alert configuration or alerting on a NetWare 4.x server, NetShield must be able to log in to the NDS tree. It is possible that the NSHINST facility was never run on the server, or the password has become out of sync. In either event, NSHINST.NLM must be executed. Please refer to the INSTALLATION section of this file for instructions on running NSHINST. Q: What do I need in order to use NetShield? A: In order to run NetShield, the following criteria must be met: Server requirements: - Novell NetWare 3.x or 4.x - Network Disk Space: 2MB required - Latest Novell NetWare patch files and NLMs Administrator console requirements: - Microsoft Windows 95, NT 3.51 or NT 4.0 Q: Can I scan remote machines with NetShield before they log in? A: NetShield for NetWare only scans the files on the server. Use the VirusScan command-line product to perform the scan. Q: How do I enable McAfee's Centralized Alerting and Reporting? A. To enable this feature, workstation users must have File Scan, Write, Create, and Modify rights access to the NETSHLD\ALERT directory (created upon instal- lation). Please refer to your McAfee workstation product documentation for more information on using this feature. Q: Can I update NetShield data files to detect and remove new viruses? A: Yes. You can download updated NetShield data files from the McAfee Web Site, BBS, or other online resources. ______________________ ADDITIONAL INFORMATION * CONFIGURING GLOBAL MHS * In order for NetShield to operate with Global MHS, add the following entry to the NGM.CFG file for the MHS server: [MGMSMF] sender-validation-enabled = FALSE * NETWARE SFT-III * NetWare SFT-III is not supported by this release of NetShield. ______________ CONTACT McAFEE * FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS * Contact McAfee's Customer Care department: 1. Corporate-licensed customers, call (408) 988-3832 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time Retail-licensed customers, call (972) 278-6100 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time 2. Fax (408) 970-9727 24-hour, Group III fax 3. Fax-back automated response system (408) 988-3034 24-hour fax Send correspondence to any of the following McAfee locations. McAfee Corporate Headquarters 2805 Bowers Avenue Santa Clara, CA 95051-0963 McAfee East Coast Office Jerral Center West 766 Shrewsbury Avenue Tinton Falls, NJ 07724-3298 McAfee Central Office 4099 McEwen Suites 500 and 700 Dallas, TX 75244 McAfee Canada 139 Main Street Suite 201 Unionville, Ontario Canada L3R2G6 McAfee Europe B.V. Gatwickstraat 25 1043 GL Amsterdam The Netherlands McAfee (UK) Ltd. Hayley House, London Road Bracknell, Berkshire RG12 2TH United Kingdom McAfee France S.A. 50 rue de Londres 75008 Paris France McAfee Deutschland GmbH Industriestrasse 1 D-82110 Germering Germany McAfee Japan KK 4F Toranomon Mori bldg. 33 3-8-21 Toranomon Minato-Ku Tokyo, 105 Japan Or, you can receive online assistance through any of the following resources: 1. Bulletin Board System: (408) 988-4004 24-hour US Robotics HST DS 2. Internet e-mail: support@mcafee.com 3. Internet FTP: ftp.mcafee.com 4. World Wide Web: http://www.mcafee.com 5. America Online: keyword MCAFEE 6. CompuServe: GO MCAFEE 7. The Microsoft Network: GO MCAFEE Before contacting McAfee, please make note of the following information. When sending correspondence, please include the same details. - Program name and version number - Type and brand of your computer, hard drive, and any peripherals - Operating system type and version - Network name, operating system, and version - Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN script - Microsoft service pack, where applicable - Network card installed, where applicable - Modem manufacturer, model, and baud, where applicable - Relevant browsers/applications and version number, where applicable - Problem - Specific scenario where problem occurs - Conditions required to reproduce problem - Statement of whether problem is reproducible on demand - Your contact information: voice, fax, and e-mail Other general feedback is also appreciated. Documentation feedback is welcome. Send e-mail to documentation@cc.mcafee.com. * FOR ON-SITE TRAINING INFORMATION * Contact McAfee Customer Service at (800) 338-8754. * FOR PRODUCT UPGRADES * To make it easier for you to receive and use McAfee's products, we have established a Resellers program to provide service, sales, and support for our products worldwide. For a listing of McAfee resellers near you, click Contact McAfee under the Information section on the McAfee website. * MCAFEE BETA SITE * Get pre-release software, including DAT files, through http://beta.mcafee.com/public/datafiles. You will have access to Public Beta and External Test Areas. Your feedback will make a difference.