home *** CD-ROM | disk | FTP | other *** search
-
- Addendum.Doc
- ============
-
- You will find the following information in this file:
-
- 1) Documentation of TbLanMsg
- 2) Renaming Anti-Vir.Dat
- 3) The TbScanX Application Program Interface
-
-
- 1) Documentation of TbLanMsg
- ============================
-
- TbLanMsg is a program that forwards TBAV messages to other machines.
- Its purpose is to notify helpdesks or supervisors automatically of a
- possible virus. If one of the resident TBAV utilities detects a virus,
- an on-line message will be send to the specified machine. Also TbScan
- sends a message to the specified machine or user if it detects a virus.
-
- TbLanMsg currently only works on Lantastic networks. Versions for other
- networks will be available soon!
-
- Usage:
-
- TbLanMsg should be installed on any workstation from where TBAV messages
- should be broadcasted in case of a virus alert. There is no limit on
- the number of workstations connected. The receiving machine (i.e. the
- supervisor or helpdesk) does not has to load any TBAV software, the
- LANtastic (R) redirector is sufficient.
-
- Just like the other TBAV utilities TbLanMsg can be loaded in the
- Config.Sys or AutoExec.Bat file, after the TbDriver invokation.
-
- TbLanMsg becomes activated once the Lantastic (R) redirector
- (REDIR.EXE) has been installed. It is NOT required that the workstation
- or supervisor have been logged on to the network. TbLanMsg is always
- able to send its messages, even when all servers are down!
-
-
- Command line options:
- help ? =display a helpscreen
- remove r =remove TbLanMsg from memory
- on e =enable TbLanMsg
- off d =disable TbLanMsg
- test t =send test message
- Options available at initial startup:
- user = <username> u =user to send messages to
- dest = <machine> m =machine to send messages to
-
-
- Test (t)
-
- This option can be used to transmit a test message. If you use option
- 'test' at the initial invocation of TbLanMsg, it will notify the
- supervisor/helpdesk that TbLanMsg has been activated.
-
-
- User (u)
-
- If you use this option, the TBAV messages will be sent to the user
- specified. The receiving user has to be logged on somewhere on the
- network, otherwise the destination machine is is unknown. Option
- 'dest' is recommeded, as in this case the receiving user does not
- has to be logged on in order to receive the messages.
-
- Note: The use of one of the options 'user' or 'dest' is highly
- recommended, otherwise TbLanMsg will send its messages to ALL users!
- If you specify both options the TBAV messages will be send to the
- specified machine only if the specified user has been logged on.
-
-
- Dest (m)
-
- If you use this option, the TBAV messages will be send to the machine
- specified. You have to specify the name of the machine of the user who
- should RECEIVE the TBAV messages. (The LANtastic (R) 'NET SHOW'
- command will show you the name of the machine). TbLanMsg will not check
- whether the entered name exists because it might be possible that that
- machine is to be powered up later.
-
- Note: The use of one of the options 'user' or 'dest' is highly
- recommended, otherwise TbLanMsg will send its messages to ALL users!
- If you specify both options the TBAV messages will be send to the
- specified machine only if the specified user has been logged on.
-
-
- Example:
-
- Suppose you have four machines: WORK1, WORK2, HELPDESK and SERVER. If
- one of the TBAV utilities detects a virus, a message has to be send to
- machine HELPDESK.
-
- Machine WORK1:
- TbDriver.Exe
- TbScanX.Exe
- TbCheck.Exe
- TbLanMsg.Exe dest=HELPDESK
- AEX
- Ailanbio
- Redir.Exe WORK1 /Logins=2
-
- Machine WORK2:
- TbDriver.Exe
- TbCheck.Exe
- TbMem.Exe
- TbLanMsg.Exe dest=HELPDESK
- TbFile.Exe
- AEX
- Ailanbio
- Redir.Exe WORK2 /Logins=2
-
- Machine HELPDESK:
- AEX
- Ailanbio
- Redir.Exe HELPDESK /Logins=2
-
- Machine SERVER:
- (Server is powered down)
-
- Of course all users may connect to servers and log on, but it is not
- required. The configuration above is sufficient to send all TBAV
- messages to the helpdesk. Of course the helpdesk and server may also
- load the TBAV utilities, but it is not required.
-
-
-
- 2) Renaming Anti-Vir.Dat
- ========================
-
- Most of the TBAV utilities use a 'fingerprint' file named Anti-Vir.Dat.
- These files are generated by TbSetup. Some users are afraid that a virus
- might anticipate and delete the Anti-Vir.Dat files, and have requested
- to make the name configurable.
-
- To our opinion, renaming the Anti-Vir.Dat filename isn't the ultimate
- solution: since the TBAV utilities have to find out the name somehow, a
- virus could use the same method too and find out the Anti-Vir.Dat
- filename too. Secondly, it would be confusing for novice users,
- especially after a boot from a diskette, as the TBAV utilities will by
- default assume that the fingerprint files are named Anti-Vir.Dat.
- Third, if you use TbCheck, it will warn you automatically when the
- Anti-Vir.Dat file is deleted, so there is actually no need to hide the
- reference files.
-
- However, if you feel you really must use a different name for security
- reasons, you can do so by changing the keyword "AvFile" in the [TBAV]
- section of the TBAV.INI file. All TBAV utilities will use the specified
- name automatically. The support for this keyword is limited, so the
- keyword can not be set from within the TBAV menu. Use an ASCII editor to
- enter this keyword in the [TBAV] section.
-
- Although all TBAV utilities will correctly use the specified filename,
- they will continue to use the name 'Anti-Vir.Dat in the error messages
- and on the screen, for consistency with the user manual.
-
- NOTE! If you boot from a diskette once in a while to scan your system,
- make sure that you have a TBAV.INI file on your diskette with the same
- filename specification!
-
-
-
- 3) The TbScanX Application Program Interface
- ============================================
-
- Before you can use any of the TbScanX API functions, make sure you have
- enabled the API services by specifying 'API' on the TbScanX invocation
- line!
-
- The interface consists of some multiplex calls (int 2Fh). Register AH
- should contain CAh. Register AL contains the function request number.
-
- AL=0 InstallationCheck
- BX='TB'
-
- Return value:
- AL=FFh TbScanX installed
- BX='tb'
-
- AL=4 ScanFile
- DS:DX Name of the program file to be scanned.
-
- Return value:
- No Carry flag set No signature found in file.
- Carry: Signature found in buffer!
- ES:BX ASCIIZ-name of virus (null terminated)
-
- Registers altered:
- AX,BX,CX,DX,SI,DI,BP,ES
-
-