The 640 MEG Shareware Studio 2

home *** CD-ROM | disk | FTP | other *** search

/ The 640 MEG Shareware Studio 2 / The 640 Meg Shareware Studio CD-ROM Volume II (Data Express)(1993).ISO / virus / vshld95c.zip / VSHLD95C.DOC < prev

Wrap

Text File | 1992-08-21 | 39KB | 991 lines

VSHIELD Version 5.1C95 VSHIELD1 Version 0.2 CHKSHLD Version 1 Copyright 1989-1992 by McAfee Associates. All rights reserved Documentation by Aryeh Goretsky. McAfee Associates (408) 988-3832 office 3350 Scott Blvd. Bldg. 14 (408) 970-9727 fax Santa Clara, CA 95054-3107 (408) 988-4004 BBS (32 lines) U.S.A USR HST/v.32/v.42bis/MNP 1-5 CompuServe GO VIRUSFORUM Internet mcafee@netcom.com TABLE OF CONTENTS SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 - What is VSHIELD? - System requirements AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . . .2 - Verifying the integrity of VSHIELD WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . . .3 - New features and viruses added in this release OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 - A note on switches - General description of VSHIELD OPERATION and OPTIONS. . . . . . . . . . . . . . . . . . . . . .6 - How to use VSHIELD, VSHIELD1, and CHKSHLD - Detailed explanation of switches EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 - Samples of frequently-used options INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . .13 - How to install VSHIELD on your system - A note on VSHIELD and networks ERROR LEVELS . . . . . . . . . . . . . . . . . . . . . . . . . .13 - Running VSHIELD from batch files VIRUS REMOVAL. . . . . . . . . . . . . . . . . . . . . . . . . .14 - What to do if a virus is found REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . . .14 - How to register VSHIELD TECHNICAL SUPPORT. . . . . . . . . . . . . . . . . . . . . . . .15 - Information you should have ready when calling APPENDIX A . . . . . . . . . . . . . . . . . . . . . . . . . . .16 - Creating an exception list for the /CERTIFY option APPENDIX B . . . . . . . . . . . . . . . . . . . . . . . . . . .17 - Sample CHKSHLD program script Page 1 VSHIELD Version 5.1C95 Page 2 SYNOPSIS VSHIELD is a virus prevention program for IBM PC and compatibles. VSHIELD prevents viruses from infecting your system. When VSHIELD first loads it will search the PC for known computer viruses in memory, the partition table, boot sector, system files, and itself before installing itself as a Terminate-and-Stay-Resident (TSR) program. VSHIELD checks for viruses by scanning for virus signatures and/or validation codes added by SCAN as programs load, if any. All programs are checked before they are allowed to run; if a virus is found VSHIELD will not allow it to execute. VSHIELD also prevents reboots from disks infected by boot-sector viruses. VSHIELD optionally checks validation codes added by SCAN by SCAN to determine if a file has been altered. VSHIELD has an option to check for viruses as files are copied or accessed. VSHIELD optionally provides access control functions to reduce the risk of virus infection from unauthorized software. Two discreet programs are available. The first, VSHIELD.EXE, checks for viruses using virus signatures and validation codes added by SCAN. The second, VSHIELD1.EXE, only checks validation codes added by SCAN. Both programs monitor all program loads from all disks unless otherwise specified. The CHKSHLD program checks for VSHIELD in memory for use in network login scripts. VSHIELD will run on any PC with 256Kb and DOS 2.10 or above. VSHIELD1 uses 6Kb of memory. VSHIELD uses 37Kb of base memory if loaded normally, 3Kb if swapped-to-disk, or 416 bytes if loaded into upper memory. AUTHENTICITY VSHIELD is packaged with VALIDATE, a program that ensures the integrity of VSHIELD, VSHIELD1, and CHKSHLD executables. The VALIDATE.DOC file describes how to use VALIDATE. The validation results for the VSHIELD Version 5.1C95 and VSHIELD1 Version 0.2 programs should be: FILE NAME: VSHIELD.EXE VSHIELD1.EXE CHKSHLD.EXE SIZE: 44,991 11,323 7,787 DATE: 08-21-1992 2-14-1991 08-21-92 FILE AUTHENTICATION Check Method 1: E7AB 8578 F9AB Check Method 2: 0B78 03CE 01D2 If your copy of VSHIELD differs, it may have been damaged or have options stored in it with the /SAVE switch. Run VSHIELD with only the /SAVE switch to remove any stored options and then re-run VALIDATE. Always obtain your copy of VSHIELD from a known source. The latest version of VSHIELD and validation codes can be obtained from our BBS at (408) 988-4004. VSHIELD Version 5.1C95 Page 3 Beginning with Version 72, all of McAfee Associates' VIRUSCAN programs are archived with PKWare's PKZIP Authentic File Verification. If you do not see an "-AV" after every file is unzipped and receive the "Authentic Files Verified! # NWN405 Zip Source: McAFEE ASSOCIATES" message when you unzip the files then do not use them. If your version of PKUNZIP does not have verification ability, then the message may not be displayed. Please contact us if you believe tampering has occured to your .ZIP file. WHAT'S NEW Version 5.1C95 of VSHIELD fixes a problem with the /SWAP switch that displayed unwanted messages. VSHIELD has been updated to recognize the new viruses added in Version 5.0B95 of VIRUSCAN, and fixes a false alarm report. One new option has been added to VSHIELD, the /NI6510 switch. This switch fixes a conflict that occurs when VSHIELD is run on a PC containing a Racal-Datacomm NI6510 network interface card. This fix is specific the NI6510 and does not apply to any other product. Detection capability for 99 new viruses was added in this release, bringing the total number of known viruses to 685, or counting variants, 1,401. For more information, please refer to the VIRUSCAN documentation or the accompanying VIRLIST.TXT file or see Patricia Hoffman's Hypertext VSUM. VSHIELD Version 5.1C95 Page 4 OVERVIEW VSHIELD is a memory-resident program that prevents virus infection. VSHIELD does this by checking programs as they are loaded by the computer. VSHIELD will not allow a file to run if a virus is found, a program does not match its validation code, or a file is not on the /CERTIFY list--this prevents the virus from entering your system. VSHIELD also checks for boot sector viruses during reboots and optionally checks for viruses during copy operations or whenever a disk is accessed. When VSHIELD is run from the AUTOEXEC.BAT, it is installed each time the system is turned on or rebooted. VSHIELD checks memory, the partition table, boot sector, system files, and itself for viruses prior to installation as a Terminate-and- Stay-Resident (TSR) program. It monitors all program loads for viruses. When a system is booted from an infected disk, VSHIELD will detect the virus the next time VSHIELD runs since VSHIELD must be in memory to detect the virus. VSHIELD has four user-selectable levels of protection: - Level I protection, provided by VSHIELD1, checks validation codes added by VIRUSCAN's /AV or /AG switches [see VIRUSCAN's documentation for more information]. Programs failing the validation check will not be allowed to run. VSHIELD1 also checks the partition table and boot sector validation codes, if present. Level I provides minimal protection only and is not recommended for normal use, VSHIELD is recommended instead. - Level II protection, provided by VSHIELD, checks programs for virus signatures, the pattern of code unique to each virus. If a virus is found, VSHIELD will not allow the program to run. VSHIELD will also prevent reboots from disks infected with a boot sector viruses. - Level III protection, provided by VSHIELD /CV, incorporates both Level I and Level II protections. - Level IV protection, provided by VSHIELD /CERTIFY, incorporates Level III protection with access control, specifying which programs can be run. VSHIELD Version 5.1C95 Page 5 Each level of protection has its advantages and disadvantages. VSHIELD1 (Level I) requires the least system overhead, using 6Kb of memory. It provides only minimal protection. VSHIELD (Levels 2-4) requires as much as 37KB of memory; this may be reduced to 416 bytes by loading into upper memory. VSHIELD1 will add an average of one second to each program load. VSHIELD adds an average of one second to program loads and six seconds to reboots. Using the /SWAP option adds an additional second since VSHIELD must re-load itself from disk prior to checking another file. VSHIELD will not degrade the performance of the system once programs have been loaded, except for programs which load other programs when the /ACCESS or /COPY options are being used. NOTE: VSHIELD and VSHIELD1 should not be used simultaneously. Either one or the other should be used, but not both. CHKSHLD is run to see if VSHIELD is in memory. CHKSHLD can look for the presence of any version of VSHIELD, or a specific version (a feature that can be used to update a workstation from its file server). VSHIELD Version 5.1C95 Page 6 OPERATION and OPTIONS IMPORTANT NOTE: CREATE A BACKUP DISK BY COPYING VSHIELD TO A BLANK FLOPPY AND WRITE-PROTECT IT To provide optimal protection against viruses VSHIELD (or VSHIELD1) should normally be placed at the end of the AUTOEXEC.BAT. However, if a menu program is run from the AUTOEXEC.BAT, VSHIELD should be loaded before it. Popular menu programs include MS-DOS's DOSSHELL, etc. Loading disk cache or network driver programs after VSHIELD may disable it. To prevent this from happening, re-run VSHIELD with the /RECONNECT switch. CHKSHLD should be run from the network login script. An ERRORLEVEL is returned if VSHIELD is in memory. This can be used for creating scripts to check and update VSHIELD. A NOTE ON VSHIELD'S SWITCHES VSHIELD is designed to provide a high degree of protection even when none of the switches below are used. Placing VSHIELD in the the AUTOEXEC.BAT file with no options provides sufficient protection for virtually all environments. If available memory is at a premium, the /LH (Load High) or /SWAP (Swap-to-Disk) options can be used to minimize memory usage. Other options should be used only if required due to non- standard systems or special security needs. VSHIELD provides many options for flexibility in meeting the needs of corporate, network, and secure environments but trade-offs in system overhead and user restrictions must be carefully evaluated. VSHIELD Version 5.1C95 Page 7 Valid options for VSHIELD are listed below: VSHIELD /ACCESS /CERTIFY filename /CHKHI /CONTACT message /COPY /CV /F pathname /IGNORE d1:...d26: /LH /LOCK /M /NB /NI6510 /NODISK /NOBREAK /NOCONT /NOMEM /RECONNECT /SAVE /SWAP pathname /WINDOWS /ONLY d1:...d26: Options are: /ACCESS - Check for virus when files are opened /CERTIFY filename - Enable access control (filename is an optional exception list) /CHKHI - Check memory from 0-1088Kb for viruses /CONTACT message - Display message when virus is found /COPY - Check for viruses during COPY operations /CV - Check validation codes added by SCAN /IGNORE d1...d26 - Ignore program loads off drives d1:...d26: /LH - Load VSHIELD into upper memory blocks /LOCK - Halt system when a virus is found /M - Scan memory for all viruses during install (see restrictions below) /NB - Disable boot sector check during install and reboot /NI6510 - Fixes Racal Datacomm NI6510 conflict /NOBREAK - Disable Ctrl-C / Ctrl-Brk during install /NOCONT - Prevent running of non-certified programs /NODISK - Disable boot sector check during install only /NOMEM - Skip memory checking /NOREMOVE - Disable /REMOVE switch /ONLY d1...d26 - Check program loads from specified drives /RECONNECT - Re-link system interrupts after network drivers are loaded /REMOVE - Unload VSHIELD from memory /SAVE - Save specified switches as new defaults /SWAP pathname - Load kernel (3Kb) only; swap rest to disk /F pathname - Use with /SWAP for DOS 2.1 systems ONLY /WINDOWS - Checks DOS processes under Windows The /ACCESS option tells VSHIELD to check for viruses any time a program is opened for any reason. The /ACCESS may slow down programs under Windows or when copying with menu programs. Using /CV with /ACCESS is not recommended for performance reasons. The /ACCESS option cannot be used with the /SWAP or /COPY options. The /ACCESS option is for high risk environments like open university computer labs or software developers. It will, for example, prevent a developer from zipping a virus- infected file into an archive for distribution. VSHIELD Version 5.1C95 Page 8 The /CERTIFY option prevents files without validation codes added by VIRUSCAN ffrom being run. This option is for system administrators to prevent users from running programs that could introduce a virus. An exception list of "trusted" files can be created to allow use of programs that do not work correctly with validation codes attached. For instructions on creating an exception list, refer to Appendix A. NOTE: Running /CERTIFY without an exception list or validation codes will prevent all programs except for DOS internal commands from running. The /CHKHI option checks memory above 640Kb on 286/386/486 systems for viruses. This covers Upper Memory Blocks from 640 - 1024K, and the High Memory Area from 1024 - 1088K. This option cannot be used with the /NOMEM option. The /CONTACT option is used to display a custom message when a virus is found. The message can be up to 50 characters long and contain any character except for a backslash "\". Messages starting with a hyphen "-" or slash "/" must be placed into quotation marks. The /COPY option checks files for viruses during COPY operations and checks the floppy drives for boot sector viruses during COPY and DIR operations. The /COPY option does not work with 4DOS or NDOS. This option cannot be used with the /ACCESS or /SWAP options. The /CV option checks validation codes added by SCAN to .COM and .EXE files. If a file has changed it will no longer match its validation code and VSHIELD will report the file has been modified and a viral infection may have occurred. For instructions on adding validation codes, refer to VIRUSCAN's documentation. The /F option is required for using /SWAP under DOS 2.0. The /F option instructs VSHIELD where to swap from. The complete path and file name must be specified after the /F. The /IGNORE option tells VSHIELD to ignore program loads from specified drives. Ignored drives will NOT be checked for viruses. Up to 26 drives may be ignored. /IGNORE is designed for use with LAN's that have virus protection and is not recommended for stand-alone PC's or networks with no anti-viral features in place. The /LH option loads VSHIELD into upper memory. For /LH to work, an expanded memory manager such as MS-DOS 5.10's EMM386.EXE must be used (for 386/486 systems) or QEMM (for 286/ 386/486 systems). This option cannot be used with /SWAP. VSHIELD Version 5.1C95 Page 9 The /LOCK option halts the system if a virus is found so that infection cannot occur. It is recommend that the /CONTACT switch be used to tell the user what to do when the system halts. The /M option checks base memory for all known memory- resident viruses before VSHIELD installs in memory. By default, VSHIELD only checks memory for critical (stealth) viruses. If a critical virus is found during installation, VSHIELD will stop and advise the user to turn off the PC, boot from a clean (virus-free) DOS system disk and scan the system for viruses. For a listing of critical viruses, please refer to the VIRUSCAN documentation. This option cannot be used with the /NOMEM option. The /NB option tells VSHIELD to skip the partition table and boot sector check during installation and reboots. The /NI6510 option prevents a conflict between VSHIELD Racal-Datacomm NI6510 network interface cards: when a PC was rebooted, a stream of corrupted packets would be sent across the network. The problem and solution is specific the NI6510 and does not apply to any other product. The /NOBREAK option prevents Ctrl-C and Ctrl-Brk from stopping VSHIELD during the installation process. The /NOCONT option prevents the user from proceeding after the "Proceed Anyway? Y/N" message when running non-certified programs. The /NODISK option disables the boot sector and partition table check during installation. This option can be used to load VSHIELD from a network server. The /NOMEM option skips the memory check for viruses during installation. It should only be used when a PC is known to be virus-free. This option cannot be used with the /CHKHI or /M options. The /NOREMOVE option prevents VSHIELD from being unloaded with the /REMOVE option. This option cannot be used with the /REMOVE option. The /ONLY option tells VSHIELD to check program loads only from the specified drives. All other drives will be ignored. This option cannot be used with the /IGNORE option. VSHIELD Version 5.1C95 Page 10 The /RECONNECT option is used to restore VSHIELD's link into DOS after another program has disabled it, such as a network driver or disk cache. This eliminates the need to continually load and unload VSHIELD when logging on to a network. The /REMOVE option unloads VSHIELD from memory. If other memory resident programs are loaded after VSHIELD, then VSHIELD cannot be unloaded. This option can be disabled by installing VSHIELD with the /NOREMOVE option. The /SAVE option is used to store VSHIELD options for subsequent executions of VSHIELD. Options are stored by modifying the VSHIELD.EXE executable file. For example: VSHIELD /LH /M /NOBREAK /SAVE will set the VSHIELD defaults to /LH, /M, and /NOBREAK. If VSHIELD is run with just the /SAVE switch, then all options are removed and VSHIELD executes with its original default settings. The /SWAP option tells VSHIELD to install a small (3Kb) kernel in memory and load itself on demand. If a path is specified after /SWAP, VSHIELD will swap from there instead of the path from which it is being executed. The /SWAP option cannot be used with the /COPY or /ACCESS options. NOTE: The /SWAP parameter should only be used if limited amounts of memory are available for programs. It is recommended that VSHIELD be used without the /SWAP option whenever memory permits. The /WINDOWS option is used when running Windows 3 to allow VSHIELD to display messages properly. This option has no effect if Windows is not used. Valid options for VSHIELD1 are listed below: VSHIELD1 /NB /REMOVE Options are: /NB - Disable boot sector checking during install and reboot. /REMOVE - Unload VSHIELD1 from memory The /NB option tells VSHIELD1 to skip the partition table and boot sector check during installation and reboots. VSHIELD Version 5.1C95 Page 11 The /REMOVE option unloads VSHIELD1 from memory. If other memory resident programs are loaded after VSHIELD1, then VSHIELD1 cannot be unloaded. Valid options for CHKSHLD are listed below: CHKSHLD /DEBUG /Q /V xxxxx /? /H /HELP Options are: /DEBUG - Display version and ERRORLEVEL /Q - Quiet mode (no messages displayed) /V xxxxx - Check for version 'xxxxx' of VSHIELD in memory /? /H /HELP - Display help screen The /DEBUG option displays the version of VSHIELD resident in memory and the DOS ERRORLEVEL on the screen. The /Q option stops CHKSHLD from displaying any messages. The /V option tells CHKSHLD to look for a specific version of VSHIELD in memory. For example, "4.3V84" for VSHIELD 4.3V84. The /?, /H, and /HELP options display a help screen. CHKSHLD's ERRORLEVELS CHKSHLD sets the DOS ERRORLEVEL to the following values: ERRORLEVEL │ DESCRIPTION ═══════════╪═══════════════════════════════════════════════ 0 │ VSHIELD is resident, or if /V is used, the │ version specified is resident in memory. 1 │ VSHIELD is resident but does not match /V 2 │ VSHIELD is NOT resident in memory 3 │ Abnormal termination (program error) OPERATION CHKSHLD allows network administrators to check workstations for VSHIELD before allowing them to log on to a network. CHKSHLD is not recommended for home or non-network users. A sample login script for Novell NetWare is included in Appendix B. VSHIELD Version 5.1C95 Page 12 EXAMPLES The following examples show different option settings: VSHIELD Installs VSHIELD (Level II protection) VSHIELD /CV Installs VSHIELD (Level III protection) VSHIELD /CERTIFY EXCPTN.LST Installs VSHIELD (Level IV protection) with an exception list named EXCPTN.LST. VSHIELD /SWAP Installs VSHIELD kernel in memory and swaps from root directory of disk with DOS 3.0 and above. VSHIELD /SWAP /F C:\VSHIELD.EXE Installs VSHIELD kernel resident and swaps from root directory of disk with DOS 2.0 system. VSHIELD /CV /CONTACT "Please Contact the PC Help Desk" Installs VSHIELD (Level III protection) and display a message if virus is found. VSHIELD /M /CHKHI /CV /LH /WINDOWS Installs VSHIELD (Level III protection) checking for all memory resident viruses in base and high memory prior to install, load VSHIELD high, and Windows compatibility mode turned on. VSHIELD /RECONNECT Re-enable VSHIELD after it has been disconnected by network device drivers. CHKSHLD /V 4.3V84 /Q Checks for VSHIELD 4.3V84 in memory, no messages displayed. VSHIELD Version 5.1C95 Page 13 INSTALLATION For optimum protection, place VSHIELD as the last line in your AUTOEXEC.BAT file. If you are using a menu program, place VSHIELD before it in the AUTOEXEC.BAT. A NOTE ON VSHIELD AND NETWORKS If network drivers are being used, VSHIELD *MUST* be run again with the /RECONNECT option AFTER the network drivers are loaded. This is because network drivers replace the normal DOS system interrupts so VSHIELD no longer recognizes program loads. It is recommended that VSHIELD be used in non-swap mode if free memory permits. Use of the /SWAP option will slow down the system and may cause conflicts with programs that fail to allocate memory properly from the system. If conflicts occur, remove the /SWAP option and reboot the system. If there is not enough memory to load VSHIELD in non-swap mode, then VSHIELD1 should be used instead. Networks other than Micosoft LAN Manager with workstations running Windows 3.0 and printing to an HPLJ II (or compatible) printer over the network occasionally have problems with random blocks of memory being sent to the printer when VSHIELD is installed. This is because other network operating systems may not redirect the printer correctly. This can be fixed by changing all occurrences of the text "LPT1:" to "LPT1.PRN:" while leaving the "LPT1.OS2:" text along in WIN.INI or upgrading to Windows 3.1. ERROR LEVELS After VSHIELD has installed itself in memory, it will set the DOS ERRORLEVEL. ERRORLEVEL's are used in batch files to pass along the results of a programs's actions. The ERRORLEVEL's returned by VSHIELD are: ERRORLEVEL │ DESCRIPTION ═══════════╪═══════════════════════════════════════════════ 0 │ No viruses found 1 │ One or more viruses found 2 │ Abnormal termination (program error) VSHIELD Version 5.1C95 Page 14 VIRUS REMOVAL What do you do if a virus is found? You can contact McAfee Associates for help by BBS, FAX, telephone, Internet, or CompuServe. There is no charge for support calls to McAfee Associates. The CLEAN-UP universal virus disinfection program can disinfect virtually all reported computer viruses. It is updated with each release of the SCAN program to remove new viruses. CLEAN-UP can be downloaded from McAfee Associates' BBS, the SIMTEL20 archives on the Internet, the Computer Virus Help Forum on CompuServe, or from the agents listed in the the enclosed AGENTS.TXT file. It is strongly recommended that you get experienced help in dealing with viruses if you are unfamilar with anti-virus software and methods. This is especially true for 'critcal' viruses and partition table/boot sector infecting viruses as improper removal of these viruses can result in the loss of all data and use of the infected disk(s). [For a listing of critcal viruses, please refer to the VIRUSCAN documentation.] For qualified assistance in removing a virus, please contact McAfee Associates directly or any of the Authorized McAfee Associates Agents in your area. Agents may charge McAfee Associates normal support rates for their services. If you wish to remove a file-infecting virus manually, you can run SCAN with the /A and /D switches to erase all infected files. Before removing a boot sector and partition table-infecting virus, it is recommended that you cold boot the infected PC from a clean DOS disk and backup any critical data. REGISTRATION A registration fee of US$25.10 is required for the use of VSHIELD by individual home users. Registration entitles the holder to unlimited free upgrades from McAfee Associates' BBS or the Computer Virus Help Forum on CompuServe and technical support for one year. When registering, a disk containing the latest version may be requested for an additional US$9.00 Only one diskette mailing will be made. Registration is for home users only and does not apply to businesses, corporations, organizations, government agencies, or schools, who must obtain a license for use. Contact McAfee Associates directly or an Authorized Agent for information on licensing. VSHIELD Version 5.1C95 Page 15 TECHNICAL SUPPORT For fast and accurate help, please have the following information ready when you contact McAfee Associates: - Program name and version number. - Type and brand of computer, hard disk, plus any peripherals. - Version of DOS plus any TSRs or device drivers in use. - Printouts of your AUTOEXEC.BAT and CONFIG.SYS files. - A printout of what is in memory from the MEM command (DOS 4 and above users only) or a similar utility. - The exact problem you are having. Please be as specific as possible. Having a printout of the screen and/or being at your computer will be helpful. McAfee Associates can be contacted by BBS, CompuServe, FAX, or InterNet 24 hours a day, or by telephone at (408) 988-3832, Monday through Friday, 7:00AM to 5:30PM Pacific Time. McAfee Associates (408) 988-3832 office 3350 Scott Blvd. Bldg. 14 (408) 970-9727 fax Santa Clara, CA 95054-3107 (408) 988-4004 BBS (32 lines) U.S.A USR HST/v.32/v.42bis/MNP 1-5 CompuServe GO VIRUSFORUM InterNet mcafee@netcom.com VSHIELD Version 5.1C95 Page 16 APPENDIX A: Creating an Exception List for the /CERTIFY Option NOTE: The /CERTIFY option is for use in environments where a significant risk of virus infection from unauthorized software exists. It is not for environments where new software is introduced on a continuous basis. Exception List data files created with an editor or word processor must be saved as ASCII text files. Be sure each line ends with a CR/LF pair. When VSHIELD is used with the /CERTIFY option only files that have been validated by SCAN are allowed to run. If /CERTIFY with an Exception List is used on a system with no files validated by SCAN then only the files listed in the Exception List will be allowed to run. The Exception List uses the following format: d:\pathnam1\filenam1.ext *comment . . d:\pathnam1\filenam2.ext *more comments Where "d:" is the name of the drive, "\pathnam1\" is the name of the path, and "filename.ext" is the name of the file, including the extension. An Exception List can be up to 1,000 characters long. Comment lines are preceded with an asterisk "*" and are ignored by VSHIELD. Running /CERTIFY without an exception list will prevent all programs other than DOS internal commands from being run. VSHIELD 5.1C95 Page 17 APPENDIX B: Miscellaneous Application Notes SAMPLE NOVELL LOGIN SCRIPT AND .BAT FILE FOR VSHIELD AND CHKSHLD The following is a sample system login script for use by Novell NetWare system administrators. The login script gets the ERRORLEVEL from Novell NetWare and then displays the error messages on the users' screens. The script exits the user to a .BAT file that performs a logoff if there is an internal error with CHKSHLD, VSHIELD has not been installed, or an older version of VSHIELD is present when a PC logs on to a network. (Start of sample Novell system login script) #CHKSHLD /V 4.3V84 IF ERROR_LEVEL = "3" THEN FIRE PHASERS 5 TIMES WRITE "A CHKSHLD internal error has occurred." WRITE "Please contact the Help Desk." EXIT "NOLOGIN" ELSE IF ERROR_LEVEL = "2" THEN FIRE PHASERS 5 TIMES WRITE "VSHIELD has not been installed on your PC." WRITE "Access denied. Please contact the Help Desk." EXIT "NOLOGIN" ELSE IF ERROR_LEVEL = "1" THEN FIRE PHASERS 5 TIMES WRITE "An old version of VSHIELD has been installed." WRITE "Access to the network has been denied. Please" WRITE "contact the Help Desk to have a new version WRITE "installed." EXIT "NOLOGIN" END END END (End of sample Novell system login script) (Start of sample NOLOGIN.BAT file) ECHO OFF REM Log the user off of the network LOGOUT (End of sample NOLOGIN.BAT file) More complex login scripts can be created to send a message to the supervisor if an error has occurred, update the user's VSHIELD.EXE as he logs in to the network, etc.