Tech Arsenal 1

home *** CD-ROM | disk | FTP | other *** search

/ Tech Arsenal 1 / Tech Arsenal (Arsenal Computer).ISO / tek-06 / netshld.zip / NETSHLD.DOC < prev next >

Wrap

Text File | 1992-08-18 | 21KB | 622 lines

NETSHIELD Version 1.0 (V95) Copyright 1992 by McAfee Associates All Rights Reserved Documentation by Aryeh Goretsky NOTE: Novell NetWare/386 is a registered trademark of Novell, Inc. McAfee Associates TEL (408) 988-3832 3350 Scott Blvd, Bldg 14 FAX (408) 970-9727 Santa Clara, California BBS (408) 988-4004 95054-3107 CompuServe GO VIRUSFORUM USA InterNet mcafee@netcom.COM TABLE OF CONTENTS INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . 2 AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . . 2 INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . 3 OPERATION AND AVAILABLE OPTIONS. . . . . . . . . . . . . . . . 4 CONFIGURATION OPTIONS. . . . . . . . . . . . . . . . . . . . . 5 REPORT OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . 8 VIRUS REMOVAL. . . . . . . . . . . . . . . . . . . . . . . . . 9 TECHNICAL SUPPORT. . . . . . . . . . . . . . . . . . . . . . . 10 LICENSE. . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Page 1 NETSHIELD Version 1.0 (V95) Page 2 INTRODUCTION NETSHIELD is a NLM (NetWare Loadable Module) for Novell NetWare/386 Version 3.11. It checks network file servers for all known computer viruses, including stealth and polymorphic (mutation engine) viruses, using McAfee Associates' VIRUSCAN virus scanning technology. Key features of NETSHIELD include checking files for viruses as they are accessed on the server, performing a scheduled scan, and notifying users if a virus is found. NETSHIELD does not changed the Last Accessed Date when scanning files. NETSHIELD runs on any Novell NetWare/386 3.11 file server with a minimum of 450Kb of free memory and should utilize less than 6% of the CPU. AUTHENTICITY NETSHIELD is packaged with the VALIDATE program to ensure the integrity of the NETSHLD.NLM and VIR.DAT files. The VALIDATE.DOC file tells how to use VALIDATE. VALIDATE can be used to check subsequent versions of NETSHIELD for tampering. The validation results for Version 1.0 (V95) should be: File Name: NETSHLD.NLM VIR.DAT Size: 224,658 23,820 Date: 08-18-1992 08-18-1992 Check Method 1: F8BD E0FB Check Method 2: 1A11 1FC8 If your copy of NETSHIELD differs, it may have been damaged. Always obtain your copy of NETSHIELD from a known source. The latest version of NETSHIELD and validation data for NETSHLD.NLM and VIR.DAT can be obtained from McAfee Associates' bulletin board system at (408) 988-4004 or from the Computer Virus Help Forum on CompuServe (GO VIRUSFORUM). Beginning with Version 72, all of McAfee Associates' programs have been archived with PKWare's PKZIP Authentic File Verification. If you do not see an "-AV" after every file is unzipped and receive the "Authentic Files Verified! # NWN405 Zip Source: McAFEE ASSOCIATES" message then do not use them. If your version of PKUNZIP does not have verification ability, then this message may not be displayed. Please contact us if you believe the .ZIP file has been tampered with. NETSHIELD Version 1.0 (V95) Page 3 INSTALLATION Copy the NETSHLD.NLM and VIR.DAT files together into the SYS:SYSTEM directory or any other directory. Add the following line to your AUTOEXEC.NCF file: LOAD NETSHLD This will run NETSHIELD with the default settings when the server is booted. Options for installation are: LOAD NETSHLD runs NETSHIELD with the default settings and no configuration file LOAD NETSHLD LOAD runs NETSHIELD with the default configuration file (VIR$CFG.DAT) LOAD NETSHLD LOAD=filename run NETSHIELD with configuration file "filename" NETSHIELD will always create, load, and store report and configuration files in the directory the NETSHLD.NLM file is stored in unless otherwise specified. When NETSHIELD is started the message "Please wait, loading patterns." appears. NETSHIELD is now loading its virus signature definition search string database. Once the patterns have been loaded, the Available Options Menu appears. NETSHIELD Version 1.0 (V95) Page 4 OPERATION AND AVAILABLE OPTIONS Once NETSHIELD has loaded its patterns, the Available Options Menu will appear. Select from the following options: _________________ AVAILABLE OPTIONS MENU ______________________ Do a scan immediately Terminate a current scan Configuration options Report options Exit _______________________________________________________________ OPTION: Do a scan immediately MEANS: Start a scan of server volume(s) for viruses. EXPLANATION: This starts a scan of all volume(s) listed under "Volumes to Scan" (selected from the Configuration Options Menu). OPTION: Terminate a current scan MEANS: End the current scan process. EXPLANATION: Halts an Immediate (started at the server console by the supervisor) or Period (scheduled for a specific time) scan. OPTION: Configuration options MEANS: Configure NETSHIELD's parameters. EXPLANATION: Brings up the Configuration Menu. From this menu the various NETSHIELD parameters can be set. For more information, please refer to the CONFIGURATION OPTIONS section. OPTION: Report Options MEANS: Set reporting options, view log file. EXPLANATION: Brings up the Report Options Menu. From this menu the various NETSHIELD reporting options can be set. For more information, please refer to the REPORT OPTIONS section OPTION: Exit MEANS: Unload NETSHIELD EXPLANATION: Shut down and exit to System Console. Console. If an "unload password" has been selected, it must be entered before NETSHIELD unloads itself. NETSHIELD can not be unloaded from the System Console command line. If a regular (Immediate or Periodic) scan is being performed, it will be halted when NETSHIELD unloads. NETSHIELD Version 1.0 (V95) Page 5 CONFIGURATION OPTIONS The Configuration Menu is the menu from which various parameters for NETSHIELD are set. From the Configuration Menu, the following options may be selected: __________________ CONFIGURATION MENU _________________________ On-access scanning options Period-scanning options Action to take on discovering a virus Volumes to scan Contact options Configuration file options Display messages on console screen Change scanned extensions Enter unload password Exit _______________________________________________________________ OPTION: On-access scanning options MEANS: Select accesses to trap for scanning. EXPLANATION: Brings up the Trap Access Menu. From this menu scanning can be selected for incoming files, outgoing files, both, or none. Selecting "Return to Previous menu" returns to the previous menu with no changes made to the options. OPTION: Period-scanning options MEANS: Schedule a scan for a specific time. EXPLANATION: Brings up the Activate/Deactivate Menu. From "Activate" scans can be scheduled on a Daily, Weekly, or Monthly basis. When selecting a "Daily" scan, NETSHIELD will prompt the user to enter the time to start scanning. Enter the time in "24 hour" format, e.g., 1:00PM becomes 1300 hours. Selecting "Deactivate" disables period-scanning. If a period-scan is running when "Deactivate" is selected, the scan will continue until finished. Select "Terminate a current scan" from the Available Options Menu to halt an ongoing period-scan. Select "Return to Previous menu" to return to the previous menu with no changes made to the options. NOTE: When scheduling a periodic scan it is recommend to select a time at which server utilization is low. NETSHIELD Version 1.0 (V95) Page 6 OPTION: Action to take on discovering a virus MEANS: What to do if a virus is found. EXPLANATION: Brings up the Action When Virus Found Menu. From here, NETSHIELD can be configured delete, overwrite and delete, move infected files, select a directory to move infected files to, or leave infected files alone. Selecting "Delete infected file" deletes virus-infected filies. Deleted files can be recovered by the SALVAGE command. Selecting "Overwrite and delete" wipes virus-infected files. Files deleted in this manner can NOT be recovered. Selecting "Move infected file" moves infected files to the directory specified by "Set move-to directory." Selecting "Leave infected files alone" performs no action on infected files. Selecting "Set move-to directory" chooses the destination directory to which infected files are moved. If no directory is specified then a subdirectory named \INFECTED is created in the current directory and infected files are moved into it. Selecting "Exit" displays the current Action and then returns to the previous menu. OPTION: Volumes to scan MEANS: Select which volume(s) to scan. EXPLANATION: Specify which volumes to scan. If no volumes are selected then no virus scanning will occur during Immediate and Period scanning. On-Access scanning will continue as normal on all mounted volumes. By default, all mounted volumes are scanned. Press the INS key to add a volume name, the DEL key to remove a volume name, and the ESC key to exit. OPTION: Contact options MEANS: Select user(s) to alert if virus is found. EXPLANATION: Brings up the Whom To Contact Menu. From here, a list of users to contact in case of a virus is maintained. The user accessing an infected file can be alerted as can a list of users. By default, only the user accessing an infected file is alerted. Press the INS key to insert a user name, the DEL key to remove a name, and the ESC key to exit. OPTION: Configuration file options MEANS: Load and save NETSHIELD configurations. EXPLANATION: Selecting "Configuration file options" brings up the Save and Load Configurations Menu. From it, different configurations can be loaded and saved. The current configuration file is always specified. If no configuration file was specified when NETSHIELD was loaded, the default file, VIR$CFG.DAT, is displayed. Press any key to clear and enter a new filename. NETSHIELD Version 1.0 (V95) Page 7 OPTION: Display messages on console screen MEANS: Toggles display of messages on console screen. EXPLANATION: Turns on and off the display of important message by NETSHIELD to the System Console screen. When selected, it informs the user of the current status of NETSHIELD. By default, NETSHIELD will display messages on the System Console. OPTION: Change scanned extensions MEANS: Change filename extensions to scan for viruses EXPLANATION: Brings up the Change Extensions Scanned Menu. From here, the files that NETSHIELD checks for. By default, NETSHIELD only checks files with extensions of .COM, .EXE, .OV?, and .SYS. Selecting "Extension to scan on access" allows changes to the list of filename extensions checked during on-access scanning. Selecting "Extension to scan on regular scan" allows changes to the filename extensions checked during periodic, or console scanning. Selecting "Extensions that will NOT be scanned" allows changes to the list of filename extensions that you which to exclude from both types of scanning. This list is empty by default. To add filename extensions to scan for viruses, press the INS key, to remove extensions press the DEL key, and the ESC key to exit. To scan ALL files, set the extension to "*". NOTE: Scanning all files may impact server performance. For this reason, scanning all files is generally not recommended. OPTION: Enter unload password MEANS: Require/select a password to unload NETSHIELD EXPLANATION: Allows the setting of a password that is required to unload NETSHIELD from the file server. If a password exists, then it must be re-entered before the password can be changed or removed. OPTION: Exit MEANS: Return to previous menu. EXPLANATION: Exit leaves the Configuration Menu and returns to the Available Options Menu. NETSHIELD Version 1.0 (V95) Page 8 REPORT OPTIONS The Report Options Menu is the menu from which the the creation and viewing of NETSHIELD log files are set. From the Report Options Menu, the following options may be selected: __________________ REPORT OPTIONS MENU _______________________ Set path for log file Disable logging Enable logging View log file _______________________________________________________________ OPTION: Set path for log file MEANS: Select destination directory for report EXPLANATION: Specifies the location to store reports created by NETSHIELD. The current log file is always displayed. If the log file has not been configured, the default filename will be VIR$LOG.DAT. Press any key to clear the filename and enter a new one. OPTION: Disable logging MEANS: Do not create a log file EXPLANATION: Stop creating a report of virus incidents. OPTION: Enable logging MEANS: Create a log file EXPLANATION: Start creating a report of virus incidents OPTION: View log file MEANS: Display log file EXPLANATION: View any log files of virus incidents. Use the HOME key to view the first entry in the log file, the END key to view the last entry, the PGUP and PGDN keys to view the log file one screen at a time, and the ESC key to exit. NETSHIELD Version 1.0 (V95) Page 9 VIRUS REMOVAL It is strongly recommended that you get experienced help in dealing with viruses if you are unfamilar with anti-virus software and methods. This is especially true for 'critical' viruses that infect files whenever they are accessed and partition table/boot sector infecting viruses as improper removal can result in the loss of all data and use of the infected disk(s). If you require assistance with a computer virus incident, you can contact McAfee Associates for help by BBS, FAX, telephone, Internet, or CompuServe. There is no charge for technical support directly from McAfee Associates. Technical support through any of McAfee Associates' Authorized Agents may be billed at normal support rates. All of McAfee Associates' programs can be downloaded from our BBS, the SIMTEL20 archives on the InterNet, the Computer Virus Help Forum on CompuServe, or from any of the agents listed in the enclosed AGENTS.TXT text file. NETSHIELD Version 1.0 (V95) Page 10 TECHNICAL SUPPORT For fast and accurate help, please have the following information ready when you contact McAfee Associates: - Version number of NETSHIELD x.xx (Vyy) - Brand and model of server, hard disk, installed cards, and any other peripherals. - Version of NetWare. - Printouts of the AUTOEXEC.NCF and STARTUP.NCF files. - The exact problem you are having. Please be as specific as possible. Having a printout of the screen and/or being at the system console will be helpful. In the case of a network crash, please include the following: - Type of error from the ABEND Message - Thread which caused the error Technical support can be contacted by BBS, CompuServe, FAX, or InterNet 24 hours a day, or by telephone at (408) 988-3832, Monday through Friday, 7:00AM to 5:30PM Pacific Time. McAfee Associates (408) 988-3832 office 3350 Scott Blvd. Bldg. 14 (408) 970-9727 fax Santa Clara, CA 95054-3107 (408) 988-4004 BBS (32 lines) U.S.A USR HST/v.32/v.42bis/MNP 1-5 CompuServe GO VIRUSFORUM ATTN: Technical Support Internet mcafee@netcom.COM If you are overseas, there may be an Authorized McAfee Associates Agent in your area. Please refer to the AGENTS.TXT file for a listing of McAfee Associates Agents. NETSHIELD Version 1.0 (V95) Page 11 LICENSE NETSHIELD may be copied and distributed for testing and evaluation purposes on a trial period of five (5) days. If you wish to use NETSHIELD after the trial period, a license is required. Licenses are available for internal use within businesses, organizations, government agencies, and external use by repair centers and other service organizations. License fees are based on the size of the network or number of copies required. Information on licensing can be obtained from McAfee Associates or any of its Authorized Agents listed in the accompanying AGENTS.TXT file.