home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware 1 2 the Maxx
/
sw_1.zip
/
sw_1
/
VIRUS
/
VSHLD99.ZIP
/
VSHLD99.DOC
< prev
Wrap
Text File
|
1992-12-01
|
40KB
|
981 lines
VSHIELD Version 5.2V99
VSHIELD1 Version 0.2
CHKSHLD Version 1
Copyright 1989-1992 by McAfee Associates.
All rights reserved
Documentation by Aryeh Goretsky.
McAfee Associates (408) 988-3832 office
3350 Scott Blvd. Bldg. 14 (408) 970-9727 fax
Santa Clara, CA 95054-3107 (408) 988-4004 BBS (25 lines)
U.S.A USR HST/v.32/v.42bis/MNP1-5
CompuServe GO MCAFEE
Internet support@mcafee.COM
TABLE OF CONTENTS
SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
- What is VSHIELD?
- System requirements
AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . . .2
- Verifying the integrity of VSHIELD
WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . . .3
- New features and viruses added in this release
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
- A note on switches
- General description of VSHIELD
OPERATION and OPTIONS. . . . . . . . . . . . . . . . . . . . . .6
- How to use VSHIELD, VSHIELD1, and CHKSHLD
- Detailed explanation of switches
EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
- Samples of frequently-used options
INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . .13
- How to install VSHIELD on your system
- A note on VSHIELD and networks
ERROR LEVELS . . . . . . . . . . . . . . . . . . . . . . . . . .13
- Running VSHIELD from batch files
VIRUS REMOVAL. . . . . . . . . . . . . . . . . . . . . . . . . .14
- What to do if a virus is found
REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . . .14
- How to register VSHIELD
TECHNICAL SUPPORT. . . . . . . . . . . . . . . . . . . . . . . .15
- Information you should have ready when calling
APPENDIX A . . . . . . . . . . . . . . . . . . . . . . . . . . .16
- Creating an exception list for the /CERTIFY option
APPENDIX B . . . . . . . . . . . . . . . . . . . . . . . . . . .17
- Sample CHKSHLD program script
Page 1
VSHIELD Version 5.2V99 Page 2
SYNOPSIS
VSHIELD is a virus prevention program for IBM PC and
compatibles. VSHIELD prevents viruses from infecting your
system. When VSHIELD first loads it will search the PC for
known computer viruses in memory, the partition table, boot
sector, system files, and itself before installing itself as a
Terminate-and-Stay-Resident (TSR) program.
VSHIELD checks for viruses by scanning for virus signatures
and/or validation codes added by SCAN as programs load, if any.
All programs are checked before they are allowed to run; if a
virus is found VSHIELD will not allow it to execute. VSHIELD
also prevents reboots from disks infected by boot-sector viruses.
VSHIELD optionally checks validation codes added by SCAN
by SCAN to determine if a file has been altered. VSHIELD has an
option to check for viruses as files are copied or accessed.
VSHIELD optionally provides access control functions to
reduce the risk of virus infection from unauthorized software.
Two discreet programs are available. The first,
VSHIELD.EXE, checks for viruses using virus signatures and
validation codes added by SCAN. The second, VSHIELD1.EXE,
only checks validation codes added by SCAN. Both programs
monitor all program loads from all disks unless otherwise
specified.
The CHKSHLD program checks for VSHIELD in memory for use
in network login scripts.
VSHIELD will run on any PC with 256Kb and DOS 2.10 or
above. VSHIELD1 uses 6Kb of memory. VSHIELD uses 40Kb of base
memory if loaded normally, 3Kb if swapped-to-disk, or 416 bytes
if loaded into upper memory.
AUTHENTICITY
VSHIELD is packaged with VALIDATE, a program that ensures
the integrity of VSHIELD, VSHIELD1, and CHKSHLD executables.
The VALIDATE.DOC file describes how to use VALIDATE.
The validation results for the VSHIELD Version 5.2V99 and
VSHIELD1 Version 0.2 programs should be:
FILE NAME: VSHIELD.EXE VSHIELD1.EXE CHKSHLD.EXE
SIZE: 45,576 11,323 7,839
DATE: 12-01-1992 2-14-1991 11-19-1992
FILE AUTHENTICATION
Check Method 1: B7EE 8578 DF12
Check Method 2: 037E 03CE 028B
If your copy of VSHIELD differs, it may have been damaged or
have options stored in it with the /SAVE switch. Run VSHIELD
with only the /SAVE switch to remove any stored options and then
re-run VALIDATE. Always obtain your copy of VSHIELD from a
known source. The latest version of VSHIELD and validation codes
can be obtained from our BBS at (408) 988-4004.
VSHIELD Version 5.2V99 Page 3
Beginning with Version 72, all of McAfee Associates'
VIRUSCAN programs are archived with PKWare's PKZIP Authentic
File Verification. If you do not see an "-AV" after every file
is unzipped and receive the "Authentic Files Verified! # NWN405
Zip Source: McAFEE ASSOCIATES" message when you unzip the files
then do not use them. If your version of PKUNZIP does not have
verification ability, then the message may not be displayed.
Please contact us if you believe tampering has occured to your
.ZIP file.
WHAT'S NEW
VSHIELD has been updated to recognize all the new viruses
added in VIRUSCAN Version 99. Additionally, one new command line
switch has been added, the /CF switch. This switch allows VSHIELD
to check files using the recovery and validation data created by
VIRUSCAN's /AF option.
For more information on viruses added in this release,
please refer to the VIRUSCAN documentation, the accompanying
VIRLIST.TXT file, or Patricia Hoffman's Hypertext VSUM.
INTERNET ACCESS TO McAFEE ASSOCIATES SOFTWARE
The latest versions of McAfee Associates' anti-viral
software is now available by anonymous ftp (file transfer
protocol over the Internet from the site mcafee.COM. If
your domain resolver does not support names, use the IP#
192.187.128.1. Enter "anonymous" for your user I.D. and
your own email address for the password. Programs are
located in the pub/antivirus directory. If you have any
questions, please send email to support@mcafee.COM
McAfee Associates' anti-viral software may also be
found at the Simtel20 archive site WSMR-SIMTEL20.Army.MIL
in the PD1:<MSDOS.TROJAN-PRO> directory and its associated
mirror sites WUARCHIVE.WUSTL.EDU (US), NIC.SWITCH.CH (Swiss),
NIC.FUNET.FI (Finland), SRC.DOC.IC.AC (UK), and
RANA.CC.DEAK.OZ.AU (Australia).
VSHIELD Version 5.2V99 Page 4
OVERVIEW
VSHIELD is a memory-resident program that prevents virus
infection. VSHIELD does this by checking programs as they are
loaded by the computer. VSHIELD will not allow a file to run if
a virus is found, a program does not match its validation code,
or a file is not on the /CERTIFY list--this prevents the virus
from entering your system. VSHIELD also checks for boot
sector viruses during reboots and optionally checks for viruses
during copy operations or whenever a disk is accessed.
When VSHIELD is run from the AUTOEXEC.BAT, it is installed
each time the system is turned on or rebooted. VSHIELD checks
memory, the partition table, boot sector, system files, and
itself for viruses prior to installation as a Terminate-and-
Stay-Resident (TSR) program. It monitors all program loads
for viruses.
When a system is booted from an infected disk, VSHIELD will
detect the virus the next time VSHIELD runs since VSHIELD must
be in memory to detect the virus.
VSHIELD has four user-selectable levels of protection:
- Level I protection, provided by VSHIELD1, checks validation
codes added by VIRUSCAN's /AV or /AG switches [see
VIRUSCAN's documentation for more information]. Programs
failing the validation check will not be allowed to run.
VSHIELD1 also checks the partition table and boot sector
validation codes, if present. Level I provides minimal
protection only and is not recommended for normal use,
VSHIELD is recommended instead.
- Level II protection, provided by VSHIELD, checks programs
for virus signatures, the pattern of code unique to each
virus. If a virus is found, VSHIELD will not allow the
program to run. VSHIELD will also prevent reboots from
disks infected with a boot sector viruses.
- Level III protection, provided by VSHIELD /CF {filename} or
/CV, incorporates both Level I and Level II protections.
- Level IV protection, provided by VSHIELD /CERTIFY,
incorporates Level III protection with access control,
specifying which programs can be run.
VSHIELD Version 5.2V99 Page 5
Each level of protection has its advantages and disadvantages.
VSHIELD1 (Level I) requires the least system overhead,
using 6Kb of memory. It provides only minimal protection.
VSHIELD (Levels 2-4) requires as much as 40Kb of memory;
this may be reduced to 416 bytes by loading into upper memory.
VSHIELD1 will add an average of one second to each program
load.
VSHIELD adds an average of one second to program loads and
six seconds to reboots. Using the /SWAP option adds an
additional second since VSHIELD must re-load itself from disk
prior to checking another file.
VSHIELD will not degrade the performance of the system once
programs have been loaded, except for programs which load other
programs when the /ACCESS or /COPY options are being used.
NOTE: VSHIELD and VSHIELD1 should not be used simultaneously.
Either one or the other should be used, but not both.
CHKSHLD is run to see if VSHIELD is in memory. CHKSHLD can
look for the presence of any version of VSHIELD, or a specific
version (a feature that can be used to update a workstation from
its file server).
VSHIELD Version 5.2V99 Page 6
OPERATION and OPTIONS
IMPORTANT NOTE: CREATE A BACKUP DISK BY COPYING VSHIELD TO A
BLANK FLOPPY AND WRITE-PROTECT IT
To provide optimal protection against viruses VSHIELD (or
VSHIELD1) should normally be placed at the end of the
AUTOEXEC.BAT. However, if a menu program is run from the
AUTOEXEC.BAT, VSHIELD should be loaded before it. Popular
menu programs include MS-DOS's DOSSHELL, etc.
Loading disk cache or network driver programs after
VSHIELD may disable it. To prevent this from happening, re-run
VSHIELD with the /RECONNECT switch.
CHKSHLD should be run from the network login script. An
ERRORLEVEL is returned if VSHIELD is in memory. This can be
used for creating scripts to check and update VSHIELD.
A NOTE ON VSHIELD'S SWITCHES
VSHIELD is designed to provide a high degree of protection
even when none of the switches below are used. Placing VSHIELD
in the the AUTOEXEC.BAT file with no options provides sufficient
protection for virtually all environments. If available memory
is at a premium, the /LH (Load High) or /SWAP (Swap-to-Disk)
options can be used to minimize memory usage.
Other options should be used only if required due to non-
standard systems or special security needs. VSHIELD provides
many options for flexibility in meeting the needs of corporate,
network, and secure environments but trade-offs in system
overhead and user restrictions must be carefully evaluated.
VSHIELD Version 5.2V99 Page 7
Valid options for VSHIELD are listed below:
VSHIELD /ACCESS /CERTIFY {filename} /CF {filename} /CHKHI
/CONTACT message /COPY /CV /F {pathname} /IGNORE {drive(s)}
/LH /LOCK /M /NB /NI6510 /NODISK /NOBREAK /NOCONT /NOMEM
/RECONNECT /SAVE /SWAP {pathname} /WINDOWS /ONLY {drive(s)}
Options are:
/ACCESS - Check for virus when files are opened
/CERTIFY {filename} - Enable access control ({filename} is an
optional exception list)
/CF {filename} - Check for viruses using recovery & validation
data stored in {filename}
/CHKHI - Check memory from 0-1088Kb for viruses
/CONTACT {message} - Display {message} when virus is found
/COPY - Check for viruses during COPY operations
/CV - Check validation codes added by VIRUSCAN
/IGNORE {drive(s)} - Ignore program loads from specified drive(s)
/LH - Load VSHIELD into upper memory blocks
/LOCK - Halt system when a virus is found
/M - Scan memory for all viruses during install
(see restrictions below)
/NB - Disable boot sector check during install
and reboot
/NI6510 - Fixes Racal Datacomm NI6510 conflict
/NOBREAK - Disable Ctrl-C / Ctrl-Brk during install
/NOCONT - Prevent running of non-certified programs
/NODISK - Disable boot sector check during install
only
/NOMEM - Skip memory checking
/NOREMOVE - Disable /REMOVE switch
/ONLY {drive(s)} - Check program loads from specified drive{s}
/RECONNECT - Re-link system interrupts after network
drivers are loaded
/REMOVE - Unload VSHIELD from memory
/SAVE - Save specified switches as new defaults
/SWAP {pathname} - Load kernel (3Kb) only; swap rest to disk
/F {pathname} - Use with /SWAP for DOS 2.1 systems ONLY
/WINDOWS - Checks DOS processes under Windows
The /ACCESS option tells VSHIELD to check for viruses any
time a program is opened for any reason. The /ACCESS may slow
down programs under Windows or when copying with menu programs.
Using /CV with /ACCESS is not recommended for performance
reasons. The /ACCESS option cannot be used with the /SWAP or
/COPY options. The /ACCESS option is for high risk environments
like open university computer labs or software developers. It
will, for example, prevent a developer from zipping a virus-
infected file into an archive for distribution.
VSHIELD Version 5.2V99 Page 8
The /CF option checks recovery and validation data stored
by VIRUSCAN's /AF option. If a file or system area has changed,
VSHIELD will report that a viral infection may have occurred. The
syntax is /CF {filename}, where {filename} is the name of the
recovery and validation data file created by VIRUSCAN.
The /CERTIFY option prevents files without validation codes
added by VIRUSCAN ffrom being run. This option is for system
administrators to prevent users from running programs that could
introduce a virus. An exception list of "trusted" files can be
created to allow use of programs that do not work correctly with
validation codes attached. For instructions on creating an
exception list, refer to Appendix A.
NOTE: Running /CERTIFY without an exception list or validation
codes will prevent all programs except for DOS internal
commands from running.
The /CHKHI option checks memory above 640Kb on 286/386/486
systems for viruses. This covers Upper Memory Blocks from
640 - 1024K, and the High Memory Area from 1024 - 1088K. This
option cannot be used with the /NOMEM option.
The /CONTACT option is used to display a custom message
when a virus is found. The message can be up to 50 characters
long and contain any character except for a backslash "\".
Messages starting with a hyphen "-" or slash "/" must be placed
into quotation marks.
The /COPY option checks files for viruses during COPY
operations and checks the floppy drives for boot sector viruses
during COPY and DIR operations. The /COPY option does not work
with 4DOS or NDOS. This option cannot be used with the /ACCESS
or /SWAP options.
The /CV option checks validation codes added by SCAN to
.COM and .EXE files. If a file has changed it will no longer
match its validation code and VSHIELD will report the file has
been modified and a viral infection may have occurred. For
instructions on adding validation codes, refer to VIRUSCAN's
documentation.
The /F option is required for using /SWAP under DOS 2.0.
The /F option instructs VSHIELD where to swap from. The
complete path and file name must be specified after the /F.
The /IGNORE option tells VSHIELD to ignore program loads
from specified drives. Ignored drives will NOT be checked for
viruses. Up to 26 drives may be ignored. /IGNORE is designed
for use with LAN's that have virus protection and is not
recommended for stand-alone PC's or networks with no anti-viral
features in place.
VSHIELD Version 5.2V99 Page 9
The /LH option loads VSHIELD into upper memory. For /LH to
work, an expanded memory manager such as MS-DOS 5.00's
EMM386.EXE must be used (for 386/486 systems) or QEMM (for 286/
386/486 systems). This option cannot be used with /SWAP.
The /LOCK option halts the system if a virus is found so
that infection cannot occur. It is recommend that the /CONTACT
switch be used to tell the user what to do when the system
halts.
The /M option checks base memory for all known memory-
resident viruses before VSHIELD installs in memory. By default,
VSHIELD only checks memory for critical (stealth) viruses. If a
critical virus is found during installation, VSHIELD will stop
and advise the user to turn off the PC, boot from a clean
(virus-free) DOS system disk and scan the system for viruses.
For a listing of critical viruses, please refer to the VIRUSCAN
documentation. This option cannot be used with the /NOMEM
option.
The /NB option tells VSHIELD to skip the partition table
and boot sector check during installation and reboots.
The /NI6510 option prevents a conflict between VSHIELD
Racal-Datacomm NI6510 network interface cards: when a PC was
rebooted, a stream of corrupted packets would be sent across the
network. The problem and solution is specific the NI6510 and
does not apply to any other product.
The /NOBREAK option prevents Ctrl-C and Ctrl-Brk from
stopping VSHIELD during the installation process.
The /NOCONT option prevents the user from proceeding after
the "Proceed Anyway? Y/N" message when running non-certified
programs.
The /NODISK option disables the boot sector and partition
table check during installation. This option can be used to
load VSHIELD from a network server.
The /NOMEM option skips the memory check for viruses during
installation. It should only be used when a PC is known to be
virus-free. This option cannot be used with the /CHKHI or /M
options.
The /NOREMOVE option prevents VSHIELD from being unloaded
with the /REMOVE option. This option cannot be used with the
/REMOVE option.
The /ONLY option tells VSHIELD to check program loads only
from the specified drives. All other drives will be ignored.
This option cannot be used with the /IGNORE option.
VSHIELD Version 5.2V99 Page 10
The /RECONNECT option is used to restore VSHIELD's link
into DOS after another program has disabled it, such as a
network driver or disk cache. This eliminates the need to
continually load and unload VSHIELD when logging on to a
network.
The /REMOVE option unloads VSHIELD from memory. If other
memory resident programs are loaded after VSHIELD, then VSHIELD
cannot be unloaded. This option can be disabled by installing
VSHIELD with the /NOREMOVE option.
The /SAVE option is used to store VSHIELD options for
subsequent executions of VSHIELD. Options are stored by
modifying the VSHIELD.EXE executable file. For example:
VSHIELD /LH /M /NOBREAK /SAVE
will set the VSHIELD defaults to /LH, /M, and /NOBREAK. If
VSHIELD is run with just the /SAVE switch, then all options are
removed and VSHIELD executes with its original default settings.
The /SWAP option tells VSHIELD to install a small (3Kb)
kernel in memory and load itself on demand. If a path is
specified after /SWAP, VSHIELD will swap from there instead
of the path from which it is being executed. The /SWAP option
cannot be used with the /COPY or /ACCESS options.
NOTE: The /SWAP parameter should only be used if limited
amounts of memory are available for programs. It is
recommended that VSHIELD be used without the /SWAP
option whenever memory permits.
The /WINDOWS option is used when running Windows 3 to allow
VSHIELD to display messages properly. This option has no effect
if Windows is not used.
Valid options for VSHIELD1 are listed below:
VSHIELD1 /NB /REMOVE
Options are:
/NB - Disable boot sector checking during install
and reboot.
/REMOVE - Unload VSHIELD1 from memory
The /NB option tells VSHIELD1 to skip the partition table
and boot sector check during installation and reboots.
VSHIELD Version 5.2V99 Page 11
The /REMOVE option unloads VSHIELD1 from memory. If other
memory resident programs are loaded after VSHIELD1, then
VSHIELD1 cannot be unloaded.
Valid options for CHKSHLD are listed below:
CHKSHLD /DEBUG /Q /V xxxxx /? /H /HELP
Options are:
/DEBUG - Display version and ERRORLEVEL
/Q - Quiet mode (no messages displayed)
/V xxxxx - Check for version 'xxxxx' of VSHIELD in memory
/? /H /HELP - Display help screen
The /DEBUG option displays the version of VSHIELD resident
in memory and the DOS ERRORLEVEL on the screen.
The /Q option stops CHKSHLD from displaying any messages.
The /V option tells CHKSHLD to look for a specific version
of VSHIELD in memory. For example, "4.3V84" for VSHIELD 4.3V84.
The /?, /H, and /HELP options display a help screen.
CHKSHLD's ERRORLEVELS
CHKSHLD sets the DOS ERRORLEVEL to the following values:
ERRORLEVEL │ DESCRIPTION
═══════════╪═══════════════════════════════════════════════
0 │ VSHIELD is resident, or if /V is used, the
│ version specified is resident in memory.
1 │ VSHIELD is resident but does not match /V
2 │ VSHIELD is NOT resident in memory
3 │ Abnormal termination (program error)
OPERATION
CHKSHLD allows network administrators to check workstations
for VSHIELD before allowing them to log on to a network.
CHKSHLD is not recommended for home or non-network users.
A sample login script for Novell NetWare is included in
Appendix B.
VSHIELD Version 5.2V99 Page 12
EXAMPLES
The following examples show different option settings:
VSHIELD
Installs VSHIELD (Level II protection)
VSHIELD /CV
Installs VSHIELD (Level III protection)
VSHIELD /CERTIFY EXCPTN.LST
Installs VSHIELD (Level IV protection) with an
exception list named EXCPTN.LST.
VSHIELD /SWAP
Installs VSHIELD kernel in memory and swaps from
root directory of disk with DOS 3.0 and above.
VSHIELD /SWAP /F C:\VSHIELD.EXE
Installs VSHIELD kernel resident and swaps from
root directory of disk with DOS 2.0 system.
VSHIELD /CV /CONTACT "Please Contact the PC Help Desk"
Installs VSHIELD (Level III protection) and
display a message if virus is found.
VSHIELD /M /CHKHI /CV /LH /WINDOWS
Installs VSHIELD (Level III protection) checking for
all memory resident viruses in base and high memory
prior to install, load VSHIELD high, and Windows
compatibility mode turned on.
VSHIELD /RECONNECT
Re-enable VSHIELD after it has been disconnected by
network device drivers.
VSHIELD /CF C:\MCAFEE\SCANCRC.CRC
Install VSHIELD with Level III protection checking
recovery & validation data file created by VIRUSCAN's
/AF option.
CHKSHLD /V 4.3V84 /Q
Checks for VSHIELD 4.3V84 in memory, no messages
displayed.
VSHIELD Version 5.2V99 Page 13
INSTALLATION
For optimum protection, place VSHIELD as the last line in
your AUTOEXEC.BAT file. If you are using a menu program, place
VSHIELD before it in the AUTOEXEC.BAT.
A NOTE ON VSHIELD AND NETWORKS
If network drivers are being used, VSHIELD *MUST* be run
again with the /RECONNECT option AFTER the network drivers are
loaded. This is because network drivers replace the normal DOS
system interrupts so VSHIELD no longer recognizes program loads.
It is recommended that VSHIELD be used in non-swap mode if
free memory permits. Use of the /SWAP option will slow down the
system and may cause conflicts with programs that fail to
allocate memory properly from the system. If conflicts occur,
remove the /SWAP option and reboot the system. If there is not
enough memory to load VSHIELD in non-swap mode, then VSHIELD1
should be used instead.
Networks other than Micosoft LAN Manager with workstations
running Windows 3.0 and printing to an HPLJ II (or compatible)
printer over the network occasionally have problems with random
blocks of memory being sent to the printer when VSHIELD is
installed. This is because other network operating systems may
not redirect the printer correctly. This can be fixed by
changing all occurrences of the text "LPT1:" to "LPT1.PRN:"
while leaving the "LPT1.OS2:" text along in WIN.INI or upgrading
to Windows 3.1.
ERROR LEVELS
After VSHIELD has installed itself in memory, it will set
the DOS ERRORLEVEL. ERRORLEVEL's are used in batch files to
pass along the results of a programs's actions. The
ERRORLEVEL's returned by VSHIELD are:
ERRORLEVEL │ DESCRIPTION
═══════════╪═══════════════════════════════════════════════
0 │ No viruses found
1 │ One or more viruses found
2 │ Abnormal termination (program error)
VSHIELD Version 5.2V99 Page 14
VIRUS REMOVAL
What do you do if a virus is found? You can contact McAfee
Associates for help by BBS, FAX, telephone, Internet, or
CompuServe. There is no charge for support calls to McAfee
Associates.
The CLEAN-UP universal virus disinfection program can
disinfect virtually all reported computer viruses. It is
updated with each release of the SCAN program to remove new
viruses. CLEAN-UP can be downloaded from McAfee Associates'
BBS, the mcafee.COM site on the Internet, the McAfee Virus
Help Forum on CompuServe, or from any of the agents listed in
the enclosed AGENTS.TXT file.
It is strongly recommended that you get experienced help in
dealing with viruses if you are unfamilar with anti-virus
software and methods. This is especially true for 'critcal'
viruses and partition table/boot sector infecting viruses as
improper removal of these viruses can result in the loss of all
data and use of the infected disk(s). [For a listing of critcal
viruses, please refer to the VIRUSCAN documentation.]
For qualified assistance in removing a virus, please
contact McAfee Associates directly or any of the Authorized
McAfee Associates Agents in your area. Agents may charge McAfee
Associates normal support rates for their services.
If you wish to remove a file-infecting virus manually, you
can run SCAN with the /A and /D switches to erase all infected
files.
Before removing a boot sector and partition table-infecting
virus, it is recommended that you cold boot the infected PC from
a clean DOS disk and backup any critical data.
REGISTRATION
A registration fee of US$25.00 is required for the use of
VSHIELD by individual home users. Registration entitles the
holder to unlimited free upgrades from McAfee Associates' BBS
or the Computer Virus Help Forum on CompuServe and technical
support for one year. When registering, a disk containing the
latest version may be requested for an additional US$9.00
Only one diskette mailing will be made.
Registration is for home users only and does not apply to
businesses, corporations, organizations, government agencies, or
schools, who must obtain a license for use. Contact McAfee
Associates directly or an Authorized Agent for information on
licensing.
VSHIELD Version 5.2V99 Page 15
TECHNICAL SUPPORT
For fast and accurate help, please have the following
information ready when you contact McAfee Associates:
- Program name and version number.
- Type and brand of computer, hard disk, plus any
peripherals.
- Version of DOS plus any TSRs or device drivers in use.
- Printouts of your AUTOEXEC.BAT and CONFIG.SYS files.
- A printout of what is in memory from the MEM command
(DOS 4 and above users only) or a similar utility.
- The exact problem you are having. Please be as
specific as possible. Having a printout of the
screen and/or being at your computer will be helpful.
McAfee Associates can be contacted by BBS, CompuServe, FAX, or
InterNet 24 hours a day, or by telephone at (408) 988-3832,
Monday through Friday, 7:00AM to 5:30PM Pacific Time.
McAfee Associates (408) 988-3832 office
3350 Scott Blvd. Bldg. 14 (408) 970-9727 fax
Santa Clara, CA 95054-3107 (408) 988-4004 BBS (25 lines)
U.S.A USR HST/v.32/v.42bis/MNP1-5
CompuServe GO MCAFEE
InterNet support@mcafee.COM
VSHIELD Version 5.2V99 Page 16
APPENDIX A: Creating an Exception List for the /CERTIFY Option
NOTE: The /CERTIFY option is for use in environments where a
significant risk of virus infection from unauthorized
software exists. It is not for environments where new
software is introduced on a continuous basis.
Exception List data files created with an editor or word
processor must be saved as ASCII text files. Be sure each line
ends with a CR/LF pair.
When VSHIELD is used with the /CERTIFY option only files
that have been validated by SCAN are allowed to run. If
/CERTIFY with an Exception List is used on a system with no
files validated by SCAN then only the files listed in the
Exception List will be allowed to run.
The Exception List uses the following format:
d:\pathnam1\filenam1.ext
*comment
.
.
d:\pathnam1\filenam2.ext
*more comments
Where "d:" is the name of the drive, "\pathnam1\" is the name of
the path, and "filename.ext" is the name of the file, including
the extension. An Exception List can be up to 1,000 characters
long. Comment lines are preceded with an asterisk "*" and are
ignored by VSHIELD.
Running /CERTIFY without an exception list will prevent all
programs other than DOS internal commands from being run.
VSHIELD 5.2V99 Page 17
APPENDIX B: Miscellaneous Application Notes
SAMPLE NOVELL LOGIN SCRIPT AND .BAT FILE FOR VSHIELD AND CHKSHLD
The following is a sample system login script for use by
Novell NetWare system administrators. The login script gets
the ERRORLEVEL from Novell NetWare and then displays the error
messages on the users' screens. The script exits the user to
a .BAT file that performs a logoff if there is an internal error
with CHKSHLD, VSHIELD has not been installed, or an older
version of VSHIELD is present when a PC logs on to a network.
(Start of sample Novell system login script)
#CHKSHLD /V 4.3V84
IF ERROR_LEVEL = "3" THEN
FIRE PHASERS 5 TIMES
WRITE "A CHKSHLD internal error has occurred."
WRITE "Please contact the Help Desk."
EXIT "NOLOGIN"
ELSE
IF ERROR_LEVEL = "2" THEN
FIRE PHASERS 5 TIMES
WRITE "VSHIELD has not been installed on your PC."
WRITE "Access denied. Please contact the Help Desk."
EXIT "NOLOGIN"
ELSE
IF ERROR_LEVEL = "1" THEN
FIRE PHASERS 5 TIMES
WRITE "An old version of VSHIELD has been installed."
WRITE "Access to the network has been denied. Please"
WRITE "contact the Help Desk to have a new version
WRITE "installed."
EXIT "NOLOGIN"
END
END
END
(End of sample Novell system login script)
(Start of sample NOLOGIN.BAT file)
ECHO OFF
REM Log the user off of the network
LOGOUT
(End of sample NOLOGIN.BAT file)
More complex login scripts can be created to send a message to
the supervisor if an error has occurred, update the user's
VSHIELD.EXE as he logs in to the network, etc.
