Magnum One

home *** CD-ROM | disk | FTP | other *** search

/ Magnum One / Magnum One (Mid-American Digital) (Disc Manufacturing).iso / d23 / netscn72.arc / NETSCN72.DOC < prev next >

Wrap

Text File | 1990-12-13 | 6KB | 171 lines

NETSCAN Version V72 From: McAfee Associates 408 988 3832 Executable Program (NETSCAN.EXE): Beginning with Version 51, NETSCAN is packaged with a VALIDATE program that will authenticate the integrity of NETSCAN.EXE. Refer to the VALIDATE.DOC instructions for the use of the validation program. The validation results for V72 should be: SIZE: 61841 DATE: 12-13-90 FILE AUTHENTICATION: Check Method 1 - B112 Check Method 2 - 1E5A You may also call the McAfee Associates bulletin board at 408 988 4004 to obtain on-line NETSCAN.EXE verification data. The VALIDATE program distributed with NETSCAN may be used to authenticate all future versions of NETSCAN. Introduction: NETSCAN is the network version of VIRUSCAN. It scans network virtual drives and identifies any pre-existing PC virus infection in the file servers. NETSCAN will indicate the specific files or system areas that are infected and will identify the virus strain which has caused the infection. Removal can then be done manually or, if the infection is widespread, automatic removal utilities are available which can disinfect each virus strain. NETSCAN version V72, when used in conjunction with VIRUSCAN on the individual workstations, can identify 161 major virus strains and numerous sub-varieties for each strain. The 161 viruses include the twelve most common viruses which account for over 95% of all reported PC infections. The complete list of viruses detected is included in the accompanying file: VIRLIST.TXT. It is important to note that existing virus strains can be grouped and counted differently than the ordering outlined in VIRLIST.TXT. DEN ZUK, for example has two separate versions. Likewise, the STONED, VIENNA, ALAMEDA and JERUSALEM-B viruses have been modified a number of times. Some researchers would define each of these modifications, or sub-varieties, as separate viruses. NETSCAN chooses to group them as the same virus, because the same scan string can identify each of them. This is only done if disinfection requirements for the different sub-varieties are identical. If removal procedures differ for different varieties, then NETSCAN will differentiate between them. These viruses infect one of the following areas: The hard disk partition table; the DOS boot sector of hard disks or floppies; or one or more executable files within the system. The executable files may be operating system programs, system device drivers, .COM files, .EXE files, overlay files or any other file which can be loaded into memory and executed. NETSCAN, when used in conjunction with VIRUSCAN on the workstations, identifies every area or file that has become infected and indicates the name of the virus that has infected each file. Operation: IMPORTANT: Always place NETSCAN on a write protected floppy prior to using it. This will prevent the program from becoming infected. To run NETSCAN type: NETSCAN d1: d2:...dn: [/M /D /A /nomem /NLZ /report <filename> /X] (Multiple logical drive designators may be specified) Options are: /D - Delete infected files /M - Scan memory for all viruses (See restrictions below) /A - Scan all files /NLZ - Do not scan inside LZEXE compressed files /nomem - Bypass mandatory memory scan /X - Search for extinct viruses /REPORT filename - Send report of infected files to filename NETSCAN will check each area or file on the designated drive that could be a host to a virus. If a virus is found, the name of the infected file or system area will be displayed, along with the name of the identified virus. If the /D option is selected, NETSCAN will pause after each infected file is displayed and will ask whether you wish to remove the infected file. If <Y> is selected, the file will be overwritten with the hex code C3 (the Return instruction), and then deleted. This option is disallowed for boot sector and partition table infections. Use the shareware M-DISK utilities to remove boot sector or partition table viruses. If the /M option is chosen, NETSCAN will search the first 640K of memory for all known memory resident viruses. Selecting this option may cause false alarms if you are running SCAN in conjunction with any other virus detection utility. It will also add from 12 seconds to 1 minute to the scanning time. If the /M option is not chosen, NETSCAN will in any case check memory for the Dark Avenger virus. If the Dark Avenger is found in memory, NETSCAN will display a warning message, with instructions to power down and re-boot from a clean floppy. >>> Do not use the /M option if you are running SCANRES V42 or earlier. Please upgrade SCANRES to the current version first. Otherwise false alarms will result. NETSCAN can also scan individual directories or individual files. The command: NETSCAN L:\DIRECT\PROGRAM.EXE will scan the file PROGRAM.EXE in subdirectory DIRECT. NETSCAN will require approximately 3 minutes of run time for each 1,000 files on the designated drive. The networks should normally be scanned while the designated drive is inactive. If scanning an active network, the network operating system will display an error message when NETSCAN attempts to access an application currently in use. When this occurs, respond: FAIL to the file in use message and NETSCAN will continue checking the remainder of the drive. Registration: NETSCAN may be copied and distributed for testing on a trial basis. If you choose to use NETSCAN, a registration site license is required. Site license fees will vary depending on the size of the network. For information contact: McAfee Associates 4423 Cheeney Street Santa Clara, CA 95054 408 988 3832 408 970 9727 (FAX) Documentation compiled by Aryeh Goretsky.