home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Magnum One
/
Magnum One (Mid-American Digital) (Disc Manufacturing).iso
/
d23
/
netscn75.arc
/
NETSCN75.DOC
< prev
next >
Wrap
Text File
|
2012-05-06
|
6KB
|
171 lines
NETSCAN Version V75
From: McAfee Associates 408 988 3832
Executable Program (NETSCAN.EXE):
Beginning with Version 51, NETSCAN is packaged with a VALIDATE program
that will authenticate the integrity of NETSCAN.EXE. Refer to the
VALIDATE.DOC instructions for the use of the validation program.
The validation results for V74 should be:
SIZE: 80,951
DATE: 02-26-91
FILE AUTHENTICATION:
Check Method 1 - 3C34
Check Method 2 - 1EDA
You may also call the McAfee Associates bulletin board at 408 988
4004 to obtain on-line NETSCAN.EXE verification data. The VALIDATE
program distributed with NETSCAN may be used to authenticate all
future versions of NETSCAN.
Introduction:
NETSCAN is the network version of VIRUSCAN. It scans network
virtual drives and identifies any pre-existing PC virus infection
in the file servers. NETSCAN will indicate the specific files or
system areas that are infected and will identify the virus strain
which has caused the infection. Removal can then be done manually
or, if the infection is widespread, automatic removal utilities are
available which can disinfect each virus strain.
NETSCAN version V75, when used in conjunction with VIRUSCAN on
the individual workstations, can identify 223 major virus strains
and numerous sub-varieties for each strain. The 223 viruses include the
twelve most common viruses which account for over 95% of all reported PC
infections. The complete list of viruses detected is included in the
accompanying file: VIRLIST.TXT.
It is important to note that existing virus strains can be
grouped and counted differently than the ordering outlined in
VIRLIST.TXT. DEN ZUK, for example has two separate versions. Likewise,
the STONED, VIENNA, ALAMEDA and JERUSALEM-B viruses have been modified
a number of times. Some researchers would define each of these
modifications, or sub-varieties, as separate viruses. NETSCAN chooses
to group them as the same virus, because the same scan string can
identify each of them. This is only done if disinfection requirements
for the different sub-varieties are identical. If removal procedures
differ for different varieties, then NETSCAN will differentiate between
them.
These viruses infect one of the following areas: The hard disk
partition table; the DOS boot sector of hard disks or floppies; or
one or more executable files within the system. The executable
files may be operating system programs, system device drivers, .COM
files, .EXE files, overlay files or any other file which can be
loaded into memory and executed. NETSCAN, when used in conjunction with
VIRUSCAN on the workstations, identifies every area or file that has
become infected and indicates the name of the virus that has infected
each file.
Operation:
IMPORTANT: Always place NETSCAN on a write protected floppy prior
to using it. This will prevent the program from becoming infected.
To run NETSCAN type:
NETSCAN d1: d2:...dn: [/M /D /A /nomem /NLZ /report <filename> /X]
(Multiple logical drive designators may be
specified)
Options are:
/D - Delete infected files
/M - Scan memory for all viruses
(See restrictions below)
/A - Scan all files
/NLZ - Do not scan inside LZEXE compressed files
/nomem - Bypass mandatory memory scan
/X - Search for extinct viruses
/REPORT filename - Send report of infected files to filename
NETSCAN will check each area or file on the designated drive that
could be a host to a virus. If a virus is found, the name of the
infected file or system area will be displayed, along with the name
of the identified virus.
If the /D option is selected, NETSCAN will pause after each
infected file is displayed and will ask whether you wish to remove
the infected file. If <Y> is selected, the file will be
overwritten with the hex code C3 (the Return instruction), and then
deleted. This option is disallowed for boot sector and partition
table infections. Use the shareware M-DISK utilities to remove
boot sector or partition table viruses.
If the /M option is chosen, NETSCAN will search the first 640K of
memory for all known memory resident viruses. Selecting this
option may cause false alarms if you are running SCAN in
conjunction with any other virus detection utility. It will also
add from 12 seconds to 1 minute to the scanning time. If the /M
option is not chosen, NETSCAN will in any case check memory for the
Dark Avenger virus. If the Dark Avenger is found in memory,
NETSCAN will display a warning message, with instructions to power
down and re-boot from a clean floppy.
>>> Do not use the /M option if you are running SCANRES V42
or earlier. Please upgrade SCANRES to the current version
first. Otherwise false alarms will result.
NETSCAN can also scan individual directories or individual files.
The command:
NETSCAN L:\DIRECT\PROGRAM.EXE will scan the file PROGRAM.EXE
in subdirectory DIRECT.
NETSCAN will require approximately 3 minutes of run time for each
1,000 files on the designated drive.
The networks should normally be scanned while the designated
drive is inactive. If scanning an active network, the network
operating system will display an error message when NETSCAN
attempts to access an application currently in use. When this
occurs, respond: FAIL to the file in use message and NETSCAN will
continue checking the remainder of the drive.
Registration:
NETSCAN may be copied and distributed for testing on a trial
basis. If you choose to use NETSCAN, a registration site license
is required. Site license fees will vary depending on the size of
the network. For information contact:
McAfee Associates
4423 Cheeney Street
Santa Clara, CA 95054
408 988 3832
408 970 9727 (FAX)
Documentation compiled by Aryeh Goretsky.