![[Intel Navigation Header]](/CONTENT/PIX/HEADER.GIF)
LANDesk(R) Virus Protect with NetWare v3.11 - REMOVEEA.NLM
LANDESK(R) VIRUS PROTECT WITH NETWARE V3.11 - REMOVEEA.NLM
Intel has noted a situation that can, in rare cases, cause an ABEND when
using LANDesk Virus Protect 3.x and NetWare 3.11. LANDesk(R) Virus
Protect (LDVP) uses Novell's "Extended File Attributes" (EAs) to store
the checksum data of each file scanned. Novell has several patches
available for their EA's, however, Intel has duplicated a scenario which
the Novell patches do not address. This case, although rare, can cause a
file server ABEND. Novell has decided to no longer support v3.11 and
recommends that customers upgrade NetWare to v3.12. For customers who do
not want to upgrade to 3.12, Intel offers the following solution:
It is possible to configure LDVP so that it doesn't use any EAs. This
will disable the checksum feature, but of the three main features (i.e.
File Scanning, Integrity Shield, and File Checksums) this feature is the
least important. To fully disable this feature, all of the LDVP EAs need
to be removed from the files on your server. REMOVEEA.NLM will remove
EAs for a specified volume. Use this utility for all NetWare Read-Write
volumes on your server. (It is not needed on Read-Only volumes such as
mounted CD-ROMs).
Note: You will need to upgrade to LANDesk Virus Protect v3.01 and use
the version of REMOVEEA.NLM shipped with the upgrade/release version of
that software in order to perform the following:
Perform this (and all) server maintenance after-hours when the server is
not heavily used.
First, unload LPROTECT.NLM.
Copy REMOVEEA.NLM to SYS:SYSTEM and from the console, type
LOAD REMOVEEA SYS:\ <Enter>
This will remove all LDVP Extended File Attributes from files on volume
SYS:. Once this is finished, you will need to repeat this for other
mounted, read-write volumes.
After removing all EA's, re-load LPROTECT.NLM with the "noea" switch:
LOAD LPROTECT noea <Enter>
This will tell the LDVP NLM to not use Extended File Attributes. You
should also edit the AUTOEXEC.NCF file to add the "noea" switch anytime
LPROTECT is loaded.
This is only a problem with NetWare v3.11 and LDVP 3.X. Even in these
situations, the problem is rare but could occur. We have many sites
running NetWare 3.11 and LDVP 3.x without experiencing these troubles.
If this scenario is encountered, the ABEND will be one of the following:
ABEND:ClientHandle not Found on Active EA List. Running Process: LDVP
Schedule FSS
or,
ABEND:ClientHandle not Found on Active EA List. Running Process: LDVP
Manual FSS
In addition to these two errors, this same bug can also be seen with
either a General Protection Error such as:
Abend: General Protection Processor Exception (Error code 00000000)
Running Process: LDVP Manual FSS Process
or a file server which has locked-up. In these two cases, it is
difficult to tell for certain if the abends are related without a
coredump, but they will always occur during a manual or scheduled server
scan.
Trademark information