[Intel Navigation Header]

    LANDesk(R) Virus Protect with NetWare v3.11 - REMOVEEA.NLM

    
    

    LANDESK(R) VIRUS PROTECT WITH NETWARE V3.11 - REMOVEEA.NLM

    
       Intel has noted a situation that can, in rare cases, cause an ABEND when
    
       using LANDesk Virus Protect 3.x and NetWare 3.11. LANDesk(R) Virus
    
       Protect (LDVP) uses Novell's "Extended File Attributes" (EAs) to store
    
       the checksum data of each file scanned. Novell has several patches
    
       available for their EA's, however, Intel has duplicated a scenario which
    
       the Novell patches do not address. This case, although rare, can cause a
    
       file server ABEND. Novell has decided to no longer support v3.11 and
    
       recommends that customers upgrade NetWare to v3.12. For customers who do
    
       not want to upgrade to 3.12, Intel offers the following solution:
    
    
    
       It is possible to configure LDVP so that it doesn't  use any EAs. This
    
       will disable the checksum feature, but of the three main features (i.e.
    
       File Scanning, Integrity Shield, and File Checksums) this feature is the
    
       least important. To fully disable this feature, all of the LDVP EAs need
    
       to be removed from the files on your server. REMOVEEA.NLM will remove
    
       EAs for a specified volume. Use this utility for all NetWare Read-Write
    
       volumes on your server. (It is not needed on Read-Only volumes such as
    
       mounted CD-ROMs).
    
    
    
       Note: You will need to upgrade to LANDesk Virus Protect v3.01 and use
    
       the version of REMOVEEA.NLM shipped with the upgrade/release version of
    
       that software in order to perform the following: 
    
    
    
       Perform this (and all) server maintenance after-hours when the server is
    
       not heavily used.
    
    
    
       First, unload LPROTECT.NLM.
    
    
    
       Copy REMOVEEA.NLM to SYS:SYSTEM and from the console, type
    
    
    
            LOAD REMOVEEA SYS:\ <Enter>
    
    
    
       This will remove all LDVP Extended File Attributes from files on volume
    
       SYS:. Once this is finished, you will need to repeat this for other
    
       mounted, read-write volumes.
    
    
    
       After removing all EA's, re-load LPROTECT.NLM with the "noea" switch:
    
    
    
            LOAD LPROTECT noea <Enter>
    
    
    
       This will tell the LDVP NLM to not use Extended File Attributes. You
    
       should also edit the AUTOEXEC.NCF file to add the "noea" switch anytime
    
       LPROTECT is loaded.
    
    
    
       This is only a problem with NetWare v3.11 and LDVP 3.X. Even in these
    
       situations, the problem is rare but could occur. We have many sites
    
       running NetWare 3.11 and LDVP 3.x without experiencing these troubles.
    
       If this scenario is encountered, the ABEND will be one of the following:
    
    
    
       ABEND:ClientHandle not Found on Active EA List. Running Process: LDVP
    
       Schedule FSS
    
    
    
       or,
    
    
    
       ABEND:ClientHandle not Found on Active EA List. Running Process: LDVP
    
       Manual FSS
    
    
    
       In addition to these two errors, this same bug can also be seen with
    
       either a General Protection Error such as:
    
    
    
       Abend: General Protection Processor Exception (Error code 00000000)
    
    
    
              Running Process: LDVP Manual FSS Process
    
    
    
       or a file server which has locked-up. In these two cases, it is
    
       difficult to tell for certain if the abends are related without a
    
       coredump, but they will always occur during a manual or scheduled server
    
       scan. 
    
    

    Trademark information