[Intel Navigation Header]

    LANDesk(R) Virus Protect: Troubleshooting Notes from Tech Support

    Contents:

    • NETWARE COMPATIBILITY
    • ABENDS & SERVER CRASHES - NONPUBLIC
    • SERVER SCANS & UTILITZATION
    • SYMPTOMS
    • UNABLE TO SELECT PRINT QUEUES OR CHANGE CONFIGURATIONS IN VPWIN OR VPDOS
    • VIEWING THE DETECTABLE VIRUS PATTERN LIST, THE POINTER FLICKERS AND THEN NOTHING HAPPENS
    • LPROTECT.NLM CRASHES THE FILE SERVER
    • LANDESK VIRUS PROTECT FINDS A 'FALSE POSITIVE'
    • LANDESK VIRUS PROTECT DOES NOT CATCH A CERTAIN VIRUS - NONPUBLIC
    • ERROR MESSAGES
    • "CAN'T FIND VIRUS PATTERN, WILL LOOK ON LOCAL DRIVE"
    • "INSUFFICIENT DISK SPACE"
    • "COULD NOT ATTACH PRE-SCAN DRIVERS" OR "COULD NOT ATTACH TO PRE-SCAN PROTOCOLSTACK" - NONPUBLIC
    • "INVALID LOAD FILE FORMAT"
    • "THIS MODULE IS USING 4 OUTDATED API CALLS YOU SHOULD UPGRADE TO A NEWER MODULE WHEN IT BECOMES AVAILABLE"
    • "LOADER CAN NOT FIND PUBLIC SYMBOL ..."
    • "CANNOT CREATE HOME DIRECTORY"
    • "CANNOT FIND PATTERN FILE OR PATTERN FILE IS CORRUPT"
    
    

    NETWARE COMPATIBILITY

    
       LANDesk Virus Protect 2.13 is compatible with NetWare 3.11, 3.12, 4.01,
    
       4.02, and 4.1.  On 4.x servers, only bindery emulation mode is
    
       supported.
    
    
    
    

    ABENDS & SERVER CRASHES - NONPUBLIC

    
       Since the Real Time scan intercepts all file reads and writes, it is
    
       likely that when a server abends it will show that the running process
    
       is LPROTECT, regardless of what the real cause of the abend was.  If you
    
       are using Name-Spaces on any volume, consult with Novell on which
    
       version of CLIB you should be using.  Several versions of CLIB can cause
    
       abends when used in conjunction with LANDesk Virus Protect and
    
       Name-Spaces.  CLIB 3.12g seems to be the most reliable for NetWare 3.11
    
       and NetWare 3.12
    
    
    
       If you suspect that LANDesk Virus Protect is the cause of the server
    
       crash or abend, make sure you have the latest NLMs.  The new PSCAN.NLM
    
       has been designed to avoid conflicts with other NLMs which might cause
    
       abends.  The new LPROTECT.NLM has fixed all known bugs that could
    
       possibly cause an abend.  Currently, the latest version of PSCAN.NLM is
    
       1.08 and the latest LPROTECT.NLM is 2.13a.  Both are available on the
    
       Intel online services. PSCAN.EXE is an Interim file and VP213A.EXE is a
    
       current file.  If neither of these NLMs solve the problem and LANDesk
    
       Virus Protect is still suspected as the cause, it is likely that a
    
       server memory dump will be required to analyze the problem. 
    
    
    
    

    SERVER SCANS & UTILITZATION

    
       Problems with Real Time Scan are usually related to the PSCAN.NLM or
    
       incorrect configuration in the Supervisor Utility.  The LANDesk Virus
    
       Protect Monitor screen should show which files are being scanned.  If
    
       nothing appears in the "Last file scanned by Real Time Scan" then
    
       PSCAN.NLM is not intercepting files properly or Real Time Scan is not
    
       configured properly.   Often, unloading LPROTECT.NLM and PSCAN.NLM and
    
       then reloading LPROTECT will correct this problem.  It is also possible
    
       that another NLM such as NETCHECK is causing the problem.  Changing the
    
       load order may solve this problem.  The suggested configuration in the
    
       Supervisor Utility is to scan both incoming and outgoing files, and to
    
       scan the selected extension list rather than all DOS files (data files
    
       are unable to infect your computer).  Using the selected extension list
    
       will also greatly reduce the server's 'processor utilization' since data
    
       files are no longer being scanned. 
    
    
    
    

    SYMPTOMS

    
    

    UNABLE TO SELECT PRINT QUEUES OR CHANGE CONFIGURATIONS IN VPWIN OR VPDOS

    
       Symptom:
    
       In VPWIN or VPDOS you are unable to select print queues or change
    
       configurations.
    
    
    
       Cause:
    
       You have highlighted the Domain name and not the server itself.  You may
    
    
    
       also have not created any queues.
    
    
    
       Solution:
    
       You must highlight the server you wish to configure.
    
    
    
    

    VIEWING THE DETECTABLE VIRUS PATTERN LIST, THE POINTER FLICKERS AND THEN NOTHING HAPPENS

    
       Symptom:
    
       When you view the Detectable Virus Pattern List, the pointer flickers
    
       and then nothing happens.
    
    
    
       Solution:
    
       Make sure that you have a working directory for LANDesk Virus Protect
    
       software.
    
    
    
    

    LPROTECT.NLM CRASHES THE FILE SERVER

    
       Symptom:
    
       When you load LPROTECT.NLM it crashes the server.
    
    
    
       SOLUTION
    
       Make sure that you have not loaded the NLM after PSERVER.NLM.   Change
    
       the order of the NLMs, putting LPROTECT.NLM early in the load sequence.
    
    
    
       CLIB 3.12g or later is suggested for all 3.x servers.  Update the
    
       LPROTECT.NLM to version 2.13a.
    
    
    
       Do not scan all DOS files.  Configure your real time scan to scan the
    
       extensions listed in the SELECTED EXTENSION LIST.
    
    
    
    

    LANDESK VIRUS PROTECT FINDS A 'FALSE POSITIVE'

    
       Symptom:
    
       LANDesk Virus Protect finds a 'false positive' (it claims there is an
    
       infection when in actuality there is not).
    
    
    
       Solution:
    
       If the scan shows that a file is infected and you have reason to believe
    
       that it is not actually infected, perhaps the 'infection' only shows up
    
       with VSCAN  whereas VSCAND does not show an 'infection'.
    
    
    
       If the 'infection' is in the boot sector or in memory, change the order
    
       of the TSRs that  load.  Remove all TSRs and see if the scan still shows
    
       an 'infection.'  Add the TSRs  back one by one in a different order and
    
       see when the infection shows itself.  This would indicate an
    
       incompatibility.  Boot  from a clean floppy and scan the local hard
    
       drive for an infected file; you might have a real virus.  Update the
    
       pattern file being used or go back one (if the virus name is on the
    
       previous pattern).
    
    
    
    

    LANDESK VIRUS PROTECT DOES NOT CATCH A CERTAIN VIRUS - NONPUBLIC

    
       Symptom:
    
       LANDesk Virus Protect  or LANProtect does not catch a certain virus.
    
    
    
       Cause:
    
       New viruses are created continuously.  Because of the proliferation of
    
       viruses it is impossible to have a pattern file for all viruses.  Intel
    
       looks for new viruses in many different ways so as to have the greatest
    
       protection available.
    
    
    
       Solution:
    
       If you find a virus that LANDesk Virus Protect or LANProtect does not
    
       catch, get the latest virus pattern file from the Intel online services.
    
        (Download UPXXX.EXE where XXX is the number of the current virus
    
       pattern.)
    
    
    
       If the virus is still not detected please send a copy of the infected
    
       file to Intel at:
    
    
    
       PSE - LDVP
    
       734 E. Utah Valley Dr.
    
       Suite 300 American Fork  UT 84003.
    
    
    
       Mark the outside envelope INFECTED FILE and mark the disk itself
    
       INFECTED  FILE.  Include a description of your system, the problem, what
    
       the symptoms are, and  your name, phone number and address.  If a new
    
       virus pattern is all that is needed we will have a new signature file
    
       within 3 business days from the time we receive the file.   If an NLM
    
       change is needed, the turn around time will be longer.
    
    
    
       For maximum protection run VP RULE, which will catch virus activity. 
    
       This utility is available only with LANDesk Virus Protect 2.0 and later.
    
        This will decrease the proliferation of  the virus.
    
    
    
    

    ERROR MESSAGES

    
    

    "CAN'T FIND VIRUS PATTERN, WILL LOOK ON LOCAL DRIVE"

    
       Error message:
    
       When you run VSCAN or VSCAND receive error "Can't Find Virus Pattern,
    
       will look on Local Drive."  Enter OK twice and then scans works..
    
    
    
       Cause:
    
       This error message occurs when the scan can not find the virus pattern
    
       on the file server.  LANDesk Virus Protect  then looks in the
    
       VPROTECT.PC directory or your local virus protect directory where it
    
       finds the virus pattern.  Often this error is caused by changing the
    
       drive from the one that you originally installed on to some other drive
    
       letter.
    
    
    
       Solution:
    
       Run LPWP file_name (LPROTECT.NLM) drive_letter: path.  Do NOT specify
    
       the volume.  If this does not work then reinstall.  Also, make sure that
    
       the NLM is loaded and that  there is a virus pattern in the VPROTECT
    
       directory.
    
    
    
    

    "INSUFFICIENT DISK SPACE"

    
       Error message
    
       Receive the error message  "Insufficient disk space" during installation
    
    
    
       of LANDesk VIrus Protect, but the computer being used has plenty of
    
       available disk space.
    
    
    
       Cause:
    
       During a Windows installation, the files on the floppy are decompressed
    
       to a temporary directory on the hard drive.  Approximately 1 MB of disk
    
       space is needed.  This error message is usually received because one or
    
       more of the files were changed by the user before performing the install
    
       or upgrade.  Most often, a newer pattern file was copied.  Since the
    
       install routine knows all the file dates and sizes, any changes will
    
       result in the inability to expand the proper file (since the old one is
    
       now gone).  Since the correct file cannot be expanded, this error
    
       message occurs.
    
    
    
       Solution:
    
       Make sure all the files on the install disk or in the installation
    
       directory are exactly as shipped.  If this is an upgrade, the upgrade
    
       files should be re-expanded.
    
    
    
       Installations on a diskless workstation are not currently possible.
    
    
    
    

    "COULD NOT ATTACH PRE-SCAN DRIVERS" OR "COULD NOT ATTACH TO PRE-SCAN PROTOCOLSTACK" - NONPUBLIC

    
       Error message:
    
       "Could Not Attach Pre-Scan Drivers" or "Could not attach to pre-scan
    
       protocol stack."
    
    
    
       Cause A:
    
       The most simple reason to get this error message is that  the PSCAN.NLM
    
       is already loaded.
    
    
    
       Solution A:
    
       Type: unload pscan  to see if it is loaded.
    
    
    
       Cause B:
    
       If this does not solve the problem, there may be a conflict with another
    
       NLM that hooks files.
    
    
    
       Solution B:
    
       In most cases, this conflict can be eliminated by using a new version of
    
       PSCAN.NLM.  This new version is available in a file called PSCAN.EXE in
    
       the LANDesk VIrus Protect Interim area of Intel's online services. This
    
       new PSCAN.NLM  requires CLIB 3.12G (available from Novell, or the Intel
    
       online services in a file called LIBUP3.EXE).
    
    
    
       Cause C:
    
       Another possible cause for this error message is that the wrong version
    
       of PSCAN is loaded.
    
    
    
       Solution C:
    
       Check the file size of PSCAN.NLM.  If the server is NetWare 3.11 the
    
       PSCAN.NLM should match the file size of PSCAN311.NLM  (or PSCAN312.NLM
    
       if using NetWare 3.12). 
    
    
    
       Note:     PSCAN312.NLM did not ship with LANDesk Virus Protect v2.0 --
    
    
    
                 you will need to upgrade to version 2.1x.
    
    
    
    

    "INVALID LOAD FILE FORMAT"

    
       Error message:
    
       Invalid Load file format.
    
    
    
       Cause:
    
       This LANDesk Virus Protect error message is usually an indication that
    
       the NLM has been corrupted and can not be loaded.  Corruption occurs
    
       most commonly while downloading files.
    
    
    
       Solution:
    
       If the file is from the Intel online services, re-download the file.
    
    
    
    

    "THIS MODULE IS USING 4 OUTDATED API CALLS YOU SHOULD UPGRADE TO A NEWER MODULE WHEN IT BECOMES AVAILABLE"

    
       Error message:
    
       This module is using 4 outdated API calls   You should upgrade to a
    
       newer module when it becomes available.
    
    
    
       Cause:
    
       This error is caused by the presence of some API calls in the
    
       LPROTECT.NLM that are used for 3.x servers. These calls are no longer
    
       used by the LANDesk Virus Protect LPROTECT.NLM on 4.x servers. They are
    
       compiled in the NLM only for the 3.x servers.
    
    
    
       Solution:
    
       This error message will not cause any problems and the user can ignore
    
       it.
    
    
    
    

    "LOADER CAN NOT FIND PUBLIC SYMBOL ..."

    
       Error message:
    
       Loader can not find public symbol ...
    
    
    
       Cause:
    
       This message is usually seen when a supporting NLM is not found.  In
    
       most cases CLIB is not loaded.  LPROTECT.NLM requires that CLIB be
    
       loaded first.  This message can also appear if the version of CLIB is
    
       too old for the NLM being loaded.
    
    
    
    

    "CANNOT CREATE HOME DIRECTORY"

    
       Error message:
    
       Cannot create home directory
    
    
    
       Cause:
    
       The LPROTECT.NLM contains a path to the home directory (where the
    
       pattern file and configuration file is located).   By default this path
    
       is SYS:\VPROTECT.  If this messages appears, then the path in the NLM is
    
       incorrect.
    
    
    
       Solution:
    
       To set the correct path in the NLM, do the following:
    
    
    
       From the VPROTECT directory type:
    
    
    
            LPWP lprotect.nlm driveletter:\path to the vprotect directory.
    
    
    
       So if drive L: is mapped to the SYS: volume and your path to the
    
       VPROTECT directory is \apps\av\vprotect, then you would type:
    
    
    
            LPWP lprotect.nlm L:\apps\av\vprotect
    
    
    
       (Do not use a map rooted drive for this operation, and do not specify
    
       the volume.)
    
    
    
    

    "CANNOT FIND PATTERN FILE OR PATTERN FILE IS CORRUPT"

    
       Error message:
    
       Cannot find pattern file or pattern file is corrupt
    
    
    
       Solution:
    
       If you get this error message when trying to load the NLM,  verify that
    
       the pattern file is located in the directory where LPROTECT.NLM was
    
       loaded from.  The file name is LPT$VPN.xxx (where xxx represents the
    
       pattern number).  The NLM should be loaded from the VPROTECT directory. 
    
       If the pattern file is there, then the home directory in the NLM may be
    
       wrong.  To correct this, refer to the steps for the error message
    
       "Cannot create home directory."
    
    

    Trademark information