![[Intel Navigation Header]](/CONTENT/PIX/HEADER.GIF)
LANDesk(R) Virus Protect: Troubleshooting Notes from Tech Support
Contents:
NETWARE COMPATIBILITY
LANDesk Virus Protect 2.13 is compatible with NetWare 3.11, 3.12, 4.01,
4.02, and 4.1. On 4.x servers, only bindery emulation mode is
supported.
ABENDS & SERVER CRASHES - NONPUBLIC
Since the Real Time scan intercepts all file reads and writes, it is
likely that when a server abends it will show that the running process
is LPROTECT, regardless of what the real cause of the abend was. If you
are using Name-Spaces on any volume, consult with Novell on which
version of CLIB you should be using. Several versions of CLIB can cause
abends when used in conjunction with LANDesk Virus Protect and
Name-Spaces. CLIB 3.12g seems to be the most reliable for NetWare 3.11
and NetWare 3.12
If you suspect that LANDesk Virus Protect is the cause of the server
crash or abend, make sure you have the latest NLMs. The new PSCAN.NLM
has been designed to avoid conflicts with other NLMs which might cause
abends. The new LPROTECT.NLM has fixed all known bugs that could
possibly cause an abend. Currently, the latest version of PSCAN.NLM is
1.08 and the latest LPROTECT.NLM is 2.13a. Both are available on the
Intel online services. PSCAN.EXE is an Interim file and VP213A.EXE is a
current file. If neither of these NLMs solve the problem and LANDesk
Virus Protect is still suspected as the cause, it is likely that a
server memory dump will be required to analyze the problem.
SERVER SCANS & UTILITZATION
Problems with Real Time Scan are usually related to the PSCAN.NLM or
incorrect configuration in the Supervisor Utility. The LANDesk Virus
Protect Monitor screen should show which files are being scanned. If
nothing appears in the "Last file scanned by Real Time Scan" then
PSCAN.NLM is not intercepting files properly or Real Time Scan is not
configured properly. Often, unloading LPROTECT.NLM and PSCAN.NLM and
then reloading LPROTECT will correct this problem. It is also possible
that another NLM such as NETCHECK is causing the problem. Changing the
load order may solve this problem. The suggested configuration in the
Supervisor Utility is to scan both incoming and outgoing files, and to
scan the selected extension list rather than all DOS files (data files
are unable to infect your computer). Using the selected extension list
will also greatly reduce the server's 'processor utilization' since data
files are no longer being scanned.
SYMPTOMS
UNABLE TO SELECT PRINT QUEUES OR CHANGE CONFIGURATIONS IN VPWIN OR VPDOS
Symptom:
In VPWIN or VPDOS you are unable to select print queues or change
configurations.
Cause:
You have highlighted the Domain name and not the server itself. You may
also have not created any queues.
Solution:
You must highlight the server you wish to configure.
VIEWING THE DETECTABLE VIRUS PATTERN LIST, THE POINTER FLICKERS AND THEN NOTHING HAPPENS
Symptom:
When you view the Detectable Virus Pattern List, the pointer flickers
and then nothing happens.
Solution:
Make sure that you have a working directory for LANDesk Virus Protect
software.
LPROTECT.NLM CRASHES THE FILE SERVER
Symptom:
When you load LPROTECT.NLM it crashes the server.
SOLUTION
Make sure that you have not loaded the NLM after PSERVER.NLM. Change
the order of the NLMs, putting LPROTECT.NLM early in the load sequence.
CLIB 3.12g or later is suggested for all 3.x servers. Update the
LPROTECT.NLM to version 2.13a.
Do not scan all DOS files. Configure your real time scan to scan the
extensions listed in the SELECTED EXTENSION LIST.
LANDESK VIRUS PROTECT FINDS A 'FALSE POSITIVE'
Symptom:
LANDesk Virus Protect finds a 'false positive' (it claims there is an
infection when in actuality there is not).
Solution:
If the scan shows that a file is infected and you have reason to believe
that it is not actually infected, perhaps the 'infection' only shows up
with VSCAN whereas VSCAND does not show an 'infection'.
If the 'infection' is in the boot sector or in memory, change the order
of the TSRs that load. Remove all TSRs and see if the scan still shows
an 'infection.' Add the TSRs back one by one in a different order and
see when the infection shows itself. This would indicate an
incompatibility. Boot from a clean floppy and scan the local hard
drive for an infected file; you might have a real virus. Update the
pattern file being used or go back one (if the virus name is on the
previous pattern).
LANDESK VIRUS PROTECT DOES NOT CATCH A CERTAIN VIRUS - NONPUBLIC
Symptom:
LANDesk Virus Protect or LANProtect does not catch a certain virus.
Cause:
New viruses are created continuously. Because of the proliferation of
viruses it is impossible to have a pattern file for all viruses. Intel
looks for new viruses in many different ways so as to have the greatest
protection available.
Solution:
If you find a virus that LANDesk Virus Protect or LANProtect does not
catch, get the latest virus pattern file from the Intel online services.
(Download UPXXX.EXE where XXX is the number of the current virus
pattern.)
If the virus is still not detected please send a copy of the infected
file to Intel at:
PSE - LDVP
734 E. Utah Valley Dr.
Suite 300 American Fork UT 84003.
Mark the outside envelope INFECTED FILE and mark the disk itself
INFECTED FILE. Include a description of your system, the problem, what
the symptoms are, and your name, phone number and address. If a new
virus pattern is all that is needed we will have a new signature file
within 3 business days from the time we receive the file. If an NLM
change is needed, the turn around time will be longer.
For maximum protection run VP RULE, which will catch virus activity.
This utility is available only with LANDesk Virus Protect 2.0 and later.
This will decrease the proliferation of the virus.
ERROR MESSAGES
"CAN'T FIND VIRUS PATTERN, WILL LOOK ON LOCAL DRIVE"
Error message:
When you run VSCAN or VSCAND receive error "Can't Find Virus Pattern,
will look on Local Drive." Enter OK twice and then scans works..
Cause:
This error message occurs when the scan can not find the virus pattern
on the file server. LANDesk Virus Protect then looks in the
VPROTECT.PC directory or your local virus protect directory where it
finds the virus pattern. Often this error is caused by changing the
drive from the one that you originally installed on to some other drive
letter.
Solution:
Run LPWP file_name (LPROTECT.NLM) drive_letter: path. Do NOT specify
the volume. If this does not work then reinstall. Also, make sure that
the NLM is loaded and that there is a virus pattern in the VPROTECT
directory.
"INSUFFICIENT DISK SPACE"
Error message
Receive the error message "Insufficient disk space" during installation
of LANDesk VIrus Protect, but the computer being used has plenty of
available disk space.
Cause:
During a Windows installation, the files on the floppy are decompressed
to a temporary directory on the hard drive. Approximately 1 MB of disk
space is needed. This error message is usually received because one or
more of the files were changed by the user before performing the install
or upgrade. Most often, a newer pattern file was copied. Since the
install routine knows all the file dates and sizes, any changes will
result in the inability to expand the proper file (since the old one is
now gone). Since the correct file cannot be expanded, this error
message occurs.
Solution:
Make sure all the files on the install disk or in the installation
directory are exactly as shipped. If this is an upgrade, the upgrade
files should be re-expanded.
Installations on a diskless workstation are not currently possible.
"COULD NOT ATTACH PRE-SCAN DRIVERS" OR "COULD NOT ATTACH TO PRE-SCAN PROTOCOLSTACK" - NONPUBLIC
Error message:
"Could Not Attach Pre-Scan Drivers" or "Could not attach to pre-scan
protocol stack."
Cause A:
The most simple reason to get this error message is that the PSCAN.NLM
is already loaded.
Solution A:
Type: unload pscan to see if it is loaded.
Cause B:
If this does not solve the problem, there may be a conflict with another
NLM that hooks files.
Solution B:
In most cases, this conflict can be eliminated by using a new version of
PSCAN.NLM. This new version is available in a file called PSCAN.EXE in
the LANDesk VIrus Protect Interim area of Intel's online services. This
new PSCAN.NLM requires CLIB 3.12G (available from Novell, or the Intel
online services in a file called LIBUP3.EXE).
Cause C:
Another possible cause for this error message is that the wrong version
of PSCAN is loaded.
Solution C:
Check the file size of PSCAN.NLM. If the server is NetWare 3.11 the
PSCAN.NLM should match the file size of PSCAN311.NLM (or PSCAN312.NLM
if using NetWare 3.12).
Note: PSCAN312.NLM did not ship with LANDesk Virus Protect v2.0 --
you will need to upgrade to version 2.1x.
"INVALID LOAD FILE FORMAT"
Error message:
Invalid Load file format.
Cause:
This LANDesk Virus Protect error message is usually an indication that
the NLM has been corrupted and can not be loaded. Corruption occurs
most commonly while downloading files.
Solution:
If the file is from the Intel online services, re-download the file.
"THIS MODULE IS USING 4 OUTDATED API CALLS YOU SHOULD UPGRADE TO A NEWER MODULE WHEN IT BECOMES AVAILABLE"
Error message:
This module is using 4 outdated API calls You should upgrade to a
newer module when it becomes available.
Cause:
This error is caused by the presence of some API calls in the
LPROTECT.NLM that are used for 3.x servers. These calls are no longer
used by the LANDesk Virus Protect LPROTECT.NLM on 4.x servers. They are
compiled in the NLM only for the 3.x servers.
Solution:
This error message will not cause any problems and the user can ignore
it.
"LOADER CAN NOT FIND PUBLIC SYMBOL ..."
Error message:
Loader can not find public symbol ...
Cause:
This message is usually seen when a supporting NLM is not found. In
most cases CLIB is not loaded. LPROTECT.NLM requires that CLIB be
loaded first. This message can also appear if the version of CLIB is
too old for the NLM being loaded.
"CANNOT CREATE HOME DIRECTORY"
Error message:
Cannot create home directory
Cause:
The LPROTECT.NLM contains a path to the home directory (where the
pattern file and configuration file is located). By default this path
is SYS:\VPROTECT. If this messages appears, then the path in the NLM is
incorrect.
Solution:
To set the correct path in the NLM, do the following:
From the VPROTECT directory type:
LPWP lprotect.nlm driveletter:\path to the vprotect directory.
So if drive L: is mapped to the SYS: volume and your path to the
VPROTECT directory is \apps\av\vprotect, then you would type:
LPWP lprotect.nlm L:\apps\av\vprotect
(Do not use a map rooted drive for this operation, and do not specify
the volume.)
"CANNOT FIND PATTERN FILE OR PATTERN FILE IS CORRUPT"
Error message:
Cannot find pattern file or pattern file is corrupt
Solution:
If you get this error message when trying to load the NLM, verify that
the pattern file is located in the directory where LPROTECT.NLM was
loaded from. The file name is LPT$VPN.xxx (where xxx represents the
pattern number). The NLM should be loaded from the VPROTECT directory.
If the pattern file is there, then the home directory in the NLM may be
wrong. To correct this, refer to the steps for the error message
"Cannot create home directory."
Trademark information