Sophos InterCheck Release Notes ------------------------------- Version 4.14, 10 Jan 2000 Contents -------- 1. Installation and upgrade 2. Modifications from version 4.13 3. Enabling archive scanning 4. Additional configuration options 5. Additional features 6. Known Problems 7. Compatibility issues 8. Acknowledgments 1. Installation and upgrade --------------------------- Version 4.14 of InterCheck requires Sophos SWEEP version 3.30 or above. Please consult the appropriate Sophos Anti-Virus manual for instructions on installing InterCheck. 2. Modifications from version 4.13 ---------------------------------- i. Updated default program extension list The default extension list has been extended to allow checking of Microsoft Help files with the HLP extension and hypertext applications with the HTA extension. Any file whose extension matches an entry in the list will be considered by InterCheck to be a program and will be checked whenever it is accessed. ii. Fix for black screens during initial scanning On start-up InterCheck version 4.13 could sometimes display a totally black screen except for a flashing cursor in the top left corner. The screen remained black until the initial virus scan was completed. InterCheck version 4.14 resolves this problem. 3. Enabling archive scanning ---------------------------- It is possible to configure InterCheck to search for viruses inside archives such as ZIP or TAR. However, by default, this facility has not been enabled, and infected files stored in archives will not be reported until they are extracted for use. The ability to scan inside archive files is disabled by default because it can take a long time to scan inside large archives and a user must wait until the scan is complete before they can continue with their work. However, in some circumstances, it may still be desirable to enable scanning inside archives. This section tells you how to do so. The default action can be modified for the following archive formats: Zip, Arj, Rar, Gzip, Tar and Cmz. For example, to enable Zip file archive handling the following must be added to the INTERCHK.CFG file: [InterCheckGlobal] AddProgramExtension=ZIP [SweepVxDGlobal] VirusEngineSetting:Zip=1 For the other archive formats, each needs to be added as above with a separate AddProgramExtension entry for each different extension used and one VirusEngineSetting entry for the archive type. For example, to enable Tar and Zip file archive handling, where Zip files may have the alternative extension WZP, the following must be added to the INTERCHK.CFG file: [InterCheckGlobal] AddProgramExtension=ZIP AddProgramExtension=WZP AddProgramExtension=TAR [SweepVxDGlobal] VirusEngineSetting:Zip=1 VirusEngineSetting:Tar=1 4. Additional configuration options ----------------------------------- AddProgramExtension=ext This option adds ONE extension to the ProgramExtensions list, but leaves the existing list alone. Note that if this option precedes a ProgramExtensions= option, the single extension is discarded. To add "no extension" to the list, use a dot by itself. DriverIoChecking=YES|NO (Windows 95/98 ONLY) If set to NO, this will suppress interception of certain types of file I/O operations executed by other VxDs in the system. Use this option to avoid problems (such as lock-ups) that can occur when InterCheck intercepts these calls. One third-party product that definitely requires this switch set to NO is ZIPMagic (1.0 and 98) from Mijenix. The default is YES. DriveType=x:,type (Windows 95/98 ONLY) This option allows the user to override the system's assignment of drive types. It is primarily intended for use in the form DriveType=A:,FLOPPY which allows InterCheck to start up without a delay on systems which have no A: floppy drive. It can also be used where a PC boots up from a removable C: drive in order to force InterCheck to treat the removable drive as if it is a fixed hard disk. x: may be any drive letter from A: to Z: (or a: to z:) type may be one of the following: for floppy and other removable drives: FLOPPY,REMOVABLE for non-removable drives: FIXED,HARD DISK,HARDDISK for mapped network drive letters: NETWORK,REMOTE for CD-ROM drives: CDROM,CD for RAM disks: RAMDISK when the drive doesn't exist: ABSENT,NONE NOTE: This option only affects the actions taken by InterCheck during startup. 5. Additional features ---------------------- i. Improved file type detection. The file type detection provided by InterCheck has been extended to detect Microsoft PowerPoint files by default. PowerPoint files will now always be checked for viruses regardless of the file extension. 6. Known Problems ----------------- i. Exclude= does not work correctly on InterCheck for Windows 95/98 InterCheck for Windows 95/98 only allows the use of standard short "8.3" files names in the "Exclude" configuration option. This means that it is not possible to exclude files with long names (e.g. "longfilename.txt"). ii. Batch files run slowly from the network InterCheck can sometimes cause batch files to run very slowly on networked drives. If you encounter this problem, please add the option "Exclude=????????.BAT" to the InterCheck configuration file (INTERCHK.CFG). 7. Compatibility Issues ----------------------- i. Windows 95 and USB support On Windows 95 (OSR2) machines where the "USB (Universal Serial Bus) supplement" has been installed, InterCheck may hang on startup displaying the message "Preparing to sweep". The problem is caused by an obsolete version of the USB supplement. Customers encountering this problem are advised to remove the USB supplement using the "Add/Remove programs" icon in the control panel. When USB support is required, the latest version of the USB supplement should then be installed. ii. Borland C++ and Novell IntraNetWare client There is a problem when using Borland C++ 4.51 and the Novell IntraNetWare client version 3.10 together with InterCheck for Windows 95/98. When building large projects (20+ source files), files are left locked open and cannot be deleted. This problem does not occur when using version 3.02 of the Novell IntraNetWare client. iii. Windows 95 Program Manager It is possible to configure Windows 95 to use a different shell instead of the normal Explorer. Windows 95 includes a version of the Windows 3.1x Program Manager which can be used as a shell. Sophos recommends against using Program Manager as a shell on a machine which runs InterCheck. iv. Hewlett Packard scanners and OCR software If you experience problems such as system lock-ups or fatal exception errors when using OCR software to acquire text directly from a Hewlett Packard scanner while InterCheck is active, you should put the following line in INTERCHK.CFG: Exclude=HPSCAN This prevents InterCheck from attempting to open a device name that is associated with the scanner, and that causes fatal errors if it is opened other than by the application. v. Eudora When Eudora is configured by a command line option to use a network drive for its files, InterCheck causes it to be very slow. This is caused by InterCheck's file type detection trying to identify the kind of file being accessed. The main "culprit" file is eudora.ini. You can improve performance by putting: Exclude=eudora.ini in INTERCHK.CFG. vi. Mijenix Corporation's ZIPMagic InterCheck 4.XX for Windows 95/98 requires the use of the DriverIoChecking=NO configuration file option when used with either ZIPMagic 1.0 or ZIPMagic 98. vii. Windows 95/98 AS/400 Client Access When used with Windows 95/98 AS/400 Client Access V3 R1 M2, the networked InterCheck client requires Service Pack level SF47544. With previous versions of the Client Access software, the Check Version utility (installed by default into the Startup group) would hang the PC with InterCheck present. The stand-alone InterCheck client cannot be used with AS/400 Client Access because the Sweep95 VxD is unable to open files stored on the AS/400. The only solution at present is to use the networked InterCheck client. viii. QEMM version 6.02 InterCheck for DOS will cause the system to hang in response to CTL-ALT-DEL if it is loaded high using QEMM v6.02. However, the diskette in the A drive will be checked for viruses before the system hangs so that the integrity of InterCheck is not compromised. There are a number of possible solutions: a) Upgrade to QEMM version 7. b) Load InterCheck into low memory using the LoadLow=YES configuration option. c) Use the QEMM nr (norom) option. However this does not work with the stealth option. ix. 386Max version 6.01d InterCheck for DOS cannot load high when version 6.01d of the 386Max memory manager has been installed. An error message "Memory allocation error" is displayed after InterCheck has run SWEEP. Use the LoadLow configuration option to load InterCheck into low memory. Alternatively upgrade to 386Max version 6.02 or above. x. NetWare 4.01 The ICLOGIN program is not compatible with the version of the LOGIN program supplied as part of NetWare 4.01. In order to use the ICLOGIN program you must upgrade the Novell login program to version 4.08 or later. Version 4.08 of LOGIN.EXE can be obtained, by all registered users of NetWare 4.01, as part of the "Novell 4.01 Upgrade kit Vol.1 No.1". xi. MSD versions 2.10 and 2.11 The Microsoft diagnostic program, MSD.EXE, supplied with Windows 3.11 and DOS 6.x, does not work correctly with InterCheck. Unless the Novell LSL driver has been loaded before installing InterCheck, the MSD program will crash while initially examining the system, with unpredictable results. The problem has been fixed in version 2.13 of the MSD program, supplied with Windows 95. xii. Other memory resident Anti-Virus products We do not recommend using InterCheck when other memory resident anti-virus are active. Attempting to run multiple anti-virus products in this manner will cause the system to run extremely slowly. In some cases the system may also become unstable. 8. Acknowledgments ------------------ This product uses the SPAWNO routines by Ralf Brown to minimise memory use while shelling to DOS and running other programs. ---------------- Sophos Plc, The Pentagon, Abingdon, OX14 3YP, England Tel 01235 559933 o Fax 01235 559935 Sophos Pty Ltd, Level 4, 725 George Street, Sydney, NSW 2000, Australia Tel 02 9212 1600 o Fax 02 9212 1788 Sophos Plc, 2, Place de la Defense, BP240, 92053 Paris la Defense, France Tel 01 46 92 24 42 o Fax 01 46 92 24 00 Sophos GmbH, Am Hahnenbusch 21, D-55268 Nieder-Olm, Germany Tel 06136 91193 o Fax 06136 911940 Sophos Inc, 50-S Audubon Road, Wakefield, MA 01880, USA Tel 781 213 3456 o Fax 781 213 5466 Sales email sales@sophos.com Technical support email support@sophos.com Web http://www.sophos.com/