home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The PC-SIG Library 13
/
PC-Sig Library (13th Edition) (PC-SIG) (1994).ISO
/
virus
/
vshld104.doc
< prev
next >
Wrap
Text File
|
1993-12-13
|
43KB
|
1,123 lines
VSHIELD Version 5.4 V104
VSHIELD1 Version 0.2
CHKSHLD Version 0.4
Copyright 1989-1993 by McAfee Associates.
All rights reserved.
Documentation by Aryeh Goretsky.
McAfee Associates (408) 988-3832 office
3350 Scott Blvd. Bldg. 14 (408) 970-9727 fax
Santa Clara, CA 95054-3107 (408) 988-4004 BBS (25 lines)
U.S.A USR HST/v.32/v.42bis/MNP1-5
CompuServe GO MCAFEE
Internet support@mcafee.COM
TABLE OF CONTENTS
SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
- What is VSHIELD?
- System requirements
AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . . .3
- Verifying the integrity of VSHIELD
WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . . .4
- New features and viruses added in this release
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
- A note on switches
- General description of VSHIELD
OPERATION and OPTIONS. . . . . . . . . . . . . . . . . . . . . .7
- How to use VSHIELD, VSHIELD1, and CHKSHLD
- Detailed explanation of switches
- ERRORLEVEL's for batch file programming
EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
- Samples of frequently-used options
INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . .16
- How to install VSHIELD on your system
- A note on VSHIELD and networks
VIRUS REMOVAL. . . . . . . . . . . . . . . . . . . . . . . . . .17
- What to do if a virus is found
REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . . .17
- How to register VSHIELD
TECHNICAL SUPPORT. . . . . . . . . . . . . . . . . . . . . . . .18
- Information you should have ready when calling
APPENDIX A . . . . . . . . . . . . . . . . . . . . . . . . . . .19
- Creating an exception list for the /CERTIFY option
APPENDIX B . . . . . . . . . . . . . . . . . . . . . . . . . . .20
- Sample CHKSHLD program script
Page 1
VSHIELD Version 5.4 V104 Page 2
SYNOPSIS
VSHIELD is a virus prevention program for IBM PC and
compatibles. VSHIELD prevents viruses from infecting your
system. When VSHIELD first loads it will search memory, the
master boot record (partition table), boot sector, system
files, and itself for known computer viruses before going into
memory as a Terminate-and-Stay-Resident (TSR) program.
VSHIELD checks for viruses by scanning programs as they
are run for virus signatures and/or validation codes added by
VIRUSCAN. Infected programs are prevented from running and a
a warning message is displayed by VSHIELD. VSHIELD also stops
soft boots from disks infected by boot-sector viruses.
VSHIELD optionally checks validation codes added by SCAN
to check if a file has been altered or modified. This can be
used to detect unknown (new) viruses.
VSHIELD optionally check for viruses as files are copied
or accessed.
VSHIELD optionally provides access control functions to
reduce the risk of virus infection from unauthorized software.
Two discreet programs are available. The first,
VSHIELD.EXE, checks for viruses using virus signatures and
validation codes added by SCAN. The second, VSHIELD1.EXE,
only checks validation codes added by SCAN. Both programs
monitor all program loads from all disks unless otherwise
specified.
The VSHWIN program allows VSHIELD to display messages
while Windows 3.x is running.
The CHKSHLD program checks for VSHIELD in memory for use
in network login scripts.
VSHIELD will run on any PC with 256Kb and DOS 3.0 or
above. VSHIELD1 uses 6Kb of memory. VSHIELD uses 40Kb of base
memory if loaded normally, 3Kb if swapped-to-disk, or 416 bytes
if loaded into upper memory. Compatibility with DOS 2.10
may be available in a subsequent release.
VSHIELD Version 5.4 V104 Page 3
AUTHENTICITY
VSHIELD is packaged with VALIDATE, a program to ensure
the integrity of the executable program files. The
VALIDATE.DOC file describes how to use VALIDATE.
The validation results for the VSHIELD 5.4 V104
should be:
FILENAME: SIZE: DATE CHECK METHOD:
CHKSHLD.EXE S:8,075 D:04-19-93 M1: 85A5 M2: 0A4F
VALIDATE.COM S:12,197 D:03-24-92 M1: D5BB M2: 166F
VSHIELD.EXE S:46,914 D:05-01-93 M1: 4A5F M2: 132B
VSHIELD1.EXE S:11,323 D:02-14-91 M1: 8578 M2: 03CE
VSHWIN.EXE S:14,260 D:03-16-93 M1: 3151 M2: 054B
If your copy of VSHIELD differs, it may have options stored to
it with the /SAVE switch or been damaged by a virus. Run
VSHIELD with just the /SAVE switch to remove any stored options
and then re-run VALIDATE. Always obtain VSHIELD from a trusted
source such as the McAfee BBS, CompuServe, or your local McAfee
Agent. The latest version of VSHIELD and validation codes can
always be found on our BBS at +1 (408) 988-4004.
PKZIP AUTHENTICATION VERIFICATION
All of McAfee Associates' programs are archived with
Version 1.10 of PKWare's PKZIP Authentic File Verification.
When unzipped with Version 1.10 of PKWare's PKUNZIP program,
an "-AV" will be displayed after each file is unzipped and an
"Authentic Files Verified! # NWN405 Zip Source: McAFEE
ASSOCIATES" will appear once all files are unzipped.
NOTE: If you do not receive the Authentic File Verification
messages, you may be using a different version of
PKUNZIP, such as V1.93α or V2.04. Use PKUNZIP Version
1.10 to unzip files if you wish to have Authenticity
Verification displayed as files are unzipped.
VSHIELD Version 5.4 V104 Page 4
WHAT'S NEW
Version 5.4 V104 of VSHIELD adds several new features
and enhancements over the previous V102 release:
· COMMAND.COM is no longer reported as modified when
VSHIELD is run with the /CF option.
· The /WINDOWS option now displays messages using a Windows
dialogue box when a virus is found, instead of opening a
windowed DOS screen. This is done through a new file named
VSHWIN.EXE. See the description of the /WINDOWS switch for
more information.
· Running VSHIELD under Windows with the /CERTIFY switch
no longer prevents all programs from running.
· At the request of users, the /COPY switch has been disabled
under Windows. The V102 release did enable it, but trapped
program loads as well, causing significant system slow-downs.
To check for copying under Windows, use the /ACCESS switch
instead.
· Fixed "Null Pointer Assignment" error message that would
be displayed when VSHIELD was run with the /RECONNECT switch
multiple times.
· CHKSHLD now displays the options VSHIELD was load with, if
any.
For more information on viruses added in this release,
please refer to the VIRUSCAN documentation, the accompanying
VIRLIST.TXT file, or Patricia Hoffman's Hypertext VSUM.
VSHIELD Version 5.4 V104 Page 5
OVERVIEW
VSHIELD is a memory-resident program that prevents virus
infection. VSHIELD does this by checking programs as they are
loaded by the computer. VSHIELD will not allow a file to run if
a virus is found, a program does not match its validation code,
or a file is not on the /CERTIFY list--this prevents the virus
from entering your system. VSHIELD also checks for boot
sector viruses during reboots and optionally checks for viruses
during copy operations or whenever a disk is accessed.
When VSHIELD is run from the AUTOEXEC.BAT, it is installed
each time the system is turned on or rebooted. VSHIELD checks
memory, the partition table, boot sector, system files, and
itself for viruses prior to installation as a Terminate-and-
Stay-Resident (TSR) program. It monitors all program loads
for viruses.
When a system is booted from an infected disk, VSHIELD will
detect the virus the next time VSHIELD runs since VSHIELD must
be in memory to detect the virus.
VSHIELD has four user-selectable levels of protection:
- Level I protection, provided by VSHIELD1, checks validation
codes added by VIRUSCAN's /AV or /AG switches [see
VIRUSCAN's documentation for more information]. Programs
failing the validation check will not be allowed to run.
VSHIELD1 also checks the partition table and boot sector
validation codes, if present. Level I provides minimal
protection only and is not recommended for normal use,
VSHIELD is recommended instead.
- Level II protection, provided by VSHIELD, checks programs
for virus signatures, the pattern of code unique to each
virus. If a virus is found, VSHIELD will not allow the
program to run. VSHIELD will also prevent reboots from
disks infected with a boot sector viruses.
- Level III protection, provided by VSHIELD /CF {filename} or
/CV, incorporates both Level I and Level II protection.
- Level IV protection, provided by VSHIELD /CERTIFY,
incorporates Level III protection with access control,
specifying which programs can be run.
VSHIELD Version 5.4 V104 Page 6
Each level of protection has its advantages and disadvantages.
VSHIELD1 (Level I) requires the least system overhead,
using 6Kb of memory. It provides only minimal protection.
VSHIELD (Levels 2-4) requires as much as 40Kb of memory;
this may be reduced to 416 bytes by loading into upper memory.
VSHIELD1 will add an average of one second to each program
load.
VSHIELD adds an average of one second to program loads and
six seconds to reboots. Using the /SWAP option adds an
additional second since VSHIELD must re-load itself from disk
prior to checking another file.
VSHIELD will not degrade the performance of the system once
programs have been loaded, except for programs which load other
programs when the /ACCESS or /COPY options are being used.
NOTE: VSHIELD and VSHIELD1 should not be used simultaneously.
Either one or the other should be used, but not both.
CHKSHLD is run to see if VSHIELD is in memory. CHKSHLD can
look for the presence of any version of VSHIELD, or a specific
version (a feature that can be used to update a workstation from
its file server).
INTERNET ACCESS TO McAFEE ASSOCIATES SOFTWARE
The latest versions of McAfee Associates' anti-viral
software is now available by anonymous ftp (file transfer
protocol) over the Internet from the site mcafee.COM. If
your domain resolver does not support names, use the IP#
192.187.128.1. Enter "anonymous" for your user I.D. and
your own email address for the password. Programs are
located in the pub/antivirus directory. If you have any
questions, please send email to support@mcafee.COM
McAfee Associates' anti-viral software may also be
found at the Simtel20 archive site WSMR-SIMTEL20.Army.MIL
in the PD1:<MSDOS.TROJAN-PRO> directory and its associated
mirror sites WUARCHIVE.WUSTL.EDU (US), NIC.SWITCH.CH (Swiss),
NIC.FUNET.FI (Finland), SRC.DOC.IC.AC (UK), and
ARCHIE.AU (Australia).
VSHIELD Version 5.4 V104 Page 7
OPERATION and OPTIONS
IMPORTANT NOTE: CREATE A BACKUP DISK BY COPYING VSHIELD TO A
BLANK FLOPPY AND WRITE-PROTECT IT
To provide optimal protection against viruses VSHIELD (or
VSHIELD1) should normally be placed at the end of the
AUTOEXEC.BAT. However, if a menu program is run from the
AUTOEXEC.BAT, VSHIELD should be loaded before it. Popular
menu programs include MS-DOS's DOSSHELL, etc.
Loading disk cache or network driver programs after
VSHIELD may disable it. To prevent this from happening, re-run
VSHIELD with the /RECONNECT switch.
CHKSHLD should be run from the network login script. An
ERRORLEVEL is returned if VSHIELD is in memory. This can be
used for creating scripts to check and update VSHIELD.
A NOTE ON VSHIELD'S SWITCHES
VSHIELD is designed to provide a high degree of protection
even when none of the switches below are used. Placing VSHIELD
in the AUTOEXEC.BAT file with no options provides sufficient
protection for virtually all environments. If available memory
is at a premium, the /LH (Load High) or /SWAP (Swap-to-Disk)
options can be used to minimize memory usage.
Other options should be used only if required due to non-
standard systems or special security needs. VSHIELD provides
many options for flexibility in meeting the needs of corporate,
network, and secure environments but trade-offs in system
overhead and user restrictions must be carefully evaluated.
VSHIELD Version 5.4 V104 Page 8
Valid options for VSHIELD are listed below:
VSHIELD {options}
Options are:
/ACCESS - Check for virus when files are opened
/CERTIFY {filename} - Enable access control ({filename} is an
optional exception list)
/CF {filename} - Check for viruses using recovery & validation
data stored in {filename}
/CHKHI - Check memory from 0-1088Kb for viruses
/CONTACT {message} - Display {message} when virus is found
/COPY - Check for viruses during COPY operations
/CV - Check validation codes added by VIRUSCAN
/IGNORE {drive(s)} - Ignore program loads from specified drive(s)
/LH - Load VSHIELD into upper memory blocks
/LOCK - Halt system when a virus is found
/M - Scan memory for all viruses during install
(see restrictions below)
/NB - Disable boot sector check during install
and reboot
/NI6510 - Fixes Racal Datacomm NI6510 conflict
/NOBREAK - Disable Ctrl-C / Ctrl-Brk during install
/NOCONT - Prevent running of non-certified programs
/NODISK - Disable boot sector check during install
only
/NOMEM - Skip memory checking
/NOREMOVE - Disable /REMOVE switch
/ONLY {drive(s)} - Check program loads from specified drive{s}
/RECONNECT - Re-link system interrupts after network
drivers are loaded
/REMOVE - Unload VSHIELD from memory
/SAVE - Save specified switches as new defaults
/SWAP {pathname} - Load kernel (3Kb) only; swap rest to disk
* /WINDOWS {pathname} - Install VSHWIN Windows compatibility module
*New in this release.
VSHIELD Version 5.4 V104 Page 9
The /ACCESS option tells VSHIELD to check for viruses
whenever a program is opened, such as during DOS operations
(ATTRIB, COPY, DIR, REN, and so forth) and file manipulation
by menu, shell, and utility programs. This option is
intended for high risk environments such as open-use computer
labs, help desks, and software developers. It will slow down
any program file accesses by approximately 15-20%, as such it
is not recommended for use with the /CF, /CV, or /CG options
for performance reasons. This option will not work with the
/COPY or /SWAP options.
NOTE: /ACCESS must be used in place of /COPY for checking
COPY operations with 4DOS or the Windows File Manager.
The /CF option checks recovery and validation data stored
by VIRUSCAN's /AF option. If a file or system area has changed,
VSHIELD will report that a viral infection may have occurred. The
syntax is /CF {filename}, where {filename} is the name of the
recovery and validation data file created by VIRUSCAN.
The /CERTIFY option prevents files without validation codes
added by VIRUSCAN from being run. For this option to work, the
/CF {filename}, /CG, or /CV switches must be used. This option
is primarily for system administrators to prevent users from
running programs that could introduce a virus. An exception list
of "trusted" files can be created to allow use of programs that do
not work correctly with validation codes attached. For
instructions on creating an exception list, refer to Appendix A.
NOTE: Running /CERTIFY without an exception list or validation
codes will prevent all programs except for DOS internal
commands from running.
The /CHKHI option checks memory above 640Kb on 286/386/486
systems for viruses. This covers Upper Memory Blocks from
640 - 1024K, and the High Memory Area from 1024 - 1088K. This
option cannot be used with the /NOMEM option.
The /CONTACT option is used to display a custom message
when a virus is found. The message can be up to 50 characters
long and contain any character except for a backslash "\".
Messages starting with a hyphen "-" or slash "/" must be placed
into quotation marks.
VSHIELD Version 5.4 V104 Page 10
The /COPY option checks files for viruses during COPY
operations and checks the floppy drives for boot sector viruses
during COPY and DIR operations. The /COPY option does not work
with 4DOS or the Windows File Manager; to check COPY operations
done by them use the /ACCESS option instead. This option
cannot be used with the /ACCESS or /SWAP options.
The /CV option checks validation codes added by SCAN to
.COM and .EXE files. If a file has changed it will no longer
match its validation code and VSHIELD will report the file has
been modified and a viral infection may have occurred. For
instructions on adding validation codes, refer to VIRUSCAN's
documentation.
The /IGNORE option tells VSHIELD to ignore program loads
from specified drives. Ignored drives will NOT be checked for
viruses. Up to 26 drives may be ignored. /IGNORE is designed
for use with LAN's that have virus protection and is not
recommended for PC's or networks with no anti-viral software.
The /LH option loads VSHIELD into upper memory. For /LH to
work, an expanded memory manager such as Microsoft's EMM386,
Quarterdeck's QEMM, Helix' NetRoom, or Qualitas' 386^MAX should
be used. This option cannot be used with /SWAP.
The /LOCK option halts the system if a virus is found so
that infection cannot occur. It is recommend that the /CONTACT
switch be used to tell the user what to do when the system
halts.
The /M option checks base memory for all known memory-
resident viruses before VSHIELD installs in memory. By default,
VSHIELD only checks memory for critical (stealth) viruses. If a
critical virus is found during installation, VSHIELD will stop
and advise the user to turn off the PC, boot from a clean
(virus-free) DOS system disk and scan the system for viruses.
For a listing of critical viruses, please refer to the VIRUSCAN
documentation. This option cannot be used with the /NOMEM
option.
VSHIELD Version 5.4 V104 Page 11
The /NB option tells VSHIELD to skip the partition table
and boot sector check during installation and reboots. This
option can be used to load VSHIELD from a network server.
The /NI6510 option prevents a conflict between VSHIELD
Racal-Datacomm NI6510 network interface cards: when a PC was
rebooted, a stream of corrupted packets would be sent across the
network. The problem and solution is specific the NI6510 and
does not apply to any other product.
The /NOBREAK option prevents Ctrl-C and Ctrl-Brk from
stopping VSHIELD during the installation process.
The /NOCONT option prevents the user from proceeding after
the "Proceed Anyway? Y/N" message when running non-certified
programs.
The /NODISK option disables the boot sector and partition
table check during installation. This option can be used to
load VSHIELD from a network server.
The /NOMEM option skips the memory check for viruses during
installation. It should only be used when a PC is known to be
virus-free. This option cannot be used with the /CHKHI or /M
options.
The /NOREMOVE option prevents VSHIELD from being unloaded
with the /REMOVE option. This option cannot be used with the
/REMOVE option.
The /ONLY option tells VSHIELD to check program loads only
from the specified drives. All other drives will be ignored.
This option cannot be used with the /IGNORE option.
The /RECONNECT option is used to restore VSHIELD's link
into DOS after another program has disabled it, such as a
network driver or disk cache. This eliminates the need to
continually load and unload VSHIELD when logging on to a
network.
The /REMOVE option unloads VSHIELD from memory. If other
memory resident programs are loaded after VSHIELD, then VSHIELD
cannot be unloaded. This option can be disabled by installing
VSHIELD with the /NOREMOVE option.
VSHIELD Version 5.4 V104 Page 12
The /SAVE option is used to store VSHIELD options for
subsequent executions of VSHIELD. Options are stored by
modifying the VSHIELD.EXE executable file. For example:
VSHIELD /LH /M /NOBREAK /SAVE
will set the VSHIELD defaults to /LH, /M, and /NOBREAK. If
VSHIELD is run with just the /SAVE switch, then all options are
removed and VSHIELD executes with its original default settings.
The /SWAP option tells VSHIELD to install a small (3Kb)
kernel in memory and load itself on demand. If a path is
specified after /SWAP, VSHIELD will swap from there instead
of the path from which it is being executed. The /SWAP option
cannot be used with the /COPY or /ACCESS options.
NOTE: The /SWAP parameter should only be used if limited
amounts of memory are available for programs. It is
recommended that VSHIELD be used without the /SWAP
option whenever memory permits.
The /WINDOWS option allows VSHIELD to display messages
under Windows 3.X in a Windows dialogue box. This is done by
installing the VSHWIN.EXE file in the Windows directory and
modifying the WIN.INI file to load it when Windows is run.
VSHIELD, by default, updates Windows by searching for a
directory named \WINDOWS on the current drive. If Windows is
not on the current drive, then a {pathname} may be specified
telling VSHIELD where to install VSHWIN.EXE (and WIN.INI).
NOTE: This option now installs the Windows display program
and needs to be run once.
ERROR LEVELS
After VSHIELD has installed itself in memory, it will set
the DOS ERRORLEVEL. ERRORLEVEL's are used in batch files to
pass along the results of a programs's actions. The
ERRORLEVEL's returned by VSHIELD are:
ERRORLEVEL │ DESCRIPTION
═══════════╪═══════════════════════════════════════════════
0 │ No viruses found
1 │ One or more viruses found
2 │ Abnormal termination (program error)
VSHIELD Version 5.4 V104 Page 13
VSHIELD1
Valid options for VSHIELD1 are listed below:
VSHIELD1 /NB /REMOVE
Options are:
/NB - Disable boot sector checking during install
and reboot.
/REMOVE - Unload VSHIELD1 from memory
The /NB option tells VSHIELD1 to skip the partition table
and boot sector check during installation and reboots.
The /REMOVE option unloads VSHIELD1 from memory. If other
memory resident programs are loaded after VSHIELD1, then
VSHIELD1 cannot be unloaded.
VSHIELD Version 5.4 V104 Page 14
Valid options for CHKSHLD are listed below:
CHKSHLD /DEBUG /Q /V "xxxxx" /? /H /HELP
Options are:
/DEBUG - Display version and ERRORLEVEL
/Q - Quiet mode (no messages displayed)
/V "xxxxx" - Check for version "xxxxx" of VSHIELD in memory
/? /H /HELP - Display help screen
The /DEBUG option displays the version of VSHIELD resident
in memory and the DOS ERRORLEVEL on the screen.
The /Q option stops CHKSHLD from displaying any messages.
The /V option tells CHKSHLD to look for a specific version
of VSHIELD in memory. For example, "4.3 V84" for VSHIELD 4.3 V84.
The /?, /H, and /HELP options display a help screen.
CHKSHLD's ERRORLEVELS
CHKSHLD sets the DOS ERRORLEVEL to the following values:
ERRORLEVEL │ DESCRIPTION
═══════════╪═══════════════════════════════════════════════
0 │ VSHIELD is resident, or if /V is used, the
│ version specified is resident in memory.
1 │ VSHIELD is resident but does not match /V
2 │ VSHIELD is NOT resident in memory
3 │ Abnormal termination (program error)
OPERATION
CHKSHLD allows network administrators to check workstations
for VSHIELD before allowing them to log on to a network.
CHKSHLD is not recommended for home or non-network users.
A sample login script for Novell NetWare is included in
Appendix B.
VSHIELD Version 5.4 V104 Page 15
EXAMPLES
The following examples show different option settings:
VSHIELD
Installs VSHIELD (Level II protection)
VSHIELD /CV
Installs VSHIELD (Level III protection)
VSHIELD /CERTIFY EXCPTN.LST
Installs VSHIELD (Level IV protection) with an
exception list named EXCPTN.LST.
VSHIELD /SWAP
Installs VSHIELD kernel in memory and swaps from
root directory of disk with DOS 3.0 and above.
VSHIELD /CV /CONTACT "Please Contact the PC Help Desk"
Installs VSHIELD (Level III protection) and
display a message if virus is found.
VSHIELD /M /CHKHI /CV /LH
Installs VSHIELD (Level III protection) checking for
all memory resident viruses in base and high memory
prior to install, load VSHIELD high
VSHIELD /RECONNECT
Re-enable VSHIELD after it has been disconnected by
network device drivers.
VSHIELD /CF C:\MCAFEE\SCANCRC.CRC
Install VSHIELD with Level III protection checking
recovery & validation data file created by VIRUSCAN's
/AF option.
VSHIELD /WINDOWS D:\WINDOWS
Install VSHIELD's VSHWIN.EXE display driver in Windows
directory on drive D:.
CHKSHLD /V "5.4 V104" /Q
Checks for VSHIELD 5.4 V104 in memory, no messages
displayed.
VSHIELD Version 5.4 V104 Page 16
INSTALLATION
For optimum protection, place VSHIELD as the last line in
your AUTOEXEC.BAT file. If you are using a menu program, place
VSHIELD before it in the AUTOEXEC.BAT.
A NOTE ON VSHIELD AND NETWORKS
If network drivers are being used, VSHIELD *MUST* be run
again with the /RECONNECT option AFTER the network drivers are
loaded. This is because network drivers replace the normal DOS
system interrupts so VSHIELD no longer recognizes program loads.
It is recommended that VSHIELD be used in non-swap mode if
free memory permits. Use of the /SWAP option will slow down the
system and may cause conflicts with programs that fail to
allocate memory properly from the system. If conflicts occur,
remove the /SWAP option and reboot the system. If there is not
enough memory to load VSHIELD in non-swap mode, then VSHIELD1
should be used instead.
Networks other than Microsoft LAN Manager with workstations
running Windows 3.0 and printing to an HPLJ II (or compatible)
printer over the network occasionally have problems with random
blocks of memory being sent to the printer when VSHIELD is
installed. This is because other network operating systems may
not redirect the printer correctly. This can be fixed by
changing all occurrences of the text "LPT1:" to "LPT1.PRN:"
while leaving the "LPT1.OS2:" text alone in WIN.INI or upgrading
to Windows 3.1.
If VSHIELD is to be run from a network drive, it should be
flagged as EXECUTE ONLY, READ ONLY, and SHAREABLE. If the PC is
booted from a local drive, the /NODISK option should be used.
If the PC is booted from a boot ROM on a NIC, the /NB switch
should be used.
VSHIELD Version 5.4 V104 Page 17
VIRUS REMOVAL
What do you do if a virus is found? You can contact McAfee
Associates for help by BBS, FAX, telephone, Internet, or
CompuServe. There is no charge for support calls to McAfee
Associates.
The CLEAN-UP universal virus disinfection program can
disinfect virtually all reported computer viruses. It is
updated with each release of the SCAN program to remove new
viruses. CLEAN-UP can be downloaded from McAfee Associates'
BBS, the mcafee.COM site on the Internet, the McAfee Virus
Help Forum on CompuServe, or from any of the agents listed in
the enclosed AGENTS.TXT file.
It is strongly recommended that you get experienced help in
dealing with viruses if you are unfamiliar with anti-virus
software and methods. This is especially true for 'critical'
viruses and partition table/boot sector infecting viruses as
improper removal of these viruses can result in the loss of all
data and use of the infected disk(s). [For a listing of critical
viruses, please refer to the VIRUSCAN documentation.]
For qualified assistance in removing a virus, please
contact McAfee Associates directly or any of the Authorized
McAfee Associates Agents in your area. Agents may charge McAfee
Associates normal support rates for their services.
If you wish to remove a file-infecting virus manually, you
can run SCAN with the /A and /D switches to erase all infected
files.
Before removing a boot sector and partition table-infecting
virus, it is recommended that you cold boot the infected PC from
a clean DOS disk and backup any critical data.
REGISTRATION
A registration fee of US$25.00 is required for the use of
VSHIELD by individual home users. Registration entitles the
holder to unlimited free upgrades from McAfee Associates' BBS
or the Computer Virus Help Forum on CompuServe and technical
support for one year. When registering, a disk containing the
latest version may be requested for an additional US$9.00
Only one diskette mailing will be made.
Registration is for home users only and does not apply to
businesses, corporations, organizations, government agencies, or
schools, who must obtain a license for use. Contact McAfee
Associates directly or an Authorized Agent for information on
licensing.
VSHIELD Version 5.4 V104 Page 18
TECHNICAL SUPPORT
For fast and accurate help, please have the following
information ready when you contact McAfee Associates:
· Program name and version number.
· Type and brand of computer, hard disk, plus any
peripherals.
· Version of DOS plus any TSRs or device drivers in use.
· Printouts of your AUTOEXEC.BAT and CONFIG.SYS files.
· A printout of what is in memory from the MEM command
(DOS 4 and above users only) or a similar utility.
· The exact problem you are having. Please be as
specific as possible. Having a printout of the
screen and/or being at your computer will be helpful.
McAfee Associates can be contacted by BBS, CompuServe, FAX, or
InterNet 24 hours a day, or by telephone at (408) 988-3832,
Monday through Friday, 7:00AM to 5:30PM Pacific Time.
McAfee Associates, Inc. (408) 988-3832 office
3350 Scott Blvd. Bldg. 14 (408) 970-9727 fax
Santa Clara, CA 95054-3107 (408) 988-4004 BBS (25 lines)
U.S.A USR HST/v.32/v.42bis/MNP1-5
CompuServe GO MCAFEE
InterNet support@mcafee.COM
VSHIELD Version 5.4 V104 Page 19
APPENDIX A: Creating an Exception List for the /CERTIFY Option
NOTE: The /CERTIFY option is for use in environments where a
significant risk of virus infection from unauthorized
software exists. It is not for environments where new
software is introduced on a continuous basis.
Exception List data files created with an editor or word
processor must be saved as ASCII text files. Be sure each line
ends with a CR/LF pair.
When VSHIELD is used with the /CERTIFY option only files
that have been validated by SCAN are allowed to run. If
/CERTIFY with an Exception List is used on a system with no
files validated by SCAN then only the files listed in the
Exception List will be allowed to run.
The Exception List uses the following format:
d:\pathnam1\filenam1.ext
*comment
.
.
d:\pathnam1\filenam2.ext
*more comments
Where "d:" is the name of the drive, "\pathnam1\" is the name of
the path, and "filename.ext" is the name of the file, including
the extension. An Exception List can be up to 1,000 characters
long. Comment lines are preceded with an asterisk "*" and are
ignored by VSHIELD.
Running /CERTIFY without an exception list will prevent all
programs other than DOS internal commands from being run.
VSHIELD 104 Page 20
APPENDIX B: Miscellaneous Application Notes
SAMPLE NOVELL LOGIN SCRIPT AND .BAT FILE FOR VSHIELD AND CHKSHLD
The following is a sample system login script for use by
Novell NetWare system administrators. The login script gets
the ERRORLEVEL from Novell NetWare and then displays the error
messages on the users' screens. The script exits the user to
a .BAT file that performs a logout if there is an internal error
with CHKSHLD, VSHIELD has not been installed, or an older
version of VSHIELD is present when a PC logs on to a network.
(Start of sample Novell system login script)
#CHKSHLD /V 4.3V84
IF ERROR_LEVEL = "3" THEN
FIRE PHASERS 5 TIMES
WRITE "A CHKSHLD internal error has occurred."
WRITE "Please contact the Help Desk."
EXIT "NOLOGIN"
ELSE
IF ERROR_LEVEL = "2" THEN
FIRE PHASERS 5 TIMES
WRITE "VSHIELD has not been installed on your PC."
WRITE "Access denied. Please contact the Help Desk."
EXIT "NOLOGIN"
ELSE
IF ERROR_LEVEL = "1" THEN
FIRE PHASERS 5 TIMES
WRITE "An old version of VSHIELD has been installed."
WRITE "Access to the network has been denied. Please"
WRITE "contact the Help Desk to have a new version
WRITE "installed."
EXIT "NOLOGIN"
END
END
END
(End of sample Novell system login script)
(Start of sample NOLOGIN.BAT file)
ECHO OFF
REM Log the user off of the network
LOGOUT
(End of sample NOLOGIN.BAT file)
More complex login scripts can be created to send a message to
the supervisor if an error has occurred, update the user's
VSHIELD.EXE as he logs in to the network, etc.
