ftp.uv.es

home *** CD-ROM | disk | FTP | other *** search

/ ftp.uv.es / 2014.11.ftp.uv.es.tar / ftp.uv.es / pub / antivirus / group_shield / notes_4 / os2 / 4GSO314E.ZIP / QAREA.NTF (.txt) < prev next >

Wrap

Lotus Notes Database | 1997-08-28 | 459KB | 3,700 lines

GroupShield Quarantine Area GroupShieldOff #1GroupShieldQArea3 C:\WORK\GSHIELD\GENESIS CN=Gregory Tetrault/O=Sybari/C=US -Default- LocalDomainServers OtherDomainServers count RestoreCount| $Restored count $Restored dA>7h $VStatus.Old $VStatus $VStatus Confirmed Changed: $VStatus.Old" to " $VStatus" $AuditTrail $VStatus.Old Initialized: $VStatus" $VStatus $VStatus.Old $AuditTrail $AuditTrail 3/jqLo $VStatus.Old $VStatus $VStatus False Changed: $VStatus.Old" to " $VStatus" $AuditTrail $VStatus.Old Initialized: $VStatus" $VStatus $VStatus.Old $AuditTrail $AuditTrail $VStatus.Old $VStatus $VStatus Unknown Changed: $VStatus.Old" to " $VStatus" $AuditTrail $VStatus.Old Initialized: $VStatus" $VStatus $VStatus.Old $AuditTrail $AuditTrail ######################################################## $Modified 1S2S3S $TITLE$FormPrivs$FormUsers$Body$Flags$Class$Modified$Comment$AssistTrigger$AssistType$AssistFlags$UpdatedBy$$FormScript_O 0SL1S3724 $TITLE(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################################################### fb((` h(ff( h((ff (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US ########################################################## 3/jqLo SymbolCD rmsSymbolTypeSymbolName(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################# Edit VirusVirusEditRTFEditCD $MessageID.X$Recipients.XFrom$VStatus$Source$Domain$DbTitle$DesignID$Modified$Created$ScanOptions$Antigen(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################### 1. Incidents Today1J $16$9$12$10$13$15$3 52Wingdings62Wingdings718SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US############################## 2. Incidents This Week1I $6$9$12$16$13$15$3 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US2 ########################################################## 3. Restored Documents\c. By User, Status | RestoreDocs15 $11$10$0$9$2 518Symbol~ GroupScanRFlag| $Recipients.X Restored Memo Restored Doc (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################# 3. Restored Documents\b. By Database, Status17 $12$13$14$9$11 518Symbol~ GroupScanRFlag| $Recipients.X Restored Memo Restored Doc (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######################### 3. Restored Documents\a. By Status, Database17 $13$14$12$9$11 518Symbol~ GroupScanRFlag| $Recipients.X Restored Memo Restored Doc (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######################### 4. False Alarms\a. By Design ID $DesignID 00000000 $DesignID $MacroID $Titleh $$Title $$Title $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $AuditTrail No changes made $4$3$2$0$Conflict $VStatus False $DesignID 00000000 $MacroID 00000000 $4IDR $DesignID 00000000 $DesignID $MacroID $Titleh $$Title $$Title $2Design Name $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $0Audit Trail $AuditTrail No changes made 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US############################################ 4. False Alarms\b. Lookup Table | CSTable $Titleh $$Title $$Title $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $AuditTrail $3$DesignID$MacroID$2$0$Conflict $VStatus False $DesignID 00000000 $MacroID 00000000 $DesignID$MacroID $Titleh $$Title $$Title $DesignIDDesign ID$MacroIDMacro ID$2Design Name $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $0Audit Trail* $AuditTrail 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################ 5. Help Desk\a. By Database, Date $DbTitle $DbTitleh $DbTitle\ [Unknown] $DbTitle [Blank] $DbTitle $ScanTime $ScanTime $Titleh $$Title $$Title $Source GroupScan GroupShield NScan $Source $Source $Source $DbTitle$0$1$2$3$4$Conflict $DesignID $DbTitle$0$2 $DbTitle $DbTitle $DbTitleh $DbTitle\ [Unknown] $DbTitle [Blank] $DbTitle $ScanTime $ScanTime $Titleh $$Title $$Title $2Program $Source GroupScan GroupShield NScan $Source $3Server> $Source $4Source Database: $Source 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################################################ 5. Help Desk\b. By User, Date $Source $ScanTime $ScanTime $Titleh $$Title $$Title $Source GroupScan GroupShield NScan $Source $Source $Source $DbTitle" $5$0$1$2$3$4$Conflict $DesignID $5$0$2 $Source $ScanTime $ScanTime $Titleh $$Title $$Title $2Program $Source GroupScan GroupShield NScan $Source $3Server> $Source $4Source Database $Source $DbTitle" 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################## 5. Help Desk\c. By Server, Program $Source $Source via $Source GroupScan GroupShield NScan $Source $Titleh $$Title $$Title $ScanTime $ScanTime $ScanTime $DbTitleh $DbTitle\ [Unknown] $DbTitle [Blank] $DbTitle $Source $9$5$1$ScanTime$6$4$Conflict $DesignID $9$5$ScanTime$6 518Symbol AntigenNoGUI| $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US####################################### 5. Help Desk\d. By Program, Server $Source GroupScan GroupShield NScan $Source $Source $Source via $Titleh $$Title $$Title $ScanTime $ScanTime $DbTitleh $DbTitle\ [Unknown] $DbTitle [Blank] $DbTitle $Source $5$10$1$8$6$4$Conflict $DesignID $5$10$8$6 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US ########################################################## 5. Help Desk\e. By Month, Day13 $7$6$8$0$2 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US#################################### 3051. Select Documents (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US############################################## ########################################################## Library Symbol Name: SymbolName Type: SymbolType SourceResultModule ########################### ####### @@ @@@@@`@@ @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @@ @@@@@`@@ @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ Edit Virus $Antigen: $Antigen $ScanOptions: $ScanOptionsb $ScanOptions $Created: $Created $Modified: $Modified $DesignID: n $DesignID $DbTitle: $DbTitle $Domain: e $Domain $Source: $Source $VStatus: Unknown Virus SaveOptions $VStatus $VStatusIs this document a confirmed virus or a false alarm? Unknown Virus | UnknownConfirmed Virus | ConfirmedFalse Alarm | False Mail From: t Recipients: $Recipients.X Message ID: $MessageID.X $ScanTime $ScanTime $ScanTime $ScanTime Sunday Monday Tuesday Wednesday Thursday Friday Saturdayw $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime atext Midnight btext Midnight btext to " atext $ScanTime $ScanTime $Titleh $$Title $$Title $ScanTime $ScanTime D1T1S1V $Source GroupScan GroupShield NScan $Source $Source $Source $16$9$12$10$13$14$15$3$7$Conflict $VStatush $VStatus Unknown $DesignID $ScanTime $16Date2 $ScanTime $ScanTime $ScanTime $ScanTime Sunday Monday Tuesday Wednesday Thursday Friday Saturdayw $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime atext Midnight btext Midnight btext to " atext $ScanTime $ScanTime $Titleh $$Title $$Title $15Time $ScanTime $ScanTime D1T1S1V $3Program $Source GroupScan GroupShield NScan $Source $7Database $Source $Source $ScanTime $ScanTime $ScanTime $ScanTime Sunday Monday Tuesday Wednesday Thursday Friday Saturdayw $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime atext Midnight btext Midnight btext to " atext $ScanTime $ScanTime $Titleh $$Title $$Title $ScanTime $ScanTime D1T1S1V $Source GroupScan GroupShield NScan $Source $Source $Source $6$9$12$16$13$11$15$3$14$Conflict $VStatush $VStatus Unknown $DesignID $ScanTime $6Date0 $ScanTime $ScanTime $ScanTime $ScanTime Sunday Monday Tuesday Wednesday Thursday Friday Saturdayw $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime atext Midnight btext Midnight btext to " atext $ScanTime $ScanTime $Titleh $$Title $$Title $15Time $ScanTime $ScanTime D1T1S1V $3Program $Source GroupScan GroupShield NScan $Source $14Database $Source $Source $Source $Restored $Restored $Restored $Restored Not restored $Restored Restore error $Restored Queued for restore $Restored Restore complete $Restored Ready for clipboard Restored $Restored times" $Titleh $$Title $$Title $Source $Source $Restore $JobError $JobError $Source $11$10$0$5$9$2$8$Conflict $DesignID $Source $Restored $114 $Source $Restored $Restored $Restored $Restored Not restored $Restored Restore error $Restored Queued for restore $Restored Restore complete $Restored Ready for clipboard Restored $Restored times" $Titleh $$Title $$Title $2Database $Source $Source $8Universal Note ID~ $Restore $JobError $JobError $Source $Source $Source $Restored $Restored $Restored $Restored Not restored $Restored Restore error $Restored Queued for restore $Restored Restore complete $Restored Ready for clipboard Restored $Restored times" $Titleh $$Title $$Title $Source $Restore $JobError $JobError $Source $12$13$14$5$9$11$8$Conflict$REF $DesignID $Source $Restored $12Database $Source $Source $Restored $Restored $Restored $Restored Not restored $Restored Restore error $Restored Queued for restore $Restored Restore complete $Restored Ready for clipboard Restored $Restored times" $Titleh $$Title $$Title $11User@ $Source $8Universal Note ID~ $Restore $JobError $JobError $Source $Restored $Restored $Restored $Restored Not restored $Restored Restore error $Restored Queued for restore $Restored Restore complete $Restored Ready for clipboard Restored $Restored times" $Source $Source $Titleh $$Title $$Title $Source $Restore $JobError $JobError $Source $13$14$12$5$9$11$8$Conflict $DesignID $Source $Restored $13v $Restored $Restored $Restored $14StatusP $Restored Not restored $Restored Restore error $Restored Queued for restore $Restored Restore complete $Restored Ready for clipboard Restored $Restored times" $Source $Source $Titleh $$Title $$Title $11User@ $Source $8Universal Note ID~ $Restore $JobError $JobError $Source $Source $Source via $Source GroupScan GroupShield NScan $Source $Titleh $$Title $$Title $ScanTime6 $ScanTime $ScanTime $ScanTime $6Database Title $DbTitleh $DbTitle\ [Unknown] $DbTitle [Blank] $DbTitle $4Source Database File: $Source $Source GroupScan GroupShield NScan $Source $Source $Source via $Titleh $$Title $$Title $ScanTime $ScanTime $6Database Title $DbTitleh $DbTitle\ [Unknown] $DbTitle [Blank] $DbTitle $4Source Database File: $Source $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime Sunday Monday Tuesday Wednesday Thursday Friday Saturdayw the $Titleh $$Title $$Title $Source GroupScan GroupShield NScan $Source $Source $Source $DbTitle" $7$6$8$0$1$2$3$4$Conflict $DesignID $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime $ScanTime Sunday Monday Tuesday Wednesday Thursday Friday Saturdayw the $Titleh $$Title $$Title $2Program $Source GroupScan GroupShield NScan $Source $3Server> $Source $4Source Database $Source $DbTitle" 5. Help Desk\f. By Author, Date> [Unknown] $ScanTime $ScanTime $Titleh $$Title $$Title $Source GroupScan GroupShield NScan $Source $Source $Source $DbTitle" $5$0$1$2$3$4$Conflict $DesignID $5$0$2 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US##################################################### 5. Help Desk\g. By Domain, Server15 $5$9$10$6$11 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US############################## (7. Enterprise\b. By Org. Tree, Server)16 $12$9$10$6$11 518Symbol AntigenNoGUI| $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################# (7. Enterprise\c. By Org. Tree, User) $Source $Source $Titleh $$Title $$Title $Source GroupScan GroupShield NScan $Source $DbTitle" $Source $14$9$1$6$11$4$Conflict $DesignID $14$9$6$11 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######################### (7. Enterprise\d. By Org. Tree, Author) [Unknown] $Titleh $$Title $$Title $Source GroupScan GroupShield NScan $Source $DbTitle" $Source $14$9$1$6$11$4$Conflict $DesignID $14$9$6$11 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US##################### 6. Analysis\a. By Status, Server1" $2$0$10 522SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################################## 6. Analysis\b. By Type, Class1" $15$5$3 522SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US##################################### 6. Analysis\c. By Class, Characteristic1 $19$3 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US#################################################### 6. Analysis\d. By Design ID, Characteristic1" $17$5$3 518SymbolF $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US####################################### (By Source UNID) | UNIDX $Source $0$Conflict $DesignID $0Source UNID$ $Source (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US############################ (Symbol Library) | SymbolView~ SymbolType SymbolName" $0$1$Conflict$REF Symbol $0Type.Name2 SymbolType SymbolName" $1Size (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US################################################ 3052. Manage Documents (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US############################################## 3053. Restore Documents (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US############################################# 3034. Open Source Database(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US########################################################## 003(ClassifyUnknowns)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US ########################################################## (IDTable) | IDTable $DesignID 00000000 $DesignID $MacroID $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $4$DesignID$MacroID$2$Conflict $VStatus False $DesignID 00000000 $MacroID 00000000 $4$DesignID$MacroID $4IDR $DesignID 00000000 $DesignID $MacroID $DesignIDDesign ID$MacroIDMacro ID$2Design Name $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US ########################################################## 003(MarkConfirmed)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US## 003(MarkFalsers)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US#### dA>7h 003(MarkFormDisabled)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US ########################################################## 003(MarkFormEnabled)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US 003(MarkUnknown)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US#### 023(RestoreCreate)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US## 012(RestoreSelect)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US## 003(RestoreViaNWall)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US 012(SelectCleaned)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US## 012(SelectConfirmed)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US 012(SelectFalsers)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US## 012(SelectRemoved)(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US## (Source Database List) | SrcList $Source $Source $4$Conflict $Source $Source .NCFH $4Location $Source $Source $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US ########################################################## B8A7721839CECFC3E23409174332E571Lotus NotesRestored DocDC CommentBody_1BodySubject(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US# B8A7721839CECFC3E23409174332E571Lotus NotesRestored MemoDC ReturnReceiptDeliveryReportDeliveryPriorityBodySubjectComposedDateFromBlindCopyToCopyToSendTo(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US ########################################################## ########################################################## [Unknown] $ScanTime $ScanTime $Titleh $$Title $$Title $2Program $Source GroupScan GroupShield NScan $Source $3Server> $Source $4Source Database $Source $DbTitle" $Domain [Unknown] $Domain $Source $Source via $Source $DbTitle file2 root2 file2 file2 $DbTitle file2 root2 $Titleh $$Title $$Title $Source GroupScan GroupShield NScan $Source $DbTitle" $Source $5$9$10$1$6$11$4$Conflict $DesignID $Domain [Unknown] $Domain $Source $Source via $Source $DbTitle file2 root2 file2 file2 $DbTitle file2 root2 $Titleh $$Title $$Title $6Date $11Program $Source GroupScan GroupShield NScan $Source $4Source DatabaseX $DbTitle" $Source $Source $Source $Source $Source via $Source $DbTitle file2 root2 file2 file2 $DbTitle file2 root2 $Titleh $$Title $$Title $Source GroupScan GroupShield NScan $Source $DbTitle" $Source $12$9$10$1$6$11$4$Conflict $DesignID $12x $Source $Source $Source $Source via $Source $DbTitle file2 root2 file2 file2 $DbTitle file2 root2 $Titleh $$Title $$Title $6Date $11Program $Source GroupScan GroupShield NScan $Source $4Source DatabaseX $DbTitle" $Source $Source $Source $Titleh $$Title $$Title $6Date $11Program $Source GroupScan GroupShield NScan $Source $4Source DatabaseX $DbTitle" $Source [Unknown] $Titleh $$Title $$Title $6Date $11Program $Source GroupScan GroupShield NScan $Source $4Source DatabaseX $DbTitle" $Source $VStatus Unknown $VStatus False False Alarm $VStatus $Source $Titleh $$Title $$Title $Antigen $GroupScan $GroupShield 1S2S3S6S7S $Virusnamea 0R1S2S $Antigen Stealth Stealth Virus fileG virus File virus $Antigen repro Notes Virus Notes Bomb 0R6S9S11S17S18S25S27S31S34S36S $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $DbTitle" $Source $2$0$8$10$3$9$Conflict $DesignID $VStatus Unknown $VStatus False False Alarm $VStatus $Source $Titleh $$Title $$Title $10Typev $Antigen $GroupScan $GroupShield 1S2S3S6S7S $Virusnamea 0R1S2S $Antigen Stealth Stealth Virus fileG virus File virus $Antigen repro Notes Virus Notes Bomb 0R6S9S11S17S18S25S27S31S34S36S $3Design Name $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $9Source DatabaseX $DbTitle" $Source $Antigen $GroupScan $GroupShield 1S2S3S6S7S $Virusnamea 0R1S2S $Antigen Stealth Stealth Virus fileG virus File virus $Antigen repro Notes Virus Notes Bomb 0R6S9S11S17S18S25S27S31S34S36S $Antigen $GroupScan $GroupShield $Antigen READONLY $Titleh $$Title $$Title $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID 00000000 $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID" 00000000 $Source $Source $VStatus Unknown $VStatus False False Alarm $VStatus $15$5$10$13$3$12$7$6$ScanTime$Conflict $DesignID $15v $Antigen $GroupScan $GroupShield 1S2S3S6S7S $Virusnamea 0R1S2S $Antigen Stealth Stealth Virus fileG virus File virus $Antigen repro Notes Virus Notes Bomb 0R6S9S11S17S18S25S27S31S34S36S $Antigen $GroupScan $GroupShield $Antigen READONLY $Titleh $$Title $$Title $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID 00000000 $3Design Name $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $12Design ID $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID" 00000000 $7Programb $Source $Source $6Statusx $VStatus Unknown $VStatus False False Alarm $VStatus $ScanTimeDate& list0 $Antigen $GroupScan $GroupShield list1 list0 READONLY| |Read-Only Note Escaped! list2 list1 mleft list2 mright list2 mlist mleft mright mlist $Titleh $$Title $$Title $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID 00000000 $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID" 00000000 $Source $Source $VStatus Unknown $VStatus False False Alarm $VStatus $19$10$13$3$12$7$6$ScanTime$Conflict $DesignID list0 $Antigen $GroupScan $GroupShield list1 list0 READONLY| |Read-Only Note Escaped! list2 list1 mleft list2 mright list2 mlist mleft mright mlist $Titleh $$Title $$Title $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID 00000000 $3Design Name $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $12Design ID $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID" 00000000 $7Programb $Source $Source $6Statusx $VStatus Unknown $VStatus False False Alarm $VStatus $ScanTimeDate& $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID 00000000 $Antigen $GroupScan $GroupShield $Antigen ReadF Unknown Characteristic $Titleh $$Title $$Title $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID 00000000 $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $Antigen $GroupScan $GroupShield $Antigen readonly $Source $Source $VStatus Unknown $VStatus False False Alarm $VStatus $17$5$10$13$3$18$7$6$ScanTime$Conflict $DesignID 00000000 $MacroIDh $DesignID $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID 00000000 $Antigen $GroupScan $GroupShield $Antigen ReadF Unknown Characteristic $Titleh $$Title $$Title $DesignID $DesignID 00000000 $DesignID $MacroIDh $MacroID 00000000 $3Design Name $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $18Class $Antigen $GroupScan $GroupShield $Antigen readonly $7Programb $Source $Source $6Statusx $VStatus Unknown $VStatus False False Alarm $VStatus $ScanTimeDate& Cleaned ......... Source document was cleaned Removed ....... Source document was deleted False Alarm .... Design ID is listed as false alarm Known Virus .... Design ID is listed as confirmed virus Select Documents Choose the selection method to be used. Click OK to proceed. method methv method (SelectCleaned) method (SelectRemoved) method (SelectFalsers) method (SelectConfirmed) Select Error Unknown method specified. Mark as False Alarm Mark as Confirmed Virus Revert to Unknown Virus Enable Stored Form Disable Stored Form Classify Unknown Viruses Manage Documents Choose the procedure to be used. The procedure will operate only on the currently selected documents. Click OK to proceed. method methv method (MarkFalsers) method (MarkConfirmed) method (MarkUnknown) method (MarkFormEnabled) method (MarkFormDisabled) method (ClassifyUnknowns) Manage Document Error Unknown procedure specified. Background .... Restore via server NWall job Clipboard ........ Restore documents to clipboard Stationary ....... Restore into Quarantine Area Restore Documents Select the restoration method to be used. Only the currently selected documents will be restored. Click OK to proceed. method methv ctext RestoreCount| count ctext ctext savecount RestoreCount count method (RestoreViaNWall) method (RestoreCreate) RestoreDocs (RestoreSelect) method (RestoreCreate) Restore Error Unknown method specified. list1 NoCache SrcList dblist list1 Open Source No source databases available at this time. list1 opendb Open Source Database Select the source database you would like to open. dblist server opendb opendb dbase opendb opendb opendb server dbase $DesignID 00000000 $MacroID 00000000 $DesignID 00000000 $DesignID $MacroID 00000000 $MacroID XXXXXXXX fetch NoCache IDTable alarm fetch fetch vfetch NoCache VTable virus vfetchZ vfetch check alarm virus Warning The design ID has been classified as both a false alarm and a confirmed virus. $VStatus.Old $VStatus $VStatus virus Confirmed alarm False Unknown Changed: $VStatus.Old" to " $VStatus" $AuditTrail $VStatus.Old Initialized: $VStatus" $VStatus $VStatus.Old $AuditTrail $AuditTrail $VStatus Unknown $$Title $$Title $$Title $Titleh $Title $$Info $$Infoh $$Info $Info $Info $$Body $$Bodyh $$Body $Body $Body $$WindowTitle $$WindowTitle $$WindowTitle $WindowTitleh $WindowTitle $$AUTOLAUNCH $$AUTOLAUNCHh $$AUTOLAUNCH $AUTOLAUNCH $WindowTitle $Title $Info $Body $WindowTitle $AUTOLAUNCH $Titleh $Info $Body Warning A stored form is already enabled in the document. Do you wish to replace the current stored form? $$Title $$Infoh $$Bodyh Error There is no disabled stored form to enable. This document is either a stealth virus or button bomb and therefore will remain disabled. $Title $$Title $Info $$Info $Body $$Body $WindowTitle $$WindowTitle $AUTOLAUNCH $$AUTOLAUNCH desnid $DesignID count RestoreCount| $Restored count $Antigen $GroupShield $GroupScan $Created $Modified $Synopsis $ScanTime $ScanOptions $ScanType $DesignID $MacroID $Domain $Trace $DbTitle $VStatus $DBReplicaID $VirusName $Virus $ScanParts.X $Comment $AuditTrail $Trust $VStatus.Old Recipients $Recipients.X $Recipients.X Recipientsh Recipients $Hops $$Hops.Xh $$Hops.X $Hops $Hops $Loops $$Loops.X $$Loops.X $Loopsh $Loops $Trace $$Trace.X $$Trace.X $Traceh $Trace BlindCopyTo $BlindCopyTo.Xh $BlindCopyTo.X BlindCopyTo BlindCopyTo $Form.X $Form.X Formh DeliveryReport $DeliveryReport.X $DeliveryReport.X DeliveryReporth DeliveryReport ReturnReceipt $ReturnReceipt.Xh $ReturnReceipt.X ReturnReceipt ReturnReceipt $$Recipients.X $$Hops.X $DeliveryReport.X $ReturnReceipt.X $ScanParts.X $$Loops.X $$Trace.X $$BlindCopyTo.X $$Form.X $$OID.X $$MessageID.X $JobError $$Title desnid 00000000 $$Title isform desnid 00000000 $Title $$Title $$Title $Titleh $Title $Info $$Infoh $$Info $Info $Info $Body $$Bodyh $$Body $Body $Body $WindowTitle $$WindowTitle $$WindowTitle $WindowTitleh $WindowTitle $AutoLaunch $$AutoLaunchh $$AutoLaunch $AutoLaunch $AutoLaunch $$Title $$Info $$Body $$WindowTitle $$AutoLaunch $GroupScanh $GroupScan $GroupShieldh $GroupShield $Antigen READONLYF $DesignID 00000000 $MacroID 00000000 $DesignID 00000000 $DesignID $MacroID 00000000 $MacroID XXXXXXXX fetch $VStatus Confirmed NoCache VTable found fetch fetch found $DesignID 00000000 $MacroID 00000000 $DesignID 00000000 $DesignID $MacroID 00000000 $MacroID XXXXXXXX fetch $VStatus False NoCache IDTable found fetch fetch found $GroupScanh $GroupScan $GroupShieldh $GroupShield $Antigen READONLYF $ScanOptions (VTable) | VTable $DesignID 00000000 $DesignID $MacroID $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $4$DesignID$MacroID$2$Conflict $VStatus Confirmed $DesignID 00000000 $MacroID 00000000 $4$DesignID$MacroID $4IDR $DesignID 00000000 $DesignID $MacroID $DesignIDDesign ID$MacroIDMacro ID$2Design Name $$Title Subject $$Title [Unknown] $$Title [UNKNOWN] $DesignID 00000000 Virus (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######################################################### Show Form VirusVirusDC $VStatus.Old$AuditTrail$Synopsisrms$VStatus$ScanType$GroupScan(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US#################### Show RTF VirusRTFDC $VStatus.Old$AuditTrail$Synopsisrms$VStatus$ScanType$GroupScan(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US####################### SymbolMessageSource(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######### SymbolDeadMailResult(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######## SymbolCleanMailResult(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US####### SymbolNwallModule(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US########### SymbolSweeperModule(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######### SymbolNshieldModule(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######### SymbolDeadDocResult(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######### SymbolCleanDocResult(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######## SymbolFirewallModule(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######## SymbolNscanModule(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US########### SymbolSentryModule(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US########## SymbolDocumentSource(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######## SymbolNoAccessResult(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######## SymbolSkipMailResult(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######## SymbolSkipDocResult(c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US######### (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US#################################################### (c) 1995-1997 Sybari Software Inc. All rights reserved. CN=Gregory Tetrault/O=Sybari/C=US############################################ ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## ########################################################## New Memo Subject Subject Subject "Arial 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 93Sqi9 9iqS39 iUqU.9 i9S.3 UqU.9U 3.Uqi .UqS.3 qU.3q 'US@ 'US@ 'US@ 'US@ 'US@ <a>7`^///"" '''''''' UUUUUUUU ogramT SSSSSSSS qqqqqqqqd Restored Document '+'+'+'+'+'+'+'+'+'+'+'+ JRJRJ@ R[R[R@ JIJIJIJIJIJIJI RJRJRJRJRJRJRJ@ [R[R[R[R[R@ RJRJRJ@ JIJIJIJIJIJI RJRJRJRJRJRJ@ JRJRJ@ R[R[R@ JIJIJIJIJIJIJI RJRJRJRJRJRJRJ@ [R[R[R[R[R@ @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ (None Availa IIIIIIII JJJJJJJJ RRRRRRRR [[[[[[[[ R[R[R[R[ Source Server $Source Source DatabaseF $Source Source UNID $Source _UNID Document Status $Restored $Restored Not restored $Restored Queued for restore $Restored Restore complete $Restored Ready for clipboard Restored $Restored times" _Copiedr [R[R@ RJRJR R[R[R RJRJR R[R[R R[R[R [R[R@ RJRJR R[R[R @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ IIIIIIII JJJJJJJJ RRRRRRRR [[[[[[[[ '+'+'+'+ '+'+'+'+ $Source $Source Open Source Mail Forward Document Info Form: $Titleh $Title Formh [Default] _FromSubject of document Subject: Title Subject Categories" $Title" SubjectSubject of document BodyBody of memo. Body_1Body of memo.W CommentBody of memo. [R[R@ RJRJR R[R[R RJRJR R[R[R R[R[R [R[R@ RJRJR R[R[R @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ IIIIIIII JJJJJJJJ RRRRRRRR [[[[[[[[ Source information goes here: Replace module and version with dbtitle,domain New Memo Subject Subject Subject "Arial 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 93Sqi9 9iqS39 iUqU.9 i9S.3 UqU.9U 3.Uqi .UqS.3 qU.3q 'US@ 'US@ 'US@ 'US@ 'US@ <a>7`^///"" ''''''''___R BUUUUUUUUA @SSSSSSSS@ <qqqqqqqq"" Restored b Mail Message '+'+'+'+'+'+'+'+'+'+'+'+ JRJRJ@ R[R[R@ JIJIJIJIJIJIJI RJRJRJRJRJRJRJ@ [R[R[R[R[R@ RJRJRJ@ JIJIJIJIJIJI RJRJRJRJRJRJ@ JRJRJ@ R[R[R@ JIJIJIJIJIJIJI RJRJRJRJRJRJRJ@ [R[R[R[R[R@ @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ (None Availa IIIIIIII JJJJJJJJ RRRRRRRR [[[[[[[[ R[R[R[R[ Source Server $Source Source Database $Source Source UNID $Source _UNID Document Status $Restored $Restored Not restored $Restored Queued for restore $Restored Restore complete $Restored Ready for clipboard Restored $Restored times" _Copied [R[R@ RJRJR R[R[R RJRJR R[R[R R[R[R [R[R@ RJRJR R[R[R @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ IIIIIIII JJJJJJJJ RRRRRRRR [[[[[[[[ '+'+'+'+ '+'+'+'+ $Source $Source Open Source Address... Check Names SendToY SendTo Need Recipient You must enter a recipient for your memo Send... Document Infoc $Source $Source Open Source SendToY SendTo Need Recipient You must enter a recipient for your memo Send... choice Reply Choices Choose the type of reply to send Reply Reply Reply with Original Text Choice Reply Reply Reply Replye Choice Reply Choices Choose the type of reply to send Reply To All Reply To All Reply To All With Original Text Choice Reply To All Reply To _All Reply To _All Reply To All... Forward Document Info SendTo} SendTo You must enter a recipient for your memo. SendToList of primary people to send memo. CopyTo} CopyToList of people to send a copy of the memo. DeliveredDate BlindCopyTo (bcc: BlindCopyTo DisplayBlindCopyTo bcc: l BlindCopyTo BlindCopyToList of undisclosed people to send copies of memo. Recipients SendTo CopyTo BlindCopyTo RecipientsDocument recipients From: FromPerson memo is from. FromDomain FromDomain" DisplayFromDomainDisplay the FromDomain. Date: PostedDateY PostedDateJ DisplayDateTime/date memo was created or mailed. ComposedDateTime/date memo was composed. Subject: B PhoneCaller Phone Call: PhoneCaller Subject SubjectSubject of memo. BodyBody of memo. [R[R@ RJRJR R[R[R RJRJR R[R[R R[R[R [R[R@ RJRJR R[R[R @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ IIIIIIII JJJJJJJJ RRRRRRRR [[[[[[[[ Priority: Normal DeliveryPriorityPriority: Normal, High (immediate delivery), Low (overnight delivery). High|HLow|LNormal|N@ Delivery: DeliveryReportConditions upon which failure report will be sent back to you. Basic|BConfirmed|CNo Report|N Receipt: ReturnReceipt ReturnReceipt ReturnReceiptReturn receipt requested. No|0Yes|1 [R[R@ RJRJR R[R[R RJRJR R[R[R R[R[R [R[R@ RJRJR R[R[R @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ IIIIIIII JJJJJJJJ RRRRRRRR [[[[[[[[ nV$DesignVersion$Version$Formula$FormulaClass$Collation$Copyright$UpdatedByIconBitmap$TITLE$Info$FlagsSymbolNameSymbolTypesmr$Fields$Body$WindowTitle$Antigen$ScanOptions$Created$Modified$DesignID$DBTITLE$DOMAIN$Source$VStatusFrom$Recipients.X$MessageID.X$Comment$Index$FormulaTV$ViewFormat$Fonts$FormFormula$Type$Operation$Scan$LeftToDo$$XMB$LicenseeComposedDateSubjectBodyBody_1CommentSendToCopyToBlindCopyToDeliveryPriorityDeliveryReportReturnReceipt$$ScriptName$GroupScan$ScanType$Synopsis$AuditTrail$VStatus.OldForm Virus: $$Title [Unknown] $$Title &Arial "Small Fonts Virus $GroupScanh $GroupScan $GroupShieldh $GroupShield $Antigen $GroupScan $Source Message Document Remote RouteServersh Routed Local $ScanType Source. $ScanType SymbolView LoadSSymbol Module. $Source SymbolView LoadMSymbol $Source sentry nshield Message $ScanType $GroupScan READONLYF $ScanOptions Result.NoAccess Result.SkipDoc Result.SkipMail Result.DeadDoc Result.DeadMail Result.CleanDoc Result.CleanMail SymbolView LoadRSymbol 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 93Sqi9 9iqS39 iUqU.9 i9S.3 UqU.9U 3.Uqi .UqS.3 qU.3q 'US@ 'US@ 'US@ 'US@ 'US@ <a>7`^///"" ''''''''it on the ClipboUUUUUUUU selection isn'tSSSSSSSS from its currenqqqqqqqqon.<Places the c of the Clipboard Quarantined $GroupScanb REPRO STEALTH prefix Stealthed Notes Trojan suffix Virus FIELD|G prefix Form" suffix" BUTTON| prefix Hotspot suffix" EXCEEDED SIZE Oversized File FILE| Infected File OLE1| prefix OLE Object" suffix" prefix Macro suffix" _Class W4W10F/V2 WordPerfect <a>7`^///"" esign mode; se rrrrrrrr ffffffff [cc[c[[c [[[[[[[[ L[LL[L[[ LLLLLLLL ;;;;;;;; gYou may notccccccccDocument Link in44444444field unless the........to database is t nt database.eYou tempted to load frrfrffrinto a form thatcffcfccfs a table. Nest;;L;LL;Ls are not allowe44;4;;4;on 1 Bitmap bigg.4..4.4464K bytes; Expor Time of Detection: $ScanTime $ScanTime _Time Document Status: SAVE EDIT .IBMP - (C) C The name of the design in a stored form. This is actually the value of the $TITLE field of the source document. If a title is not found, then the design ID is used as the name. Design Name $DesignID $$Title (Unknown) $$Title (UNKNOWN) $$Title $DesignID $$Title $$Title $$Title $$Title _DesignName Detected $GroupScanj $GroupScan READONLYG _VCount Viral Characteristic $GroupScanj count $GroupScan READONLYG count .IBMP - (C) C $GroupScanj $GroupScan READONLYG $GroupScan $GroupScan outlen nlist outlenk flist1 flist2 flist1 has flist3 flist1 ILE|_ flist4 flist3 File attachment flist flist4 flist2 FILE| blist1 flist1 UTTON|_ blist blist1 found in button return nlist flist blist outlen return (See analysis for more characteristics) return _Virus .IBMP - (C) C Unknown Virus SaveOptions $VStatus $VStatusIs this document a confirmed virus or a false alarm? Unknown Virus | UnknownConfirmed Virus | ConfirmedFalse Alarm | False $AuditTrail No changes have been made. $AuditTrail wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp wwwwwww wwwwwwwp wwwwwww wwwwwwwwwp wwwwwwwp wwwwwwwwwp wwwwwwwp wwwwwwwwwp wwwwwwwp wwwwwwwwwp wwwwwwww wwwwwwwwwp wwwwwwww wwwwwwwwwp wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ DISPOSITION <a>7`^///"" esign mode; se rrrrrrrr ffffffff [cc[c[[c [[[[[[[[ L[LL[L[[ LLLLLLLL ;;;;;;;; gYou may notccccccccDocument Link in44444444field unless the........to database is t nt database.eYou tempted to load frrfrffrinto a form thatcffcfccfs a table. Nest;;L;LL;Ls are not allowe44;4;;4;on 1 Bitmap bigg.4..4.4464K bytes; Expor Click icons for details Has Stored Form: $Body $$Bodyh OLE Attachments: File Attachments: r Has Encryption: $Seal $SealData Encrypt Note Attributes: $ScanType _Source $ScanType MESSAGE $Created wwwwwwx wwwwwww wwwwwww wwwwwwx @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ Scan mode: $GroupScan READONLYG Scan Only $ScanOptions Delete Clean Scan files: $ScanOptions Scan OLE: $ScanOptions Scan RTF: $ScanOptions Scan form: $ScanOptions Scanner Version $Source Scanner Settings: mode" $Source $Created# $ScanType MESSAGE Time Elapsed: wwwwwwx wwwwwww wwwwwww wwwwwwx @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ dispo $GroupScan READONLYG not modified. $ScanOptions deleted. cleaned. $GroupScan FIELD|G Stored form: REMOVED $GroupScan BUTTON| Hotspots: DISABLED" $GroupScan OLE1| OLE Trojan: REMOVED" $GroupScan FILE| Infected File: CURED $GroupScan FORMFLAG| AUTORUN| Auto-Launch: DISABLED" Note Disposition: Source document was " dispo $Source sentry nshield Message $ScanType $GroupScan READONLYF $ScanOptions Read Denied Skipped Deleted Cleaned _Result $ScanType <a>7`^///"" esign mode; se rrrrrrrr ffffffff [cc[c[[c [[[[[[[[ L[LL[L[[ LLLLLLLL ;;;;;;;; gYou may notccccccccDocument Link in44444444field unless the........to database is t nt database.eYou tempted to load frrfrffrinto a form thatcffcfccfs a table. Nest;;L;LL;Ls are not allowe44;4;;4;on 1 Bitmap bigg.4..4.4464K bytes; Expor The Notes user name that initiated the source document read or write transaction. For CLEAN, this name always equals the source server since CLEAN operates under the server ID. For SENTRY, it is the name of the user who initiated the read or write. $ScanType Message Sent From User Name _PUser $ScanType Message $Source $ScanType Message $Source _User The source document creation date and time. Date Created $Created _Created The source document last modified date and time. Date Modified $Modified _Modified A unique ID computed from the stored form of the source document and used by the false alarm facility. Two documents with identical stored forms ($INFO,$BODY) will have the same design ID. Note that viruses without a stored form (button bombs, stealth forms, ...) do not have a design ID. Design ID $DesignID _DesignID The name of server where the virus was detected. Source Server $Source $Source $Domain $Domain _Server The file specification of the database that contained the source document. Database File $Source $Source _Database $ScanType Message Message ID Database Title _DBTMID $DBTITLE $ScanType Message $MessageID.X _DBTitle The universal note ID of the source document when it was found on the source server, in the source database file. To identify a document by UNID, create a view in the source database sorted by the formula @Text(@DocumentUniqueID). This formula returns the UNID of any document. $ScanType Message Recipients Source UNID _SrcRecip rlist1 $Recipients.X $Recipients.X Recipients rlist2 rlist1 rlist3 rlist2 rlist rlist3 rlist3 rlist3 $ScanType Message rlist $Source _UNID ANALYSIS <a>7`^///"" esign mode; se rrrrrrrr ffffffff [cc[c[[c [[[[[[[[ L[LL[L[[ LLLLLLLL ;;;;;;;; gYou may notccccccccDocument Link in44444444field unless the........to database is t nt database.eYou tempted to load frrfrffrinto a form thatcffcfccfs a table. Nest;;L;LL;Ls are not allowe44;4;;4;on 1 Bitmap bigg.4..4.4464K bytes; Expor $Synopsis Copyright 1995-1997 Sybari Software Incorporated. All rights reserved. GroupScan/GroupShield was designed and written by G. Tetrault of Sybari Software for McAfee Associates. W4W10F/V2 WordPerfect 1a $AuditTrail Changed: $VStatus.Old" to " $VStatus" $VStatus.Old Initialized: $VStatus" $VStatus $VStatus.Old $AuditTrail $AuditTrail $AuditTrail Compute audit trail on false alarm changes W4W10F/V2 WordPerfect 0a $VStatus $VStatus.Old $VStatus.Old Used to detect changes to false alarm field Designed and written by Gregory Tetrault for Sybari Software Incorported. Completed 6/22/95. Virus: $$Title [Unknown] $$Title &Arial "Small Fonts Virus $GroupScanh $GroupScan $GroupShieldh $GroupShield $Antigen $GroupScan $Source Message Document Remote RouteServersh Routed Local $ScanType Source. $ScanType SymbolView LoadSSymbol Module. $Source SymbolView LoadMSymbol $Source sentry nshield Message $ScanType $GroupScan READONLYF $ScanOptions Result.NoAccess Result.SkipDoc Result.SkipMail Result.DeadDoc Result.DeadMail Result.CleanDoc Result.CleanMail SymbolView LoadRSymbol 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 'US@ 93Sqi9 9iqS39 iUqU.9 i9S.3 UqU.9U 3.Uqi .UqS.3 qU.3q 'US@ 'US@ 'US@ 'US@ 'US@ <a>7`^///"" '''''''' BUUUUUUUU @SSSSSSSS qqqqqqqq Quarantined $GroupScanb REPRO STEALTH prefix Stealthed Notes Trojan suffix Virus FIELD|G prefix Form" suffix" BUTTON| prefix Hotspot suffix" EXCEEDED SIZE Oversized File FILE| Infected File OLE1| prefix OLE Object" suffix" prefix Macro suffix" _Class W4W10F/V2 WordPerfect <a>7`^///"" rrrrrrrr ffffffff [cc[c[[c [[[[[[[[ L[LL[L[[OOOB BLLLLLLLL P7;;;;;;;; F(cccccccc %44444444 i3........ 3frrfrffrr cffcfccfrrrrrrrr ;;L;LL;Lffffffff 44;4;;4;[cc[c[[c .4..4.44[[[[[[[[ Time of Detection: $ScanTime $ScanTime _Time Document Status: SAVE EDIT .IBMP - (C) C Detected $GroupScanj $GroupScan READONLYG _VCount Viral Characteristic $GroupScanj count $GroupScan READONLYG count .IBMP - (C) C $GroupScanj $GroupScan READONLYG $GroupScan $GroupScan outlen nlist outlenk flist1 flist2 flist1 has flist3 flist1 ILE|_ flist4 flist3 File attachment flist flist4 flist2 FILE| blist1 flist1 UTTON|_ blist blist1 found in button return nlist flist blist outlen return (See analysis for more characteristics) return _Virus .IBMP - (C) C Unknown Virus SaveOptions $VStatus $VStatusIs this document a confirmed virus or a false alarm? Unknown Virus | UnknownConfirmed Virus | ConfirmedFalse Alarm | False $AuditTrail No changes have been made. $AuditTrail wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp wwwwwww wwwwwwwp wwwwwww wwwwwwwwwp wwwwwwwp wwwwwwwwwp wwwwwwwp wwwwwwwwwp wwwwwwwp wwwwwwwwwp wwwwwwww wwwwwwwwwp wwwwwwww wwwwwwwwwp wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ DISPOSITION <a>7`^///"" rrrrrrrr ffffffff [cc[c[[c [[[[[[[[ L[LL[L[[OOOB BLLLLLLLL P7;;;;;;;; F(cccccccc %44444444 i3........ 3frrfrffrr cffcfccfrrrrrrrr ;;L;LL;Lffffffff 44;4;;4;[cc[c[[c .4..4.44[[[[[[[[ Click icons for details Has Stored Form: $Body $$Bodyh OLE Attachments: File Attachments: r Has Encryption: $Seal $SealData Encrypt Note Attributes: $ScanType _Source $ScanType MESSAGE $Created wwwwwwx wwwwwww wwwwwww wwwwwwx @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ Scan mode: $GroupScan READONLYG Scan Only $ScanOptions Delete Clean Scan files: $ScanOptions Scan OLE: $ScanOptions Scan RTF: $ScanOptions Scan form: $ScanOptions Scanner Version $Source Scanner Settings: mode" $Source $Created# $ScanType MESSAGE Time Elapsed: wwwwwwx wwwwwww wwwwwww wwwwwwx @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ dispo $GroupScan READONLYG not modified. $ScanOptions deleted. cleaned. $GroupScan FIELD|G Stored form: REMOVED $GroupScan BUTTON| Hotspots: DISABLED" $GroupScan OLE1| OLE Trojan: REMOVED" $GroupScan FILE| Infected File: CURED $GroupScan FORMFLAG| AUTORUN| Auto-Launch: DISABLED" Note Disposition: Source document was " dispo $Source sentry nshield Message $ScanType $GroupScan READONLYF $ScanOptions Read Denied Skipped Deleted Cleaned _Result $ScanType <a>7`^///"" rrrrrrrr ffffffff [cc[c[[c [[[[[[[[ L[LL[L[[OOOB BLLLLLLLL P7;;;;;;;; F(cccccccc %44444444 i3........ 3frrfrffrr cffcfccfrrrrrrrr ;;L;LL;Lffffffff 44;4;;4;[cc[c[[c .4..4.44[[[[[[[[ The Notes user name that initiated the source document read or write transaction. For CLEAN, this name always equals the source server since CLEAN operates under the server ID. For SENTRY, it is the name of the user who initiated the read or write. $ScanType Message Sent From User Name _PUser $ScanType Message $Source $ScanType Message $Source _User The source document creation date and time. Date Created $Created _Created The source document last modified date and time. Date Modified $Modified _Modified A unique ID computed from the stored form of the source document and used by the false alarm facility. Two documents with identical stored forms ($INFO,$BODY) will have the same design ID. Note that viruses without a stored form (button bombs, stealth forms, ...) do not have a design ID. Macro ID $MacroID _DesignID The name of server where the virus was detected. Source Server $Source $Source $Domain $Domain _Server The file specification of the database that contained the source document. Database File $Source $Source _Database $ScanType Message Message ID Database Title _DBTMID $DBTITLE $ScanType Message $MessageID.X _DBTitle The universal note ID of the source document when it was found on the source server, in the source database file. To identify a document by UNID, create a view in the source database sorted by the formula @Text(@DocumentUniqueID). This formula returns the UNID of any document. $ScanType Message Recipients Source UNID _SrcRecip rlist1 $Recipients.X $Recipients.X Recipients rlist2 rlist1 rlist3 rlist2 rlist rlist3 rlist3 rlist3 $ScanType Message rlist $Source _UNID ANALYSIS <a>7`^///"" rrrrrrrr ffffffff [cc[c[[c [[[[[[[[ L[LL[L[[OOOB BLLLLLLLL P7;;;;;;;; F(cccccccc %44444444 i3........ 3frrfrffrr cffcfccfrrrrrrrr ;;L;LL;Lffffffff 44;4;;4;[cc[c[[c .4..4.44[[[[[[[[ $Synopsis Copyright 1995-1997 Sybari Software Incorporated. All rights reserved. GroupScan/GroupShield was designed and written by G. Tetrault of Sybari Software for McAfee Associates. W4W10F/V2 WordPerfect 1a $AuditTrail Changed: $VStatus.Old" to " $VStatus" $VStatus.Old Initialized: $VStatus" $VStatus $VStatus.Old $AuditTrail $AuditTrail $AuditTrail Compute audit trail on false alarm changes W4W10F/V2 WordPerfect 0a $VStatus $VStatus.Old $VStatus.Old Used to detect changes to false alarm field Microsof ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### Y.NSF @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### """" wwwww @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### Name: @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### Name: @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ ########################### ####### @ @@ @` @ @@ @@@@@`@@ `@ `@@`@``@ EVALUATION COPY |W4W10F/V2 WordPerfect <a>7`^///"" requested. *.CGM Excel 4.0/ Image *.TIF Ami Pro -with Text F 5._IW4W GroupShield Quarantine Area The GroupShield product suite is a complete solution to the problem of viruses in the Notes environment. It provides a number of sophisticated features such as: diagnosis and analysis information of all suspected viruses, a false alarm facility and the ability to scan file attachments using the industry leading McAfee virus scanning engine. The Quarantine Area is the repository for information about viruses, button bombs, mail bombs, and trojan forms that have been detected and defeated. Help is available from the "Using Quarantine Area" help menu and from the online documentation. Copyright 1996-1997 by McAfee, Inc. All rights reserved. Notes security technology licensed from Sybari Software Inc. Symbol Quarantine Area Views PECIAL ARKERS Each view of the Quarantine Area includes a column that displays special red markers to indicate the status of 'stored forms' embedded in the document. Each marker will be displayed under the following conditions: This marker indicates that the document contains a disabled stored form. The 'Enable Stored Form' may be used to enable the stored form. Be sure to use caution before enabling any stored form isolated by GroupShield. This marker indicates that the document contains a stored form that is enabled. That means when the document is opened, the embedded stored stored form will be executed. Please note that GroupShield is disabled for the Quarantine Area, leaving the current workstation vulnerable to attack if a destructive stored form is executed. The stored form may be disabled using the 'Disable Stored Form' macro. Normally this marker will never appear. Quarantine Area Procedures fo; $Info); FIELD $Body := @If(@IsAvail ESTORE fo; $Info); FIELD $Body := @If(@IsAvail RIGINAL fo; $Info); FIELD $Body := @If(@IsAvail OCUMENT3 <<<+++ DDD""" www 33333f33 f33f3ff3 3f33ff3f ff3fffff <<<+++ DDD""" www 33333f33 f33f3ff3 3f33ff3f ff3fffff WHEN TO... Use this procedure when you wish to restore isolated documents to their respective source databases the documents are not to be used as false alarm indicators. When documents are first isolated by GroupShield, they contain all the data of the original document plus additional data used for analysis and classification. If the source document contained a 'stored form' then the 'stored form' is disabled but present in the isolated document. So the procedure to restore has basically two parts: the first part is to cleanup the document itself and the second part is to inject the document back into the source database. HOW TO... Use the following steps as a guide for restoring isolated documents to the database where the document was originally isolated. Step 1. Select the documents you wish to restore from any view except the Restored Documents view. Step 2. Run the macro "Restore Original Document" from the Tools menu. This will remove all GroupShield data from the document and restore certain source document fields. All the selected documents will disappear from the current view and become listed in the Restored Documents view. NOTE: If a selected document was previously marked as a false alarm, you will receive a warning message. If you choose to proceed, the false alarm will be removed from the list of active false alarms. Use the next procedure if you need to restore the document maintain a false alarm list entry. Step 3. Open the Restored Documents view. You will see all of the restored documents organized by date. Step 4. Open each document that needs to be restored. When opened, each document will be displayed with either a default mail form or a default document form. The presence of certain mail-specific fields (Recipients, SendTo) determine which default form is used. If you need to force all documents to be opened with the default document form, run the macro 'Toggle Restored Display Mode'. Step 5. If the document is displayed with the default mail form, use the standard button macros "Send", "Reply", and/or "Forward" to resend the message. If the document is displayed with the default document form, use the "Restore to Source" button to copy the document into the source database. You can then use the "Open Source" button to open the source database for inspection. Step 6. (Optional) After the document has been restored, delete the document from the Quarantine Area. ESTORE OPY OF fo; $Info); FIELD $Body := @If(@IsAvail OCUMENT <<<+++ DDD""" www 33333f33 f33f3ff3 3f33ff3f ff3fffff WHEN TO... Use this procedure when you wish to restore isolated documents to their respective source databases you wish to retain the original isolated document. The reason for retaining the isolated documents is usually to maintain historical incident data or to maintain a false alarm list entry if the document has been marked a false alarm. Recall that a false alarm entry enables GroupShield to skip documents with identical design characteristics that would otherwise be isolated. The actual procedure to restore has basically two parts: the first part is to cleanup the document itself and the second part is to inject the document back into the source database. HOW TO...f Use the following steps as a guide for restoring isolated documents to the database where the document was originally isolated.f Step 1. Select the documents you wish to restore from any view except the Restored Documents view. Step 2. Run the macro "Restore Copy of Document" from the Tools menu. This will remove all GroupShield data and restore certain source document fields from a copy of the original isolated document. All of the selected documents will remain visible in the current view and the copies will become listed in the Restored Documents view. NOTE: If a selected document contains a stored form and has not been marked as a false alarm, an error message will appear and the document will not be processed. In this case, either mark the document as a false alarm, or use the procedure described above to restore the document. Step 3. Open the Restored Documents view. You will see all of the restored documents organized by date.f Step 4. Open each document that needs to be restored. When opened, each document will be displayed with either a default mail form or a default document form. The presence of certain mail-specific fields (Recipients, SendTo) determine which default form is used. If you need to force all documents to be opened with the default document form, run the macro 'Toggle Restored Display Mode'. Step 5. If the document is displayed with the default mail form, use the standard button macros "Send", "Reply", and/or "Forward" to resend the message. If the document is displayed with the default document form, use the "Restore to Source" button to copy the document into the source database. You can then use the "Open Source" button to open the source database for inspection.f Step 6. (Optional) After the document has been restored, delete the document from the Quarantine Area. REATE3 ALSE 3 <<<+++ DDD""" www 33333f33 f33f3ff3 3f33ff3f ff3fffff WHEN TO... Use this procedure when you want to identify to GroupShield a trusted document design. In some instances, sophisticated mail-enabled applications may contain virus-like behavior but in fact are not viruses. Although this is quite rare in practice, it can happen. The false alarm facility of GroupShield allows you to identify a single instance of the design as a false alarm so that GroupShield will skip all other documents that contain an identical design. The facility will however only work on 'stored form' designs and not on rich text elements such as button and hotspots or file attachments. HOW TO... Use the following procedure to mark a document as a false alarm. Step 1. Open the document from any view except the Restored Documents view. When the document opens, a series of radio buttons will appear in the top right corner of the window. If a radio button marked "False Alarm" is not present, then this document does not contain a stored form and cannot be marked as a false alarm. Step 2. Switch the document into Edit mode by pressing Ctrl-E or using the equivalent menu command. Step 3. Click the radio button marked "False Alarm" and save the document. The document will remain visible in the current view but will now also be visible in the False Alarms view. NOTE: An audit trail is maintained on all changes made to the document status. Click the hotspot located just below the radio buttons and labeled "Audit Trail". A list of all changes, including changes to and from false alarm status will be displayed in a popup window. ONFIRMING <<<+++ DDD""" www 33333f33 f33f3ff3 3f33ff3f ff3fffff WHEN TO... Use this procedure when you want to identify to GroupShield a confirmed virus incident. This is useful for tracking viruses and identifying future viruses. HOW TO...f Use the following procedure to mark a document as a false alarm. Step 1. Open the document from any view except the Restored Documents view. When the document opens, a series of radio buttons will appear in the top right corner of the window.3 Step 2. Switch the document into Edit mode by pressing Ctrl-E or using the equivalent menu command. Step 3. Click the radio button marked "Confirmed" and save the document. The document will remain visible in the current view but will now classified as a confirmed virus. NOTE: An audit trail is maintained on all changes made to the document status. Click the hotspot located just below the radio buttons and labeled "Audit Trail". A list of all changes, including changes to and from confirmed status will be displayed in a popup window.