home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
HomeWare 14
/
HOMEWARE14.bin
/
virus
/
3nsh160.arj
/
NETSHLD.DOC
< prev
next >
Wrap
Text File
|
1994-03-30
|
54KB
|
1,486 lines
NETSHIELD Version 1.6
for Novell NetWare v3.11, v3.12 and SFT-III v3.11
Copyright 1992, 1993 by McAfee Associates, Inc.
Copyright 1994 by McAfee, Inc.
Documentation by Aryeh Goretsky and Logical Arts
McAfee Associates, Inc TEL (408) 988-3832
2710 Walsh Avenue, Suite 200 FAX (408) 970-9727
Santa Clara, California BBS (408) 988-4004
95051-0963 CompuServe GO MCAFEE
USA Internet support@mcafee.com
America Online MCAFEE
TABLE OF CONTENTS
Chapter 1: INTRODUCTION . . . . . . . . . . . . . . . 1
- How to use this manual . . . . . . . . . . . . . . 3
- What NETShield includes. . . . . . . . . . . . . . 4
- System Requirements. . . . . . . . . . . . . . . . 5
- License and Registration . . . . . . . . . . . . . 5
- Validating NETShield . . . . . . . . . . . . . . . 6
- Technical Support. . . . . . . . . . . . . . . . . 7
Chapter 2: INSTALLATION . . . . . . . . . . . . . . . 10
- Customizing NETShield. . . . . . . . . . . . . . . 11
Chapter 3: NETSHIELD'S MENUS. . . . . . . . . . . . . 12
- Available Options. . . . . . . . . . . . . . . . . 12
- Configuration Options. . . . . . . . . . . . . . . 13
- Report Options . . . . . . . . . . . . . . . . . . 22
- Updating Options . . . . . . . . . . . . . . . . . 23
Chapter 4: WHAT TO DO IF A VIRUS IS FOUND . . . . . . 24
Apppendix A: TROUBLESHOOTING. . . . . . . . . . . . . 25
- NETShield does not load, diplays "IsColorMonitor". 25
NETSHIELD for NetWare v3.x Version 1.6 Page 1
Chapter 1: INTRODUCTION
Welcome to NETShield, a powerful and advanced system designed to
detect computer viruses on NetWare v3.11, v3.12, and SFT-III v3.11
servers. NETShield watches as network users, the most likely
source of infected files, copy files to the network.
NETShield is a NetWare Loadable Module (NLM). This allows it to
integrate easily into your NetWare environment and function
independently of any workstation, guaranteeing that your network
is always protected.
NETShield is Tested and Approved compatible as an NLM utility by
Novell, Inc. for use with NetWare v3.11, v3.12, and SFT-III v3.11.
It is important that you install and configure NETShield
correctly for your particular network. As you set up NETShield,
you'll complete the tasks necessary to maintain a virus-free
network. Use this task list as a "roadmap" for applying the
information in this reference to your network.
Task 1: Installation
You'll install NETShield on every server at your site. The
NETShield NLM will be copied to your SYS:SYSTEM directory, and
your server will be configured to load NETShield automatically
whenever you restart it. See Chapter 2, Installation, for
details.
o If you use a bootable floppy diskette to start your
server, make sure that the boot diskette is clean of
any viruses. The documentation for VirusScan , McAfee
Associates' virus scanning program for PC's, describes
a procedure for creating a clean bootable diskette.
Task 2: Configuration
Set NETShield to scan all files transferred to the server, using
the "On-Access" scanning settings. Also set it to run scans at
regular intervals, using the "Periodic" scanning settings. Turn
CRC, Cyclic Redundancy Checking, on if you have a stable file
environment. CRC checking verifies that mathematic "check sums"
stay consistent for files; if files are changed often, then an
error in the check sums will be reported. See "Configuring
NETShield" in Chapter 3, NETShield Menus, for details.
Task 3: Scanning
Once you've configured NETShield, it will automatically scan in
the background. The NETShield NLM will be running as long as
your NetWare server is running.
NETSHIELD for NetWare v3.x Version 1.6 Page 2
Task 4: Reporting
NETShield can inform you when a virus is found, both by
broadcasting a network message to selected users and by recording
the information in a log file. It can then move or delete the
infected file. We recommend that you set up NETShield to log
infections in a file, notify the network supervisor, and move
infected files into a "quarantine" directory for later
inspection. See "Reporting" in Chapter 3, NETShield Menus, for
details.
Task 5: Updating
As new viruses are found, McAfee Associates will release new
virus signature files for you to install. When you receive an
update, or download one from the McAfee BBS, update one server
and enable cross-server updating so that the new list is copied
to the other servers over the network.
Task 6: Virus elimination
Once you've identified and isolated an infected file, eliminate
the virus using other McAfee Associates' ViruScan, VShield and
Clean-Up. VirusScan does periodic scanning of both standalone
PC's and networks, VShield does continuous checking on PC's, and
Clean-Up removes viruses from both standalone PC's and networks
NETSHIELD for NetWare v3.x Version 1.6 Page 3
HOW TO USE THIS MANUAL
This manual will help you get NETShield running quickly and
properly.
Chapter 1 describes the program and files on your NETShield
diskette, system requirements, how to license, and how to get
help.
Chapter 2 describes how to install NETShield.
Chapter 3 contains reference information laid out in a format
that matches the NETShield menus. If you're having trouble
navigating the menus, look for the guides at the start of each of
these chapters.
Chapter 4 tells you what to do if you find a virus.
NOTATION
In this manual, different conventions distinguish particular
kinds of text.
Convention Example Represents
Curly braces {filename} Optional element;
do not type
braces { }
Parenthesized options (Deactivate) Context-sensitive
"toggled" options
which switch from
the current state
to the alternate
(indicated by the
current menu item
text).
NETSHIELD for NetWare v3.x Version 1.6 Page 4
WHAT NETSHIELD INCLUDES
The NETSHIELD distribution file includes the the NETShield
NetWare Loadable Module, various informative text files, and the
Validate program.
When you download files from McAfee Associates, use Validate to
ensure that the software you've downloaded is authentic. See
"Validating NETShield," later in this chapter, for instructions.
File Name Description
NETSHLD.NLM NetWare Loadable Module for NetWare v3.x.
VIR.DAT Virus signature file.
VIR$CFG.DAT Default configuration file.
README.1ST Quick start, version-specific, and validation
information text file.
VIRLIST.TXT List and characteristics of most viruses
detected by NETShield
VALIDATE.COM Validate program for DOS .
VALIDATE.DOC Documentation text file for Validate.
AGENTS.TXT List of McAfee authorized agents.
COMPUSRV.NOT CompuServe membership text file
LICENSE.DOC Licensing agreement text file.
REGISTER.DOC License quotation request text file.
NETSHIELD for NetWare v3.x Version 1.6 Page 5
SYSTEM REQUIREMENTS
NETShield requires a Novell NetWare v3.11, v3.12, or
SFT-III v 3.11, file server with at least 718Kb of free
server RAM. It should utilize no more than 10% of server
CPU time.
NETShield for NetWare v3.x requires you to load Novell's
SPXFIX2.NLM. This .NLM can be found inside the Novell
STRTL2.EXE collection of patches for NetWare v3.x. A copy
of this can be obtained from Novell or downloaded from our
BBS.
NETShield for NetWare v3.x should not be loaded
simultaneously with other antivirus NLM's.
NETShield is not compatible with NetWare/386 v3.10.
LICENSE AND REGISTRATION
NETShield is distributed for evaluation purposes only by McAfee
Associates for a trial period not to exceed five (5) days. At
the end of the trial period, you are required to remove the
NETShield software from your server.
If you wish to use NETShield after the trial period, you must
obtain a license from McAfee Associates. Licenses are available
for internal use within businesses, organizations, government
agencies and educational institutions and external use by repair
centers and other service organizations. License fees are based
on the number of servers present. For further information
please refer to the enclosed LICENSE.DOC text file.
NETSHIELD for NetWare v3.x Version 1.6 Page 6
VALIDATING NETSHIELD
When you download a program from any source other than directly
from McAfee Associates, it's important to verify that it is
authentic, unaltered, and uninfected by a computer virus. McAfee
Associates anti-virus software includes a program called Validate
which helps you do this.
When you receive a new version of NETShield, run Validate on all
of the program files. Here's how to do this for NETShield:
Start from the system prompt (C:\> ).
1. Change to the directory to which you've downloaded the
files. For example, if you've stored the files in a
directory named C:\DOWNLOAD:
C:\>c:
C:\>cd \download
2. Enter the following:
C:\DOWNLOAD>validate netshld.nlm
3. Compare the results with the information in the
README.1ST file. If the validation results match
what's in the file, it is highly unlikely that the
program has been modified.
If the results you obtain from running Validate on your copy of
NETShield differ from those described in the Release Notes, the
file may have been damaged. Always obtain your copy of NETShield
from a known source.
The latest version of NETShield and validation data for
NETSHLD.NLM and VIR.DAT can be obtained from McAfee Associates'
bulletin board system at (408) 988-4004, from the McAfee Virus
Help Forum on CompuServe (GO MCAFEE), via the Internet from the
pub/antivirus directory of the mcafee.com site, or from America
Online's McAfee Associates' Area (Keyword: McAfee).
NETSHIELD for NetWare v3.x Version 1.6 Page 7
TECHNICAL SUPPORT
For help in using NETShield, we invite you to contact McAfee
Associates technical support. You can contact us:
o Online 24 hours a day, through our bulletin board
system, CompuServe, fax, or Internet (see "Online
access to updates and technical support" below); or
o By telephone at (408) 988-3832, Monday through Friday,
7:00 a.m. to 5:30 p.m. Pacific Standard Time.
For fast and accurate help, please have the following information
ready when you contact McAfee Associates:
o Program name and version number.
o Type and brand of computer, hard disk, installed
adapter cards, and any peripherals.
o Version of NetWare, along with any NLM's or device
drivers in use.
o Printouts of the AUTOEXEC.NCF and STARTUP.NCF files.
o Printouts of your AUTOEXEC.BAT and CONFIG.SYS files
from any workstation that you were using.
o Printout of the NETShield Configuration Report.
o A description of the exact problem you are having.
Please be as specific as possible. If you can't be at
the system console when you call, a printout of the
screen would be helpful.
If you are overseas, you can contact a McAfee Associates
Authorized Agent. Agents are located in over 50 countries around
the world and provide local sales and support for our software.
Please refer to the AGENTS.TXT file for a complete list of McAfee
Associates Agents.
NETSHIELD for NetWare v3.x Version 1.6 Page 8
ONLINE ACCESS TO UPDATES AND TECHNICAL SUPPORT
McAfee Associates updates the NETShield programs every 4-6 weeks
or sooner, to add new virus detectors, new options, and fix
reported bugs. To distribute these new versions, we run a multi-
line bulletin board system, a forum on CompuServe, an Internet
node, and an America Online area.
McAfee Associates bulletin board system (BBS)
Our multi-line BBS is accessible 24 hours a day, 365 days a year,
except for scheduled downtime and maintenance. All lines run
high-speed modems operating from 1,200 bps to 14,400 bps with
line settings of 8 data bits, no parity, and one stop bit.
McAfee Forum on CompuServe
We sponsor the McAfee Virus Help Forum on CompuServe. To reach
it, type GO MCAFEE at any CompuServe prompt. A free introductory
membership is available; see the COMPUSRV.NOT text file for more
information.
Internet access
The latest versions of McAfee Associates' anti-virus software are
available by anonymous ftp (file transfer protocol) over the
Internet from the mcafee.com site. If your domain resolver does
not support names, use the IP# 192.187.128.1 instead. Enter
"anonymous" as your user ID and your own email address as the
password. Programs are located in the pub/antivirus directory.
If you have questions, please send email to support@mcafee.com.
You can also find McAfee Associates' anti-virus software at the
SimTel archive site Oak.Oakland.EDU in the pub/msdos/virus
directory and its associated mirror sites:
o ARCHIE.AU (Australia).
o FTP.FUNET.FI (Finland)
o FTP.SWITCH.CH (Switzerland)
o SRC.DOC.IC.AC (UK)
o WUARCHIVE.WUSTL.EDU (US)
America Online
The America Online "keyword" for the McAfee area is MCAFEE.
NETSHIELD for NetWare v3.x Version 1.6 Page 9
OTHER SOURCES OF INFORMATION
The McAfee Associates BBS and Virus Help Forum on CompuServe are
excellent sources of information on virus protection. Batch
files and utilities to help you use NETShield software are often
available, along with helpful advice.
Independent publishers, colleges, training centers, and vendors
also offer information and training about virus protection and
computer security. We especially recommend the following books:
o Ferbrache, David. A Pathology of Computer Viruses.
London: Springer-Verlag, 1992. ISBN 0-387-19610-2.
o Hoffman, Lance. J. Rogue Programs: Viruses, Worms,
and Trojan Horses. Van Nostrand Reinhold, 1990.
ISBN 0-442-00454-0
o Jacobson, Robert V. The PC Virus Control Handbook, 2nd
Ed. San Francisco, Miller Freeman Publications, 1990.
ISBN 0-87930-194-0.
o ________, ________. Using McAfee Associates Software
for Safe Computing. New York: International Security
Technology, 1992. ISBN 0-9627374-1-0.
NETSHIELD for NetWare v3.x Version 1.6 Page 10
Chapter 2: INSTALLATION
Installing NETShield is a straightforward and simple process. To
start, you will need to copy the NETShield NLM, virus signature,
and NETShield configuration file (if any) to the SYS:\SYSTEM
directory on your network server. You can change this, but
remember that these files must be on a network drive if you want
to run NETShield on your server(s). Next, you will modify the
AUTOEXEC.NCF file to run NETSHIELD each time the server is
booted.
Here's how to do this for NETShield:
Start from the system prompt (C:\>).
1. Change to the your network drive (F:\> in this example):
C:\>f:
F:\LOGIN>cd \system
F:\SYSTEM>
2. Copy the required files to the network drive:
F:\SYSTEM>copy c:\mcafee\netshld\netshld.nlm f:\system
F:\SYSTEM>copy c:\mcafee\netshld\vir.dat f:\system
2a. If a NETShield configuration file is present, copy it
to the network drive:
F:\SYSTEM>copy c:\mcafee\netshld\vir$cfg.dat f:\system
3. Edit the AUTOEXEC.NCF file to add NETShield:
F:\SYSTEM>edit autoexec.ncf
3a. Go to the beginning of the AUTOEXEC.NCF file and add:
load netshld load
3b. Save the AUTOEXEC.NCF file.
NETShield is now installed on your network server
NETSHIELD for NetWare v3.x Version 1.6 Page 11
Customizing NETShield
Once you've installed NETShield, you can customize the
way it loads by editing the LOAD command in the
AUTOEXEC.NCF file. The following options are valid:
LOAD NETSHLD runs NETShield with the default
settings and no configuration file.
LOAD NETSHLD LOAD runs NETShield with the default
configuration file, VIR$CFG.DAT,
from the SYS:SYSTEM directory.
LOAD NETSHLD LOAD = {path and filename}
runs NETShield with a user-specified
configuration file from the
directory you specify. The complete
path and file name, including the
volume name, must be specified when
using a configuration file other
than the default file.
We recommend that when you install NETShield for the
first time, you create a configuration file and save it.
This way, NETShield will always be loaded with optimal virus
detection for your environment. See "Configuring NETShield"
in Chapter 3, NETShield Menus, for details.
Unless otherwise specified, NETShield creates, loads, and
saves configuration files and reports in the directory where
the NETSHLD.NLM file is located.
Once you are done installing and customizing NETShield, you can
either restart your server to run NETShield or go to the system
console and type the following and the system prompt to start
NETShield:
LOAD NETSHLD
NETSHIELD for NetWare v3.x Version 1.6 Page 12
Chapter 3: NETSHIELD MENUS
When you run NETShield and the program loads virus patterns,
you'll see this menu. It is the highest level menu in the
command hierarchy:
_____NETSHIELD AVAILABLE OPTIONS_____________________________
(Do a scan immediately)
Configuration options
Report options
Signature control
Exit
_____________________________________________________________
(Do a scan immediately)
Activates NETShield virus checking of all selected
volumes. To choose which volumes are scanned, select
Configuration Options\What to Scan\Volumes to Scan. If
you choose this item when it reads "(Terminate a Current
Scan)" you will stop any currently running scan, whether
it is immediate or periodic.
Configuration options
Lets you customize NETShield to meet your particular
needs. Take some time to become familiar with the
different menus available under this option.
Report options
Lets you customize how NETShield reports the results of
its scanning. Set up NETShield to give you information
where you need it when you need it.
Signature control
Lets you keep NETShield's virus detection current by
loading updated external signature files, or "virus
signatures." Use it to load new sets of virus signatures, add
new virus strings, and toggle virus signature updating
between servers.
Exit
Use this option to unload NETShield and return to the NetWare
System Console. If you have set an "unload" password in the
Password Access Control menu, you must enter it before NETShield
will unload. For security reasons, NETShield will prompt you for
this password if you attempt to unloaded it from the System
Console command line. When a regular scan is being performed,
either immediate or periodic, it will halt when NETShield
unloads.
NETSHIELD for NetWare v3.x Version 1.6 Page 13
Configuring NETShield
Use the Configuration Options menu to set various parameters for
NETShield's operation. Choose from the following items:
_____CONFIGURATION OPTIONS___________________________________
On-access scanning options
Period-scanning options
Actions on virus detection
What to scan
Configuration file options
Speed/Accuracy controls
CRC controls
Password access control
Return to previous menu
_____________________________________________________________
On-access scanning options
Use the settings available from this option to select accesses to
trap for scanning. Scan incoming access (to the server) to
protect the server, scan outgoing access (from the server) to
prevent reinfection of a workstation from a virus on the server.
We recommend that you scan incoming access, but not outgoing.
This protects the server but avoids running extra scans.
You'll see this menu:
_____TRAP ACCESS MENU________________________________________
Incoming and outgoing scans both incoming and
outgoing accesses
Outgoing Only scans only outgoing accesses
Incoming Only scans only incoming accesses
None turns off on-access scanning
Return to Previous Menu Return to the Configuration
Options Menu
_____________________________________________________________
Period-scanning options
Use the settings available from this option to schedule a
scan to occur at a specific time. You'll see this menu:
Activate (Deactivate)
Choose this to schedule scans on a Daily, Weekly, or Monthly
basis.
When you choose a Daily scan, NETShield prompts you to
enter the time to start scanning. Enter the time in 24-hour
format, e.g., 1:00 p.m. becomes 1300 hours.
NETSHIELD for NetWare v3.x Version 1.6 Page 14
Choose Deactivate to disable periodic scanning. If a periodic
scan is running when Deactivate is selected, the scan will
continue until finished. If you want to halt a
periodic scan, select "Terminate a Current Scan" from the
NETShield Available Options menu.
o To optimize your network usage when scheduling a
periodic scan, select a time for scans when server
utilization is otherwise low.
Priority to run with
Choose this to set the amount of CPU time NETShield uses
when performing a periodic scan. There are ten levels of
priority available, from 1, the most CPU-intensive, to 10, the
least CPU-intensive. When NETShield is run with a priority
setting of 1, 40-50% CPU usage is added and approximately one
file is scanned per second. When run with a priority of 10, 1-2%
CPU usage is added and one file is scanned approximately every 10
seconds. The default priority is 5.
Return to previous menu
Return to the Configuration Options menu.
Actions on virus detection
Use the settings available from this option to set what
NETShield does with an infected file and who should be notified
upon detection of a virus. You'll see this menu:
File actions
Contact actions
File Actions lets you set what NETShield will do when it finds an
infected file. You'll see this menu:
Delete infected file Deletes virus-infected files.
Deleted files can be recovered
using the NetWare Salvage
command.
Overwrite and delete Erases virus-infected files by
deleting them and then writing
random characters over the
space they occupied. The
infected files deleted in this
manner can not be recovered.
NETSHIELD for NetWare v3.x Version 1.6 Page 15
Move infected files Moves infected files to the
directory specified using the
Set Move-to Directory command,
also on this menu (see below
for details).
Leave infected files alone
Performs no action on infected
files. Be careful with this;
if you choose this setting,
the only way you will be able
to tell if an infected file is
found is by looking at the
scan logs.
Set move-to directory Chooses a destination
directory in which to put
infected files. If no
directory is specified then a
subdirectory called \INFECTED
is created in the system
directory for this purpose.
Return to previous menu Returns to the Actions on
Virus Detection menu.
Contact actions lets you set who is informed of infections.
You'll see this menu:
(Do not inform the user accessing the file)
Use this setting if, for
security purposes, you don't
want users to know they have
infected files. If you choose
not to inform the user, be
sure to identify someone else
to be informed.
Edit the list of users to be contacted
Allows changes to the list of
users to be contacted when an
infected file is found.
Do not display messages on Console
Use this setting if you don't
want virus messages to show up
on the NetWare System Console.
Return to previous menu
Returns to the Actions on
Virus Detection menu.
NETSHIELD for NetWare v3.x Version 1.6 Page 16
What to scan
Use the settings available from this option to set areas of
servers, files and users to scan. You'll see this menu:
_____WHAT TO SCAN____________________________________________
Volumes to scan
Change scanned extensions
Ignore Users
Skip directories
Non-CRC checked files
Return to previous menu
_____________________________________________________________
Selecting "Volumes to Scan" selects which volumes are scanned
during immediate and periodic scanning. By default, all mounted
volumes are scanned.
On-access scanning will check all mounted volumes and is not
affected by this option. See "On-access scanning options,"
earlier in this section, for details about setting up on-access
scanning.
To scan all files for viruses, including data files, remove
any current filename extensions and set the on-access and
regular scanning extensions to "*". This may impact server
performance. For this reason, scanning all files is generally
not recommended.
Also, we do not recommend that you use the wild card extensions
"*" or "???" for CRC-checking, since this will cause all files to
be added to the CRC file list, including data files, batch files,
bindery files and other frequently-changed files.
Change scanned extensions
Use the settings available from this option to set the file
extensions to scan. Wild card extensions using "*" and "?"
can be used for all extensions. Add and remove extensions in
these options to customize your setup. Press [Ins] to insert a
file extension, [Del] to remove them, and [Esc] to exit.
When you choose it, the following choices will be
available:
Extensions to scan on access
Allows changes to the
list of file extensions
checked during on-access
scanning. The default
extensions selected are .COM,
.EXE, .OV?, and .SYS.
NETSHIELD for NetWare v3.x Version 1.6 Page 17
Extensions to scan during regular scan
Allows changes to the list of
file extensions checked during
periodic (scheduled) scanning.
The default extensions
selected are .COM, .EXE, .OV?,
and .SYS.
Extensions that will NOT be scanned
Set a list of file extensions
to exclude from both types of
scanning. By default, this
list is empty.
Extensions that will be checked by CRC
Allows changes to the list of
file extensions to check for
unknown viruses using CRC
checking. The default
extensions selected are .COM,
.EXE, .OV?, and .SYS.
Return to previous menu
Return to the What to Scan
menu.
Ignore users Specify any users who should
not be scanned for virus-
infected files.
o Use this option only to exclude accounts that run
unattended processes, such as network backups. The
process will continue in the event that the account
tries to access an infected file. It only skips virus
scanning during on-access scanning, when the specified
users try to access the network.
Skip directories Select which directories to
exclude from virus scanning.
o Use this option only for excluding directories which
contain virus-infected files, such as a directory created
into which NETShield moves virus-infected
files. When inserting a directory to be skipped,
enter the name of the file server, volume and
directory in the following format:
{file server}/{volume name}:/{directory}/
Note the placement of the forward slashes and colon.
NETSHIELD for NetWare v3.x Version 1.6 Page 18
Non-CRC checked files Enter the paths for
directories or files for which
CRC checks should not be
created. When you enter a
directory to be skipped, be
sure to enter the name of the
volume and the subdirectory as
well. When inserting a file
name, enter the complete
volume, subdirectory, and
filename. Wild cards can not
be used in file or directory
names.
Return to previous menu
Return to the Configuration
Options menu.
Configuration file options
Use the settings available from this option to load and save
different configuration settings. When you choose it, the
Save and Load Configurations menu will appear with the
following choices:
Load configuration file
Load a configuration file for
NETShield. NETShield looks in
the SYS:SYSTEM directory by
default. You will be prompted
to enter a filename if you
choose this option. Change
the path and filename if you
do not want to use the
default. We recommend that
you use the default path so
that the configuration files
are easy to locate if you have
to investigate a problem.
Save configuration file
Save a configuration file for
NETShield. If no configuration
file was specified when
NETShield was loaded, then the
default path is used and the
the filename is set to
VIR$CFG.DAT. Pressing any key
will clear the default and
allow a new path and filename
to be entered.
NETSHIELD for NetWare v3.x Version 1.6 Page 19
Write configuration report
Creates an ASCII text file
containing NETShield's
configuration options.
NETShield defaults to a
filename VIR$CFG.TXT in the
same directory that the
NETSHLD.NLM file is located
in. Pressing any key will
clear the default filename and
allow a new path and filename
to be entered.
o The configuration report must be written to a network
drive, and not to the local drive of a workstation.
Print configuration report
Send the configuration report
to file server print queues.
To choose from the list of
available queues, press [Esc]
when prompted for a queue
name.
Return to previous menu
Display the current action and
return to the Configuration
Options menu.
Speed/Accuracy controls
The Speed/Accuracy controls pptimize NETShield for speed versus
accuracy during scanning. When set to Full Scanning, NETShield
will check a greater portion of files for viruses than when set
to Fast Scanning. Using Fast Scanning may reduce NETSHield's
accuracy, since files are scanned for fewer details of a virus
infection.
CRC controls
Use the settings available from this option to set and configure
CRC (Cyclic Redundancy Check) checking for unknown viruses.
NETShield calculates a value based on structure of the file, and
then recalculates the same value periodically to compare with the
original. If the CRC has changed, it is likely that the file has
been infected or otherwise modified. Because the CRC will change
whenever a file is updated, we recommend using CRC checks only in
stable environments where few program updates are performed.
NETSHIELD for NetWare v3.x Version 1.6 Page 20
You'll see the following menu:
No CRC check Disable checking for unknown
viruses using CRC checks.
This is the recommended
setting.
Fast CRC Perform a CRC check against
the beginning of a file and
other critical parts of a
file. If no entry exists in
the CRC data file, NETShield
will create an entry for it.
Full CRC check (SLOW!) Perform a CRC check against an
entire file. If no entry
exists in the CRC data file,
NETShield will create an entry
for it.
Set filename to store CRC's in
Change the name or location
of the file where CRC data is
stored. By default, it is set
to VIR$CRC.DAT and stored in
the same directory as the
NETSHLD.NLM file.
Extensions that will be checked by CRC
Bring up the Extensions to
Scan pop-up menu. To add an
extension press [Ins], and to
remove an extension, press
[Del]. To exit, press [Esc].
Return to previous menu
Display the current action and
return to the Configuration
Options menu without making
any changes.
o Using "*" or "???" as an extension is not recommended
since this will cause all files to be added to the CRC
data file, including data files, batch files, bindery
files and other frequently-changed files.
NETSHIELD for NetWare v3.x Version 1.6 Page 21
Password access control
Use the settings available from this option so that NETShield
prompts for a password before unloading. You can also set a
toggle so that the same password will be required to make any
changes to the NETShield configuration.
You'll see this menu:
Enter password Set a password for unloading
NETShield. The password is
not case-sensitive, can be up
to forty (40) characters long,
and can be any mix of
alphanumeric and punctuation
characters.
o If a password is required, then it must be re-entered
before the password can be changed or removed.
Enable menu password (Disable menu password)
Sets NETShield to require the
NETShield unload password to
make any changes to the
NETShield configuration.
Return to previous menu
Returns to the Configuration
Options menu.
NETSHIELD for NetWare v3.x Version 1.6 Page 22
REPORT OPTIONS
Use the Report Options menu to set up how NETShield log files are
created and viewed. It contains the following
options:
_____REPORT OPTIONS__________________________________________
Set path for log file
Enable logging (Disable logging)
View log file
Print log file
Print and clear log
Clear log
Return to previous menu
_____________________________________________________________
Selecting "Set path for log file" sets a destination directory
where NETShield will store reports. The current
log file is always displayed. If the log file has not been
configured, the default filename will be VIR$LOG.DAT.
Press any key to clear the filename and enter a new one.
Selecting "Enable logging (Disable logging)" chooses whether to
create a virus incident log when an infected file is found.
Selecting "View log file" views the log files of virus
incidents. Use the [Home] key to view the first entry in the log
file, the [End] key to view the last entry, the [PgUp] and [PgDn]
keys to view the log file one screen at a time, and [Esc] to
exit.
Selecting "Print log file" sends a log file to a file server
print queue. Choose this to see a list of available print queues
on the server. Use the cursor keys to select a print queue,
[Enter] to accept, and [Esc] to abort.
Selecting "Print and clear log file" sends a log file to a file
server print queue. Choose this to see a list of available print
queues on the server. After printing, the log file is erased.
Use the cursor keys to select a print
queue, [Enter] to accept, and [Esc] to abort.
Selecting "Clear log" erases all events in the current log
file.
Selecting "Return to previous menu" returns to the NETShield
Available Options menu.
NETSHIELD for NetWare v3.x Version 1.6 Page 23
UPDATING OPTIONS
Use the settings available from this option to update the
virus signature file and to enter external virus signature
search strings. You'll see this menu:
_____SIGNATURE CONTROL_______________________________________
Update signature with new VIR.DAT
Load external strings
Disallow cross server updating (Allow cross server
updating)
Return to previous menu
_____________________________________________________________
Selecting "Update signature with new VIR.DAT" loads a new
signature file, or pattern, into memory. By default, the VIR.DAT
file will be loaded from the same directory in which the
NETSHLD.NLM file is located. To change this, press a key to
erase the current filename and type in the new directory and
filename for the pattern file.
Selecting "Load external strings" reads in a supplemental virus
signature string file created by the user. For more information,
see the ViruScan documentation on creating an external virus
signature string file.
Selecting "Disallow cross server updating (Allow cross server
updating)" toggles between enabling or disabling pattern updates
between servers. Turning this option on allows NETShield to
automatically update the VIR.DAT file on other servers running
NETShield.
Selecting "Return to previous menu" returns to the NETShield
Available Options menu.
NETSHIELD for NetWare v3.x Version 1.6 Page 24
Chapter 4: VIRUS IDENTIFICATION AND REMOVAL
It is strongly recommended that you get experienced help
in dealing with viruses if you are unfamiliar with anti-
virus software and methods. This is especially true for
"critical" viruses that infect files whenever they are
accessed. Improper removal can result in damage to the
data or the disk.
If you require assistance with a computer virus incident,
you can contact McAfee Associates for help by BBS, FAX,
telephone, Internet, CompuServe, or America Online. There is no
charge for technical support directly from McAfee Associates, but
technical support through any of McAfee Associates' Authorized
Agents may be billed at normal support rates.
All of McAfee Associates' programs can be downloaded from our
BBS, the mcafee.com site on the Internet, the McAfee Virus Help
Forum on CompuServe, the McAfee area on America Online, or from
any of the agents listed in the enclosed AGENTS.TXT text file.
NETSHIELD for NetWare v3.x Version 1.6 Page 25
Appendix A: TROUBLESHOOTING
PROBLEM: When attempting to load NETShield Version 1.55
or above on a Novell NetWare v3.11 server, the
following messages may appear:
Loader can not find PublicSymbol: IsColorMonitor
or
Public Variable not found: IsColorMonitor
NETShield does not load, and you are returned to the system
console prompt.
REASON: NETShield makes use of a Novell C Runtime Library
(filename CLIB.NLM) function that is not available
from versions of CLIB.NLM prior to Revision D of
CLIB.NLM. Revision D of CLIB.NLM is dated December
16, 1992 and is 267,068 bytes long.
SOLUTION: Installing and Revision D of CLIB.NLM on your Novell
NetWare v3.11 server will allow NETShield to load
normally.
Revision D of CLIB.NLM is available through Novell NETWIRE on
CompuServe (GO NOVLIB), as well as on our BBS at (408) 988-4004
(8N1 line settings) and by anonymous ftp to the mcafee.com
Internet node in the pub/patches directory. The filename is
311LIB.EXE. After obtaining a copy of the file, run it to unpack
the CLIB.NLM file and then follow the instructions in the
documentation to install the new CLIB.NLM file.
