home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Nautilus 1993 November
/
Nautilus CD Magazine Volume 3-11 November 1993 Windows Edition.mdf
/
compware
/
virus
/
vshield
/
vsh108b.doc
< prev
next >
Wrap
Text File
|
1993-10-07
|
47KB
|
1,157 lines
VSHIELD Version 5.54B108
VSHIELD1 Version 0.2
CHKSHLD Version 0.4
Copyright 1989-1993 by McAfee Associates.
All rights reserved.
Documentation by Aryeh Goretsky.
McAfee Associates (408) 988-3832 office
2710 Walsh Avenue, Suite 200 (408) 970-9727 fax
Santa Clara, CA 95051-0963 (408) 988-4004 BBS (25 lines)
U.S.A USR HST/v.32/v.42bis/MNP1-5
CompuServe GO MCAFEE
Internet support@mcafee.COM
America OnLine MCAFEE
TABLE OF CONTENTS
SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
- What is VSHIELD?
- System requirements
AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . . .3
- Verifying the integrity of VSHIELD
WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . . .4
- New features and viruses added in this release
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
- A note on switches
- General description of VSHIELD
OPERATION and OPTIONS. . . . . . . . . . . . . . . . . . . . . .7
- How to use VSHIELD, VSHIELD1, and CHKSHLD
- Detailed explanation of switches
- ERRORLEVEL's for batch file programming
EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
- Samples of frequently-used options
INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . .16
- How to install VSHIELD on your system
- A note on VSHIELD and networks
VIRUS REMOVAL. . . . . . . . . . . . . . . . . . . . . . . . . .17
- What to do if a virus is found
REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . . .17
- How to register VSHIELD
TECHNICAL SUPPORT. . . . . . . . . . . . . . . . . . . . . . . .18
- Information you should have ready when calling
APPENDIX A . . . . . . . . . . . . . . . . . . . . . . . . . . .19
- Creating an exception list for the /CERTIFY option
APPENDIX B . . . . . . . . . . . . . . . . . . . . . . . . . . .20
- Sample CHKSHLD program script
Page 1
VSHIELD Version 5.54B108 Page 2
SYNOPSIS
VSHIELD is a virus prevention program for IBM PC and
compatibles. VSHIELD prevents viruses from infecting your
system. When VSHIELD first loads it will search memory, the
master boot record (partition table), boot sector, system
files, and itself for known computer viruses before going into
memory as a Terminate-and-Stay-Resident (TSR) program.
VSHIELD checks for viruses by scanning programs as they
are run for virus signatures and/or validation codes added by
VIRUSCAN. Infected programs are prevented from running and a
a warning message is displayed by VSHIELD. VSHIELD also stops
soft boots from disks infected by boot-sector viruses.
VSHIELD optionally checks validation codes added by SCAN
to check if a file has been altered or modified. This can be
used to detect unknown (new) viruses.
VSHIELD optionally check for viruses as files are copied
or accessed.
VSHIELD optionally provides access control functions to
reduce the risk of virus infection from unauthorized software.
Two discrete programs are available. The first,
VSHIELD.EXE, checks for viruses using virus signatures and
validation codes added by SCAN. The second, VSHIELD1.EXE,
only checks validation codes added by SCAN. Both programs
monitor all program loads from all disks unless otherwise
specified.
The VSHINST program installs an icon for VSHIELD under
Windows 3.x. This icon can be used to toggle VSHIELD on and
off.
The VSHWIN program allows VSHIELD to display messages
while Windows 3.x is running.
The CHKSHLD program checks for VSHIELD in memory for use
in network login scripts.
VSHIELD will run on any PC with 256Kb and DOS 2.10 or
above. VSHIELD1 uses 6Kb of memory. VSHIELD uses 46Kb of
conventional memory if loaded normally, 25Kb of conventional
memory if EMS is present, 5Kb of conventional memory if
swapped-to-disk, and 1.5Kb of conventional memory if loaded
into upper memory.
VSHIELD Version 5.54B108 Page 3
AUTHENTICITY
VSHIELD is packaged with VALIDATE, a program to ensure
the integrity of the executable program files. The
VALIDATE.DOC file describes how to use VALIDATE.
The validation results for the VSHIELD 5.54B108
should be:
FILENAME: SIZE: DATE CHECK METHOD:
CHKSHLD.EXE S:8,171 D:08-17-93 M1: 7B3C M2: 1B48
VALIDATE.COM S:12,197 D:03-24-92 M1: D5BB M2: 166F
VSHIELD.EXE S:52,113 D:10-07-93 M1: 4547 M2: 120D
VSHIELD1.EXE S:18,833 D:06-24-93 M1: F414 M2: 13F5
VSHINST.EXE S:9,780 D:08-11-93 M1: 44A6 M2: 1D0F
VSHWIN.EXE S:15,927 D:08-17-93 M1: 874E M2: 0CB1
If your copy of VSHIELD differs, it may have options stored to
it with the /SAVE switch or been damaged by a virus. Run
VSHIELD with just the /SAVE switch to remove any stored options
and then re-run VALIDATE. Always obtain VSHIELD from a trusted
source such as the McAfee BBS, CompuServe, or your local McAfee
Agent. The latest version of VSHIELD and validation codes can
always be found on our BBS at +1 (408) 988-4004.
PKZIP AUTHENTICATION VERIFICATION
All of McAfee Associates' programs are archived with
Version 1.10 of PKWare's PKZIP Authentic File Verification.
When unzipped with Version 1.10 of PKWare's PKUNZIP program,
an "-AV" will be displayed after each file is unzipped and an
"Authentic Files Verified! # NWN405 Zip Source: McAFEE
ASSOCIATES" will appear once all files are unzipped.
NOTE: If you do not receive the Authentic File Verification
messages, you may be using a different version of
PKUNZIP, such as V1.93α or V2.04. Use PKUNZIP Version
1.10 to unzip files if you wish to have Authenticity
Verification displayed as files are unzipped.
VSHIELD Version 5.54B108 Page 4
WHAT'S NEW
Version 5.54B108 ("108-B") of VSHIELD was released
to fix the following problems:
o VSHIELD displaying a "This program requires
Microsoft Windows" message when the /SWAP and
/WINDOWS switches are used together.
o VSHIELD /ACCESS, /BOOT, or /COPY exiting Windows
when a virus was found.
o VSHIELD failing to load if more than 768 bytes
of system environment space is used.
o VSHIELD /CF {filename} falsely reporting that
files have been modified when run with QEMM by
Quarterdeck.
WHAT'S RECENT
Two new options have been added in Version 108 of
VSHIELD, the /BOOT and /NOFLOPPY options. The first
switch, /BOOT, tells VSHIELD to check the boot sector
of floppy disks whenever a diskette is accessed. The
second, /NOFLOPPY, disables the boot sector checking of
floppy disks, and should only be used when VSHIELD is
run with the /ACCESS switch in an OS/2 Virtual DOS Machine
(VDM) session to prevent a problem displaying directories.
For more information on viruses added in this release,
please refer to the VIRUSCAN documentation, the accompanying
VIRLIST.TXT file, or Patricia Hoffman's Hypertext VSUM.
VSHIELD Version 5.54B108 Page 5
OVERVIEW
VSHIELD is a memory-resident program that prevents virus
infection. VSHIELD does this by checking programs as they are
loaded by the computer. VSHIELD will not allow a file to run if
a virus is found, a program does not match its validation code,
or a file is not on the /CERTIFY list--this prevents the virus
from entering your system. VSHIELD also checks for boot
sector viruses during reboots and optionally checks for viruses
during copy operations or whenever a disk is accessed.
When VSHIELD is run from the AUTOEXEC.BAT, it is installed
each time the system is turned on or rebooted. VSHIELD checks
memory, the partition table, boot sector, system files, and
itself for viruses prior to installation as a Terminate-and-
Stay-Resident (TSR) program. It monitors all program loads
for viruses.
When a system is booted from an infected disk, VSHIELD will
detect the virus the next time VSHIELD runs since VSHIELD must
be in memory to detect the virus.
VSHIELD has four user-selectable levels of protection:
- Level I protection, provided by VSHIELD1, checks validation
codes added by VIRUSCAN's /AV or /AG switches [see
VIRUSCAN's documentation for more information]. Programs
failing the validation check will not be allowed to run.
VSHIELD1 also checks the partition table and boot sector
validation codes, if present. Level I provides minimal
protection only and is not recommended for normal use,
VSHIELD is recommended instead.
- Level II protection, provided by VSHIELD, checks programs
for virus signatures, the pattern of code unique to each
virus. If a virus is found, VSHIELD will not allow the
program to run. VSHIELD will also prevent reboots from
disks infected with a boot sector viruses.
- Level III protection, provided by VSHIELD /CF {filename} or
/CV, incorporates both Level I and Level II protection.
- Level IV protection, provided by VSHIELD /CERTIFY,
incorporates Level III protection with access control,
specifying which programs can be run.
VSHIELD Version 5.54B108 Page 6
Each level of protection has its advantages and disadvantages.
VSHIELD1 (Level I) requires the least system overhead,
using 6Kb of memory. It provides only minimal protection.
VSHIELD (Levels 2-4) requires as much as 46Kb of
conventional memory, this can be reduced to 25Kb by loading
VSHIELD into EMS, or 1.5Kb by loading into upper memory.
VSHIELD1 will add an average of one second to each program
load.
VSHIELD adds an average of one second to program loads and
six seconds to reboots. Using the /SWAP option adds an
additional second since VSHIELD must re-load itself from disk
prior to checking another file.
VSHIELD will not degrade the performance of the system once
programs have been loaded, except for programs which load other
programs when the /ACCESS or /COPY options are being used.
NOTE: VSHIELD and VSHIELD1 should not be used simultaneously.
Either one or the other should be used, but not both.
CHKSHLD is run to see if VSHIELD is in memory. CHKSHLD can
look for the presence of any version of VSHIELD, or a specific
version (a feature that can be used to update a workstation from
its file server).
INTERNET ACCESS TO McAFEE ASSOCIATES SOFTWARE
The latest versions of McAfee Associates' anti-viral
software is now available by anonymous ftp (file transfer
protocol) over the Internet from the site mcafee.COM. If
your domain resolver does not support names, use the IP#
192.187.128.1. Enter "anonymous" for your user I.D. and
your own email address for the password. Programs are
located in the pub/antivirus directory. If you have any
questions, please send email to support@mcafee.COM
McAfee Associates' anti-viral software may also be
found at the Oak.Oakland.EDU anonymous ftp archive site
in the pub\msdos\virus directory and its associated
mirror sites WUARCHIVE.WUSTL.EDU (US), NIC.SWITCH.CH (Swiss),
NIC.FUNET.FI (Finland), SRC.DOC.IC.AC (UK), and
ARCHIE.AU (Australia).
NOTE: The SIMTEL20 site, WSMR-SIMTEL20.ARMY.MIL was
shutdown on September 30, 1993 and is no longer
available. Use the Oak.Oakland.EDU site instead.
VSHIELD Version 5.54B108 Page 7
OPERATION and OPTIONS
IMPORTANT NOTE: CREATE A BACKUP DISK BY COPYING VSHIELD TO A
BLANK FLOPPY AND WRITE-PROTECT IT
To provide optimal protection against viruses VSHIELD (or
VSHIELD1) should normally be placed at the end of the
AUTOEXEC.BAT. However, if a menu program is run from the
AUTOEXEC.BAT, VSHIELD should be loaded before it. Popular
menu programs include MS-DOS's DOSSHELL, etc.
Loading disk cache or network driver programs after
VSHIELD may disable it. To prevent this from happening, re-run
VSHIELD with the /RECONNECT switch.
CHKSHLD should be run from the network login script. An
ERRORLEVEL is returned if VSHIELD is in memory. This can be
used for creating scripts to check and update VSHIELD.
A NOTE ON VSHIELD'S SWITCHES
VSHIELD is designed to provide a high degree of protection
even when none of the switches below are used. Placing VSHIELD
in the AUTOEXEC.BAT file with no options provides sufficient
protection for virtually all environments. If available memory
is at a premium, the /LH (Load High) or /SWAP (Swap-to-Disk)
options can be used to minimize memory usage.
Other options should be used only if required due to non-
standard systems or special security needs. VSHIELD provides
many options for flexibility in meeting the needs of corporate,
network, and secure environments but trade-offs in system
overhead and user restrictions must be carefully evaluated.
EMS USAGE
VSHIELD offers support for the Lotus-Intel-Microsoft
Expanded Memory Specification (LIM-EMS) version 3.2. If
expanded memory is present, VSHIELD will automatically make
use of it to store data in. This will reduce the amount of
conventional memory or upper memory used to 25Kb, with the
remainder of the program going into EMS. EMS usage can be
disabled by running VSHIELD with the /NOEMS switch. The
/SWAP and /CF {filename} cannot be used with EMS memory.
VSHIELD Version 5.54B108 Page 8
Valid options for VSHIELD are listed below:
VSHIELD {options}
Options are:
/ACCESS - Check for virus when files are opened
/BOOT - Check floppy boot sector when accessed
/CERTIFY {filename} - Enable access control ({filename} is an
optional exception list)
/CF {filename} - Check for viruses using recovery & validation
data stored in {filename}
/CHKHI - Check memory from 0-1088Kb for viruses
/CONTACT {message} - Display {message} when virus is found
/COPY - Check for viruses during COPY operations
/CV - Check validation codes added by VIRUSCAN
/IGNORE {drive(s)} - Ignore program loads from specified drive(s)
/LH - Load VSHIELD into upper memory blocks
/LOCK - Halt system when a virus is found
/M - Scan memory for all viruses during install
(see restrictions below)
/NB - Disable boot sector check during install
and reboot
/NI6510 - Fixes Racal Datacomm NI6510 conflict
/NOBREAK - Disable Ctrl-C / Ctrl-Brk during install
/NOCONT - Prevent running of non-certified programs
/NODISK - Disable boot sector check during install
only
/NOFLOPPY - Disable boot sector check of floppy drives
/NOEMS - Disable LIM-EMS 3.2 memory support
/NOMEM - Skip memory checking
/NOREMOVE - Disable /REMOVE switch
/ONLY {drive(s)} - Check program loads from specified drive{s}
/RECONNECT - Re-link system interrupts after network
drivers are loaded
/REMOVE - Unload VSHIELD from memory
/SAVE - Save specified switches as new defaults
/SWAP {pathname} - Load kernel (5Kb) only; swap rest to disk
/F {pathname} - Use with /SWAP for DOS 2.1 systems ONLY
/WINDOWS {pathname} - Install VSHWIN Windows compatibility module
VSHIELD Version 5.54B108 Page 9
The /ACCESS option tells VSHIELD to check for viruses
whenever a program is opened, such as during DOS operations
(ATTRIB, COPY, DIR, REN, and so forth) and file manipulation
by menu, shell, and utility programs. This option is
intended for high risk environments such as open-use computer
labs, help desks, and software developers. It will slow down
any program file accesses by approximately 15-20%, as such it
is not recommended for use with the /CF, /CV, or /CG options
for performance reasons. This option will not work with the
/BOOT, /COPY, or /SWAP options.
NOTE: /ACCESS must be used in place of /COPY for checking
COPY operations with 4DOS or the Windows File Manager.
The /BOOT option tells VSHIELD to check the boot sector
of floppy disks whenever they are accessed. This options does
not work from within Windows File Manager. For virus checking
within Windows, use the /ACCESS switch instead. This switch
does not work with the /ACCESS, /COPY, or /SWAP options.
The /CERTIFY option prevents files without validation codes
added by VIRUSCAN from being run. For this option to work, the
/CF {filename}, /CG, or /CV switches must be used. This option
is primarily for system administrators to prevent users from
running programs that could introduce a virus. An exception list
of "trusted" files can be created to allow use of programs that do
not work correctly with validation codes attached. For
instructions on creating an exception list, refer to Appendix A.
NOTE: Running /CERTIFY without an exception list or validation
codes will prevent all programs except for DOS internal
commands from running.
The /CF option checks recovery and validation data stored
by VIRUSCAN's /AF option. If a file or system area has changed,
VSHIELD will report that a viral infection may have occurred. The
syntax is /CF {filename}, where {filename} is the name of the
recovery and validation data file created by VIRUSCAN. The /CF
switch cannot be used with EMS memory and must be used with the
/NOEMS switch.
The /CG option checks recovery and validation data stored
by VIRUSCAN's /AG option. If a file or system area has changed,
VSHIELD will report that a viral infection may have occurred.
The /CHKHI option checks memory above 640Kb on 286/386/486
systems for viruses. This covers the Upper Memory Area from
640 - 1024K, and the High Memory Area from 1024 - 1088K. This
option cannot be used with the /NOMEM option.
VSHIELD Version 5.54B108 Page 10
The /CONTACT option is used to display a custom message
when a virus is found. The message can be up to 50 characters
long and contain any character except for a backslash "\".
Messages starting with a hyphen "-" or slash "/" must be placed
into quotation marks.
The /COPY option checks files for viruses during COPY
operations and checks the floppy drives for boot sector viruses
during COPY and DIR operations. The /COPY option does not work
with 4DOS or the Windows File Manager; to check COPY operations
done by them use the /ACCESS option instead. This option
cannot be used with the /ACCESS, /BOOT, or /SWAP options.
The /CV option checks validation codes added by SCAN to
.COM and .EXE files. If a file has changed it will no longer
match its validation code and VSHIELD will report the file has
been modified and a viral infection may have occurred. For
instructions on adding validation codes, refer to VIRUSCAN's
documentation.
The /F option is required for using /SWAP under DOS 2.0.
The /F option tells VSHIELD what path to swap from. The
complete path must be specified after the /F.
The /IGNORE option tells VSHIELD to ignore program loads
from specified drives. Ignored drives will NOT be checked for
viruses. Up to 26 drives may be ignored. /IGNORE is designed
for use with LAN's that have virus protection and is not
recommended for PC's or networks with no anti-viral software.
The /LH option loads VSHIELD into upper memory. For /LH to
work, an expanded memory manager such as Microsoft's EMM386,
Quarterdeck's QEMM, Helix' NetRoom, or Qualitas' 386^MAX should
be used. This option cannot be used with /SWAP.
The /LOCK option halts the system if a virus is found so
that infection cannot occur. It is recommend that the /CONTACT
switch be used to tell the user what to do when the system
halts.
The /M option checks base memory for all known memory-
resident viruses before VSHIELD installs in memory. By default,
VSHIELD only checks memory for critical (stealth) viruses. If a
critical virus is found during installation, VSHIELD will stop
and advise the user to turn off the PC, boot from a clean
(virus-free) DOS system disk and scan the system for viruses.
For a listing of critical viruses, please refer to the VIRUSCAN
documentation. This option cannot be used with the /NOMEM
option.
VSHIELD Version 5.54B108 Page 11
The /NB option tells VSHIELD to skip the partition table
and boot sector check during installation and reboots. This
option can be used to load VSHIELD from a network server.
The /NI6510 option prevents a conflict between VSHIELD
Racal-Datacomm NI6510 network interface cards: when a PC was
rebooted, a stream of corrupted packets would be sent across the
network. The problem and solution is specific the NI6510 and
does not apply to any other product.
The /NOBREAK option prevents Ctrl-C and Ctrl-Brk from
stopping VSHIELD during the installation process.
The /NOCONT option prevents the user from proceeding after
the "Proceed Anyway? Y/N" message when running non-certified
programs.
The /NODISK option disables the boot sector and partition
table check during installation. This option can be used to
load VSHIELD from a network server.
The /NOFLOPPY option disables checking the boot sector
of floppy disks from the A: and B: drives.
The /NOEMS option prevents VSHIELD from using expanded
memory. It must be used with the /CF and /SWAP switches.
The /NOMEM option skips the memory check for viruses during
installation. It should only be used when a PC is known to be
virus-free. This option cannot be used with the /CHKHI or /M
options.
The /NOREMOVE option prevents VSHIELD from being unloaded
with the /REMOVE option. This option cannot be used with the
/REMOVE option.
The /ONLY option tells VSHIELD to check program loads only
from the specified drives. All other drives will be ignored.
This option cannot be used with the /IGNORE option.
The /RECONNECT option is used to restore VSHIELD's link
into DOS after another program has disabled it, such as a
network driver or disk cache. This eliminates the need to
continually load and unload VSHIELD when logging on to a
network.
The /REMOVE option unloads VSHIELD from memory. If other
memory resident programs are loaded after VSHIELD, then VSHIELD
cannot be unloaded. This option can be disabled by installing
VSHIELD with the /NOREMOVE option.
VSHIELD Version 5.54B108 Page 12
The /SAVE option is used to store VSHIELD options for
subsequent executions of VSHIELD. Options are stored by
modifying the VSHIELD.EXE executable file. For example:
VSHIELD /LH /M /NOBREAK /SAVE
will set the VSHIELD defaults to /LH, /M, and /NOBREAK. If
VSHIELD is run with just the /SAVE switch, then all options are
removed and VSHIELD executes with its original default settings.
The /SWAP option tells VSHIELD to install a small (3Kb)
kernel in memory and load itself on demand. If a path is
specified after /SWAP, VSHIELD will swap from that path instead
of the path from which it is being executed. The /SWAP option
cannot be used with the /COPY or /ACCESS options. The /NOEMS
switch must be used if /SWAP is used.
NOTE: The /SWAP parameter should only be used if limited
amounts of memory are available for programs. It is
recommended that VSHIELD be used without the /SWAP
option whenever memory permits for performance reasons.
The /WINDOWS option allows VSHIELD to display messages
under Windows 3.X in a Windows dialogue box. It accomplishes
this by copying VSHWIN.EXE file into the Windows directory and
modifying the WIN.INI file to run it when Windows is started.
By default, VSHIELD searches for a directory named \WINDOWS on
the currently-logged drive. If Windows is not on the current
drive, then a {pathname} may be specified telling VSHIELD where
to install VSHWIN.EXE (and WIN.INI).
NOTE: This option now installs the Windows display program
and needs to be run once.
NOTE: For the VSHWIN program to display messages under
Windows, VSHIELD must be run with the /ACCESS switch.
ERROR LEVELS
After VSHIELD has installed itself in memory, it will set
the DOS ERRORLEVEL. ERRORLEVEL's are used in batch files to
pass along the results of a programs's actions. The
ERRORLEVEL's returned by VSHIELD are:
ERRORLEVEL │ DESCRIPTION
═══════════╪═══════════════════════════════════════════════
0 │ No viruses found
1 │ One or more viruses found
2 │ Abnormal termination (program error)
VSHIELD Version 5.54B108 Page 13
VSHIELD1
Valid options for VSHIELD1 are listed below:
VSHIELD1 /NB /REMOVE
Options are:
/NB - Disable boot sector checking during install
and reboot.
/REMOVE - Unload VSHIELD1 from memory
The /NB option tells VSHIELD1 to skip the partition table
and boot sector check during installation and reboots.
The /REMOVE option unloads VSHIELD1 from memory. If other
memory resident programs are loaded after VSHIELD1, then
VSHIELD1 cannot be unloaded.
VSHINST
VSHINST allows VSHIELD to display a status icon on
the Windows Desktop which can be used to toggle VSHIELD on
and off. To run VSHINST, choose the Run command from the
Windows File Manager and enter the full path name of VSHINST.
The VSHINST program creates a Group named MCAFEE in
the Windows directory and then adds an icon for VSHIELD to
the group.
For VSHINST to be installed and work correctly the
Windows Program Manager must be the default shell; VSHWIN
has been installed with the VSHIELD /WINDOWS; and Windows
must be running in protected mode.
VSHIELD Version 5.54B108 Page 14
Valid options for CHKSHLD are listed below:
CHKSHLD /DEBUG /Q /V "xxxxx" /? /H /HELP
Options are:
/DEBUG - Display version and ERRORLEVEL
/Q - Quiet mode (no messages displayed)
/V "xxxxx" - Check for version "xxxxx" of VSHIELD in memory
/? /H /HELP - Display help screen
The /DEBUG option displays the version of VSHIELD resident
in memory and the DOS ERRORLEVEL on the screen.
The /Q option stops CHKSHLD from displaying any messages.
The /V option tells CHKSHLD to look for a specific version
of VSHIELD in memory. For example, "5.4 V104" for
VSHIELD 5.4 V104.
NOTE: Double quotes must be used if a space appears between
the release and version numbers.
The /?, /H, and /HELP options display a help screen.
CHKSHLD's ERRORLEVELS
CHKSHLD sets the DOS ERRORLEVEL to the following values:
ERRORLEVEL │ DESCRIPTION
═══════════╪═══════════════════════════════════════════════
0 │ VSHIELD is resident, or if /V is used, the
│ version specified is resident in memory.
1 │ VSHIELD is resident but does not match /V
2 │ VSHIELD is NOT resident in memory
3 │ Abnormal termination (program error)
OPERATION
CHKSHLD allows network administrators to check workstations
for VSHIELD before allowing them to log on to a network.
CHKSHLD is not recommended for home or non-network users.
A sample login script for Novell NetWare is included in
Appendix B.
VSHIELD Version 5.54B108 Page 15
EXAMPLES
The following examples show different option settings:
VSHIELD
Installs VSHIELD (Level II protection)
VSHIELD /CV
Installs VSHIELD (Level III protection)
VSHIELD /CERTIFY EXCPTN.LST
Installs VSHIELD (Level IV protection) with an
exception list named EXCPTN.LST.
VSHIELD /SWAP
Installs VSHIELD kernel in memory and swaps from
root directory of disk with DOS 3.0 and above.
VSHIELD /SWAP /F C:\
Installs VSHIELD kernel resident and swaps from
root directory of disk with DOS 2.0 system.
VSHIELD /CV /CONTACT "Please Contact the PC Help Desk"
Installs VSHIELD (Level III protection) and
display a message if virus is found.
VSHIELD /M /CHKHI /CV /LH
Installs VSHIELD (Level III protection) checking for
all memory resident viruses in base and high memory
prior to install, load VSHIELD high
VSHIELD /RECONNECT
Re-enable VSHIELD after it has been disconnected by
network device drivers.
VSHIELD /CF C:\MCAFEE\SCANCRC.CRC
Install VSHIELD with Level III protection checking
recovery & validation data file created by VIRUSCAN's
/AF option.
VSHIELD /WINDOWS D:\WINDOWS
Installs VSHIELD's VSHWIN.EXE display driver in Windows
directory on drive D:.
CHKSHLD /V "5.50 V107" /Q
Checks for VSHIELD 5.50 V107 in memory, no messages
displayed.
VSHIELD Version 5.54B108 Page 16
INSTALLATION
For optimum protection, place VSHIELD as the last line in
your AUTOEXEC.BAT file. If you are using a menu program, place
VSHIELD before it in the AUTOEXEC.BAT.
A NOTE ON VSHIELD AND NETWORKS
If network drivers are loaded after VSHIELD, VSHIELD
*MUST* be run again with the /RECONNECT option AFTER the network
drivers are loaded. This is because network drivers replace the
normal DOS system interrupts so VSHIELD no longer recognizes
program loads.
It is recommended that VSHIELD be used in non-swap mode if
free memory permits. Use of the /SWAP option will slow down the
system and may cause conflicts with programs that fail to
allocate memory properly from the system. If conflicts occur,
remove the /SWAP option and reboot the system. If there is not
enough memory to load VSHIELD in non-swap mode, then VSHIELD1
should be used instead.
Networks other than Microsoft LAN Manager with workstations
running Windows 3.0 and printing to an HPLJ II (or compatible)
printer over the network occasionally have problems with random
blocks of memory being sent to the printer when VSHIELD is
installed. This is because other network operating systems may
not redirect the printer correctly. This can be fixed by
changing all occurrences of the text "LPT1:" to "LPT1.PRN:"
while leaving the "LPT1.OS2:" text alone in WIN.INI or upgrading
to Windows 3.1.
If VSHIELD is to be run from a network drive, it should be
flagged as EXECUTE ONLY, READ ONLY, and SHAREABLE. If the PC is
booted from a local drive, the /NODISK option should be used.
If the PC is booted from a boot ROM on a NIC, the /NB switch
should be used.
VSHIELD Version 5.54B108 Page 17
VIRUS REMOVAL
What do you do if a virus is found? You can contact McAfee
Associates for help by BBS, FAX, telephone, Internet, or
CompuServe. There is no charge for support calls to McAfee
Associates.
The CLEAN-UP universal virus disinfection program can
disinfect virtually all reported computer viruses. It is
updated with each release of the SCAN program to remove new
viruses. CLEAN-UP can be downloaded from McAfee Associates'
BBS, the mcafee.COM site on the Internet, the McAfee Virus
Help Forum on CompuServe, or from any of the agents listed in
the enclosed AGENTS.TXT file.
It is strongly recommended that you get experienced help in
dealing with viruses if you are unfamiliar with anti-virus
software and methods. This is especially true for 'critical'
viruses and partition table/boot sector infecting viruses as
improper removal of these viruses can result in the loss of all
data and use of the infected disk(s). [For a listing of critical
viruses, please refer to the VIRUSCAN documentation.]
For qualified assistance in removing a virus, please
contact McAfee Associates directly or any of the Authorized
McAfee Associates Agents in your area. Agents may charge McAfee
Associates normal support rates for their services.
If you wish to remove a file-infecting virus manually, you
can run SCAN with the /A and /D switches to erase all infected
files.
Before removing a boot sector and partition table-infecting
virus, it is recommended that you cold boot the infected PC from
a clean DOS disk and backup any critical data.
REGISTRATION
A registration fee of US$25.00 is required for the use of
VSHIELD by individual home users. Registration entitles the
holder to unlimited free upgrades from McAfee Associates' BBS
or the Computer Virus Help Forum on CompuServe and technical
support for one year. When registering, a disk containing the
latest version may be requested for an additional US$9.00
Only one diskette mailing will be made.
Registration is for home users only and does not apply to
businesses, corporations, organizations, government agencies, or
schools, who must obtain a license for use. Contact McAfee
Associates directly or an Authorized Agent for information on
licensing.
VSHIELD Version 5.54B108 Page 18
TECHNICAL SUPPORT
For fast and accurate help, please have the following
information ready when you contact McAfee Associates:
· Program name and version number.
· Type and brand of computer, hard disk, plus any
peripherals.
· Version of DOS plus any TSRs or device drivers in use.
· Printouts of your AUTOEXEC.BAT and CONFIG.SYS files.
· A printout of what is in memory from the MEM command
(DOS 4 and above users only) or a similar utility.
· The exact problem you are having. Please be as
specific as possible. Having a printout of the
screen and/or being at your computer will be helpful.
McAfee Associates can be contacted by BBS, CompuServe, FAX, or
InterNet 24 hours a day, or by telephone at (408) 988-3832,
Monday through Friday, 7:00AM to 5:30PM Pacific Time.
McAfee Associates, Inc. (408) 988-3832 office
2710 Walsh Avenue, Suite 200 (408) 970-9727 fax
Santa Clara, CA 95051-0963 (408) 988-4004 BBS (25 lines)
U.S.A USR HST/v.32/v.42bis/MNP1-5
CompuServe GO MCAFEE
InterNet support@mcafee.COM
America OnLine MCAFEE
VSHIELD Version 5.54B108 Page 19
APPENDIX A: Creating an Exception List for the /CERTIFY Option
NOTE: The /CERTIFY option is for use in environments where a
significant risk of virus infection from unauthorized
software exists. It is not for environments where new
software is introduced on a continuous basis.
Exception List data files created with an editor or word
processor must be saved as ASCII text files. Be sure each line
ends with a CR/LF pair.
When VSHIELD is used with the /CERTIFY option only files
that have been validated by SCAN are allowed to run. If
/CERTIFY with an Exception List is used on a system with no
files validated by SCAN then only the files listed in the
Exception List will be allowed to run.
The Exception List uses the following format:
d:\pathnam1\filenam1.ext
*comment
.
.
d:\pathnam1\filenam2.ext
*more comments
Where "d:" is the name of the drive, "\pathnam1\" is the name of
the path, and "filename.ext" is the name of the file, including
the extension. An Exception List can be up to 1,000 characters
long. Comment lines are preceded with an asterisk "*" and are
ignored by VSHIELD.
Running /CERTIFY without an exception list will prevent all
programs other than DOS internal commands from being run.
VSHIELD 5.54B108 Page 20
APPENDIX B: Miscellaneous Application Notes
SAMPLE NOVELL LOGIN SCRIPT AND .BAT FILE FOR VSHIELD AND CHKSHLD
The following is a sample system login script for use by
Novell NetWare system administrators. The login script gets
the ERRORLEVEL from Novell NetWare and then displays the error
messages on the users' screens. The script exits the user to
a .BAT file that performs a logout if there is an internal error
with CHKSHLD, VSHIELD has not been installed, or an older
version of VSHIELD is present when a PC logs on to a network.
__________ START OF SAMPLE NOVELL SYSTEM LOGIN SCRIPT __________
CHKSHLD /V "5.4 V104"
IF ERROR_LEVEL = "3" THEN
FIRE PHASERS 5 TIMES
WRITE "A CHKSHLD internal error has occurred."
WRITE "Please contact the Help Desk."
#COMMAND /C NOLOGIN.BAT
EXIT
ELSE
IF ERROR_LEVEL = "2" THEN
FIRE PHASERS 5 TIMES
WRITE "VSHIELD has not been installed on your PC."
WRITE "Access Denied. Please contact the Help Desk."
#COMMAND /C NOLOGIN.BAT
EXIT
ELSE
IF ERROR_LEVEL = "1" THEN
FIRE PHASERS 5 TIMES
WRITE "An old version of VSHIELD has been installed."
WRITE "Access to the network has been denied. Please"
WRITE "contact the Help Desk to have a new version
WRITE "installed."
#COMMAND /C NOLOGIN.BAT
EXIT
END
END
END
___________ END OF SAMPLE NOVELL SYSTEM LOGIN SCRIPT ___________
_______________ START OF SAMPLE nologin.bat FILE _______________
ECHO OFF
REM Log the user off of the network
LOGOUT
________________ END OF SAMPLE nologin.bat FILE ________________
More complex login scripts can be created to send a message to
the supervisor if an error has occurred, update the user's
VSHIELD.EXE as he logs in to the network, etc. For security
purposes, the NOLOGIN.BAT file should be placed on the user's
local hard disk.