home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 2001 April
/
Chip_2001-04_cd1.bin
/
tema
/
Protect
/
NT_2000.exe
/
READNTG.TXT
< prev
next >
Wrap
Text File
|
2001-02-16
|
17KB
|
433 lines
Sophos Anti-Virus for Windows NT and 2000 Release Notes
-------------------------------------------------------
March 2001 (3.43)
www.sophos.com
New in this version
-------------------
All Sophos Anti-Virus versions have been updated with new virus information. A
list of new viruses detected by Version 3.43 can be found in 'What's New' or
in the READNEWS.TXT file on the Release CD, or in the READNEWS.TXT file on the
SWEEP for DOS Version 3.43 Installation Disk.
* The scanning of Office 2001 files is now turned on by default.
* The scanning of Palm pilot binary files (PRC file extention) is supported
and enabled by default.
* The scanning of ActiveMime files (MSO file extention) is supported and
enabled by default.
* The scanning of both LZH/LHA archives and MS Compressed files is
supported.
Recent Improvements
-------------------
* The scanning of Microsoft Cabinet files is no longer enabled when
archive file handling is enabled. It can be individually enabled.
Additional information
----------------------
1. InterCheck Client
The following important facilities have been added to the InterCheck Client
driver:
* Support for the option to copy, rename, delete and purge infected files
via the 'Action' page on the Sophos Anti-Virus GUI.
* Ability to scan inside archive files configured via the 'Mode' page in the
Sophos Anti-Virus interface is enabled. Note that this may have adverse
effects on system performance.
A number of optimisations have been made to the InterCheck Client including:
* Problem with the InterCheck Client support for the latest version of
Chameleon NFS client (NetManage) has been resolved.
* Changes have been made to the InterCheck Client driver to improve
performance with Windows 2000 - particularly Hierarchical Storage Manager
(HSM) and off-line file-handling.
Note that after upgrading from a previous version of Sophos Anti-Virus for
Windows NT, the system must be restarted before the new InterCheck driver is
activated. Restarting your system immediately after an upgrade is not
necessary. InterCheck will continue to operate correctly, and the new features
will be activated next time the system is restarted.
2. Setup
The setup program has been enhanced in a number of significant ways:
* When Sophos Anti-Virus is being installed, a new splash screen is
displayed.
* It is possible to disable the 'Did you know' CD splash screen behaviour by
adding the following setting in the registry:
Key: HKEY_CURRENT_USER\Software\Sophos\Autorun
Value Name: No Prelaunch
Type: REG_DWORD
Data: 0x00000001
* 'Setup /update' now has priority over workstation installations, i.e.
'setup /update' will not fail because a workstation is in the process of
establishing the need to upgrade or is in the process of upgrading.
* Several new command line qualifiers have been added to the setup program:
-a non-interactive install
-updaccount=domain\username\password update account info
-ni non-interactive setup
-in invisible setup program
-inl invisible loader
* Improvements have been made to the optimised file updating routines to
transfer fewer files during the update process.
* New setup configuration screens now offer the option to add network
account information when configuring Sophos Anti-Virus to update from a
central installation held on a NetWare sever. This facility supersedes the
registry work-around previously published in the Readme.
3. Compatible with 'Terminal Server' and 'MetaFrame'
This version of Sophos Anti-Virus for Windows NT will run on versions of the
Windows NT operating system which support multi-user emulation. To provide
this functionality, the graphical elements (Sophos Anti-Virus Graphical User
Interface and InterCheck monitor) should only be run on the main console.
This behaviour is automatically enforced when NT 4 service pack 4, or later,
has been installed on the server.
4. Messaging sub-system
Significant improvements have been implemented to allow multiple language
support.
* All interface resources are held in a shared file accessible by Sophos
Anti-Virus for Windows 95/98/Me and Windows NT/2000.
* Some resource inconsistencies between languages have been fixed.
* The messages displayed when Sophos Anti-Virus is unable to copy, move,
delete, or rename viral files have been improved and the error counts now
accurately reflect these conditions.
* The ability to inhibit the display of a desktop message issued by the
InterCheck Client as it shuts down has been implemented. To do this add
the following value to the registry:
Key: HLM\SOFTWARE\Sophos\SweepNT\SMMs\Desktop.smm
Value Name: Shutdown Message Action
Type: REG_DWORD
Data: 0x00000000 -> 0x00000003
The range of values has the following effects:
0x0000000: no suppression of InterCheck summary messages.
0x0000001: suppress the InterCheck Client summary if errors were
encountered during the time InterCheck was running.
0x0000002: suppress the InterCheck Client summary if viruses
were encountered during the time InterCheck was running.
0x0000003: suppress all InterCheck Client summary messages.
* Forcing the SMTP SMM to send its reports as MIME-encoded attachments is
now possible. To do this add the following value to the registry:
Key: HLM\SOFTWARE\Sophos\SweepNT\SMMs\SMTP.smm
Value Name: Mime Encode
Type: REG_DWORD
Data: 0x00000001
* Files in off-line storage will be reported. To suppress these messages add
the following value to the registry:
Key: HLM\SOFTWARE\Sophos\ADVANCED
Value Name: REPORT_OFF_LINE_FILES
Type: REG_DWORD
Data: 0x00000000
* Encrypted files will be reported. To suppress these messages add the
following value to the registry:
Key: HLM\SOFTWARE\Sophos\ADVANCED
Value Name: REPORT_PASSWORD_ENCRYPTED
Type: REG_DWORD
Data: 0x00000000
5. Sophos Anti-Virus Graphical User Interface
* Increased limit on number of extensions in executables list.
* Horizontal scrollbar in log interface window if needed.
* Virus library viewer now an external application.
* InterCheck Client can now be configured to scan inside archives.
* InterCheck Client can now be configured to perform actions on disinfection
failure.
* InterCheck Server can now be configured to scan inside archives.
* On Terminal Server, the interface will run on the console only.
* Exclusion of specified directories from scanning is possible. This affects
both on-access and on-demand scans.
* Immediate and scheduled jobs may now be created, copied and configured via
a right button menu.
6. Virus library viewer
* This is now a stand-alone application that is launched from the
main interface (or Explorer / Command prompt). Two command line qualifiers
can be used:
Usage: SVL.EXE [/d=<filename>] [/v=<virusname>]
/d=<filename> - Specifies the Virus Library Data file to use.
/v=<virusname> - Specifies the Virus Information to display.
* Improved online help.
* Multiple instances can be run simultaneously and independently of the
Sophos Anti-Virus interface application.
* SVL.EXE will not launch in a terminal client session.
* Changes to the font and the colours in the virus information dialog are
possible -- these settings will be used for printing.
* Copying the details of a virus to the clipboard and pasting the details
into another application, either as plain text or in rich text format is
now possible.
* The virus library viewer application stores your user preferences for when
you relaunch it.
* The virus library viewer application now displays information relating to
script file viruses.
7. SAVI
* Developers may now set the maximum recursion depth configuration option.
8. Addition of wildcard specification to SAV32CLI.EXE
* The SAV32CLI.EXE program has been modified to allow specification of
wildcard parameters (* and ?).
* Non-administrators can also use the SAV32CLI program if InterCheck is
inactive.
9. Improved interaction with files held in off-line storage
By default, during immediate and scheduled scans, Sophos Anti-Virus will not
retrieve files marked as being held in off-line storage for scanning. This
default behaviour can be over-ridden by setting the following value in the
registry:
Key: HLM\Software\Sophos\ADVANCED\
Value Name: SCAN_FILES_IN_HSM
Type: REG_DWORD
Data: 0x00000001
By default, during immediate and scheduled scans, Sophos Anti-Virus will
reset a files' last accessed time. This default behaviour can be over-ridden
by setting the following value in the registry:
Key: HLM\Software\Sophos\ADVANCED\
Value Name: RESET_LAST_ACCESSED_TIME
Type: REG_DWORD
Data: 0x00000000
10. Improved log file handling
Improved handling of the SWEEP.LOG file allows Sophos Anti-Virus for Windows
NT to run considerably faster if the log file is large.
Note that it is no longer possible to delete SWEEP.LOG while the service is
running. However, users can change the location of SWEEP.LOG file and then
delete the original.
11. New utilities ICSTATUS and UPDCHECK
ICSTATUS is a console application which reports the current InterCheck status
of the computer on which it is run. It may be used as part of a login script
ensuring that InterCheck is active on a client workstation prior to granting
network access. It is designed to be used with Windows 95, Windows 98,
Windows Me, Windows NT and Windows 2000.
UPDCHECK is a console application which indicates whether or not the Sophos
Anti-Virus installation on a client workstation is up to date relative to its
server Central Installation Directory (CID). It is designed to be used with
Windows 95, Windows 98, Windows Me, Windows NT and Windows 2000.
ICSTATUS.EXE and UPDCHECK.EXE can be found in the TOOLS\ICSTATUS and
TOOLS\UPDCHECK directories on the CD.
12. Archive scanning
The following archive types: ARJ, CMZ, GZIP, RAR, TAR, ZIP, LHA, LZH and files
compressed with MS Compress are additionally scanned when the 'Scan inside
archives' box is ticked.
Self extracting archives of known archive types are scanned as archives if
archive handling has been switched on for that type. Otherwise they will be
scanned only as executables.
The Macintosh archives MacBinary and BinHex can also be scanned by ticking the
'Include Macintosh viruses' box.
Known problems
--------------
* Re-configuring SAVI client applications while they are active fails.
* NetWare server and Windows 2000 workstation
This problem affects only the running of the setup /update program on
Windows 2000 computers when the Central Installation Directory is based on
a NetWare server.
When it is necessary to place a new IDE file in a Central Installation
Directory (CID) based on a NetWare Server and to run setup /update on a
Windows 2000 workstation, the following command line should be used
instead of the documented command:
setup /update /srcpath=\\netwareserver\cidpath
where \\netwareserver\cidpath is the full UNC path to the CID.
Troubleshooting
---------------
The following problems may require the use of the Registry Editor
(REGEDT32.EXE). Microsoft have issued the following warning with respect to
the Registry Editor:
"Using Registry Editor incorrectly can cause serious, system-wide
problems that may require you to re-install Windows NT to correct
them. Microsoft cannot guarantee that any problems resulting from
the use of Registry Editor can be solved. Use this tool at your own
risk."
1. Errors accessing network shares from remote computers
After installing Sophos Anti-Virus for Windows NT, you may encounter
difficulties accessing network shares from remote computers. You may also
receive one of the following error messages:
"Not enough server storage is available to process this command."
"Not enough memory to complete transaction. Close some applications
and retry."
Additionally, the Windows NT server may log one or both of the following event
messages in the system log:
Event ID : 2011
Source : Srv
Description : The server's configuration parameter "IRPStackSize"
is too small for the server to use a local device. Please increase
the value of this parameter.
Event ID : 0
Source : Srv
Description : Description for Event ID 0 could not be found. It
contains the insertion string \device\LanManServer.
This is a restriction imposed by the default Windows NT server configuration.
The following registry entry is required to solve the problem.
Key: HLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
Parameters\
Value Name: IrpStackSize
Type: REG_DWORD
Data: 0x6
You can use REGEDT32 to modify or create this entry in the registry. You will
need to restart the system before the change will take effect. If you still
experience problems, a larger value can be selected. The valid range for this
parameter is 0x1 to 0xC (1 to 12). Please see the Microsoft knowledge base
article ID Q198386 for further information.
2. SWEEP for Windows NT Update service
To function correctly, the auto-update service must be installed as the
'LocalSystem' account and have 'Allow Service to Interact with Desktop'
selected.
3. InterCheck logging
For InterCheck logging to work correctly, the SWEEP for Windows NT Network
Service must use an account that is able to see the InterCheck Server share.
This may not be the case if the auto-update option was not selected during
installation.
If InterCheck logging fails to work correctly, a suitable account may be
selected as follows:
* Go to Control Panel|Services.
* Select the SWEEP for Windows NT Network Service.
* Click the 'Startup...' button.
* Under 'Log on As:', select the field 'This Account'.
* Enter an account in the form DOMAIN\User with access to the relevant
InterCheck Server share.
* Fill in the password field as appropriate.
* Click 'OK' to confirm the change.
* Stop and then restart the service.
Compatibility issues
--------------------
1. Banyan VINES support
Please note that InterCheck will not check files on remote Banyan VINES drives
unless the Banyan VINES network support was started at start up.
2. PATHWORKS Version 4 server
Windows NT clients which use a PATHWORKS 4 server for the central installation
directory may repeatedly auto-update. This problem only occurs on PATHWORKS 4
not on later PATHWORKS versions.
3. Bay Networks (Performance Technologies) Instant Internet
A conflict between the version of the WinSock client installed by the Instant
Internet application and the Sophos SMTP.SMM module can lead to the Sophos
Anti-Virus service not starting or stopping correctly.
As a work-around, add the following value to the registry.
Key: HLM\Software\Sophos\SweepNT\SMMS\SMTP\
Value Name: No Startup Check
Type: REG_DWORD
Data: 0x1
This work-around will prevent the SMTP module checking for the appropriate
network transport protocols during startup.
4. Windows NT Service Pack 6 and 6a
Microsoft have confirmed that a bug in csrss.exe, introduced in service pack
6, will cause the update process to fail if a desktop message is active. To
help customers experiencing this problem Sophos have produced a work-around
dll.
On machines affected by this problem add the file accessdt.dll to the
installed set. This DLL can be found in compressed form on the Sophos CD in
the Win32 NT\DATA subdirectory. To install this optional component copy the
file into the local Sophos installation directory and decompress it by running
the command "expand accessdt.dl_ accessdt.dll" from a DOS box. The fix will
become effective immediately.
----------------