home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Experimental BBS Explossion 3
/
Experimental BBS Explossion III.iso
/
virus
/
virex.zip
/
README.VPC
< prev
next >
Wrap
Text File
|
1993-10-01
|
10KB
|
218 lines
README.VPC for Virex for the PC Version 2.91
--------------------------------------------
This file contains important information that is not in the manual or that
has changed since the manual was printed. Please take a moment to read it
to help you fully utilize Virex for the PC.
Virex for the PC 2.91 detects 1,720 viruses.
PRODUCT REGISTRATION:
Beginning with version 2.7, VPCSCAN will search for a valid registration file
and will notify you if it does not exist. This file contains a registration
number that you must provide to Datawatch in order to receive technical
support. You have been provided with a generic registration file that will
allow VPCSCAN to run without generating an "unregistered copy" message. You
will see the generic registration number displayed every time that you run
VPCSCAN. You should send in your registration card immediately so that
Datawatch can provide you with a personalized registration number. Other than
help with the initial installation, technical support is not provided unless
you have a personal registration number. Future updates of VPCSCAN will
recognize this registration file, thus, it only needs to be created one time.
Datawatch will provide you with instructions for creating a personalized
registration file upon receipt of your registration card.
UPDATES:
Beginning with version 2.7, Virex for the PC updates will be available, free
of charge for registered users, through various BBSs (Bulletin Board Services),
including our own DataGate. You can download Virex for the PC updates from it
by using any communications program on your PC and a modem. Set up your
communications program for 8 data bits, no parity, 1 stop bit and ANSI or TTY
emulation. DataGate supports speeds from 1200 to 14,400 bps. The DataGate
number is 919-419-1602. After November 1, 1993, DataGate will be available at
919-549-0042.
Individual upgrades are also available, for a small fee, by mail from
Datawatch. You may also subscribe to an update service to receive all updates
by mail for a one-year period.
BBS SUPPORT:
Datawatch is pleased to offer you access to our BBS, DataGate.
DataGate's primary purpose is to support YOU. As soon as you enter the
board you can find answers to your technical questions in our Questions
and Answers Bulletin area, download product updates and new programs, and
much more.
In addition to Datawatch customer support, DataGate also has many DOS,
Windows and other utility files available for download. To download the
latest version of Virex for the PC, type the following at the Main Menu:
d VIRX??.ZIP <Enter>
Select your download protocol and the download process will begin.
Help is always available by typing: H <Enter> where ever you get
stuck and need assistance.
Your comments and suggestions on the service that this BBS provides
are always welcome, and we look forward to reading your suggestions.
You may leave us a message by typing
C <Enter>
at the Main Menu, outlining your ideas.
CONTACT INFORMATION: <===> AFTER NOVEMBER 1, 1993:
Datawatch Corporation Datawatch Corporation
Triangle Software Division Triangle Software Division
P.O. Box 51489 <===> P.O. Box 13984
Durham, NC, 27717 <===> Research Triangle Park, NC 27709-3984
Telephone: (919)490-1277 <===> (919) 549-0711
Fax: (919)490-6672 <===> (919) 549-0065
DataGate: (919)419-1602 <===> (919) 549-0042
You can contact Datawatch on the following services:
AppleLink DATAWATCH
CompuServe 73407, 1751
America Online VIREX
Genie DATAWATCH
INTERNET vpctech@datawatch.com
Please indicate a daytime telephone number where you can be
reached. For technical assistance, or if you find a new virus, please
contact us. Technical support requires a valid registration number.
VPCSHELL:
VPCShell is a menu driven interface for VPCSCAN, that allows VPCSCAN to be run
from pull down menus. It can be easily accessed from Windows by clicking on
its icon. VPCSHELL must be on the same drive as VPCSCAN. VPCSHELL can be
run from the original 3.5 diskette. See VPCSHELL.DOC file for more detailed
information on VPCShell. Installation of VPCShell is optional and has a
separate install program, SINSTALL, to install it for DOS and/or Windows use.
OTHER FEATURES:
VPCSCAN additional command line options:
-E this switch will direct VPCSCAN to return an errorlevel of 0 if and only
if the system was completely tested and no viruses were detected. Otherwise, a
non-zero error level will return. An error condition will return a non-zero
error level as well.
-T turns off the warning message that alerts you when your version of
VPCSCAN is more than 6 months old.
-!N turns off the virus warning messages that are sent to the Novell console
whenever a virus is found.
Novell Netware Features:
If you are using Virex.COM with a Novell Network, the network protection
files for each server volume should be flagged as Shareable/Read-Write.
WARNING! If Virex has been automatically loaded prior to Novell Netware
drivers, Virex may be disabled by the loading of those drivers. Reloading
Virex with the -R command line switch after Netware drivers are in place
will insure that Virex is resident and providing proper protection.
If you are attached to a Novell network, run VPCScan locally, and discover a
virus on your local computer, VPCScan will notify both you and the Novell
Netware Console. If you wish to run VPCScan without this feature, use the
"-!N" switch from the command line (e.g. "VPCSCAN -!N")
If you are running Netware 2.x, VPCScan will display the message on the
console screen and write an entry to the file, LOG$MSG.LOG, a netware log
file.
If you are running Netware 3.x or 4.x, VPCScan will only display the "virus
found" message to the console screen. No perminant log of these alerts will be
kept on the server itself.
Virex.COM can be "loaded hi" into high RAM with DOS's loadhigh and memory
managers like QEMM's loadhi program. Virex.COM may not be able to do a memory
scan if "loaded hi" depending on your system configuration, but will otherwise
function properly.
VPCSCAN utilizes an internal consistency check, and refuses to run if
modified.
If you are using the Intel SatisFAXtion board/Connection Co-processor with
VIREX.COM, the CASMGR.EXE program must be configured to not use EMS memory.
THE EXTERNAL VIRUS SIGNATURE FILE:
The external virus signature file is a feature meant only for expert users.
It allows new viruses to be detected, by means of their signatures, without
having to wait for a new release of Virex for the PC. You should be careful;
if you use the external signature file and add a virus signature that we are
already using within our internal virus signature database, Virex will inform
you that it has found a virus in memory. You should contact Datawatch before
using this feature.
The format of the external virus signature file, which must be on
your C: drive, must be in a directory called "\VIREX" and must be called
"VIREX.VIR", is as follows:
<virus-type><space><virus-name><space><ascii-signature-representation>
The <virus-type> indicates whether the virus signature following is for
a "Program" virus or a "Boot" virus. Use 'P' for program viruses and 'B'
for boot sector viruses. You can also use a '#' as a comment line
indicator, if you wish; such lines will be ignored.
The <virus-name> is the name of the virus. It may not contain any spaces or
other whitespace. You might want to use underscores or hyphens instead of
spaces.
The <ascii-signature-representation> is the translation of the hex
signature string into an ASCII form. Each byte is represented by a zero-
filled, right-justified two place sequence: the proper representation of
a hex "0xf" would be "0f"; to represent "0xff", use "ff".
For example, if a new virus called NewVirus, a program type virus, were
to have a signature string of "1 2 3 4 5 6 7 8 9 a b c d e f", its entry
in the external signature file (C:\VIREX\VIREX.VIR) would be:
#A comment line for the NewVirus external signature file example
P NewVirus 0102030405060708090a0b0c0d0e0f
Optionally, you could include both a checksum of these bytes and a "nasty"
indicator. A nasty indicator tells VPCSCAN that the virus signature refers
to a virus that can infect a clean file simply by VPCSCAN examining that
clean file: if such a virus is found in memory, VPCSCAN will not scan further,
and you should reboot with a clean, write-protected DOS floppy before
scanning again. The nasty indicator is simply an exclamation point, "!".
The checksum is a two-byte long unsigned checksum of the signature bytes.
You can use a program such as Sidekick in its hex calculator mode to
determine what this checksum should be. If you choose to use the checksum,
and/or the nasty indicator, they should be placed following the hex signature,
using a <space> between the signature and the checksum/nasty pair. The order
of the checksum/nasty pair is unimportant.
For example:
# Example ZeroCheckSum Virus, nasty, program virus
P ZeroCheckSum 00000000000000000000 0000!
# Alternate example ZeroCheckSum Virus, nasty, program virus
P ZeroCheckSum 00000000000000000000 !0000
# NonNastyZero, program virus
P NonNastyZero 00000000000000000000 0000
# NastyVirus, no checksum, boot sector virus
B NastyVirus 1234567890aabbccdd !
# NastyVirus, checksum, boot sector virus
B NastyVirus 1234567890aabbccdd 04b2!
Please be sure not to use these examples; you might end up with a false
positive!