Page 1 Dr Solomon’s Anti-Virus Administrator’s Guide Version 8.5...
Page 2 1. License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of this Agreement, McAfee hereby grants to you a non-exclusive, non-transferable right to use one copy of the specified version of the Software and the accompanying documentation (the "Documentation").
Page 3 4. Ownership Rights. The Software is protected by United States copyright laws and international treaty provisions. McAfee and its suppliers own and retain all right, title and interest in and to the Software, including all copyrights, patents, trade secret rights, trademarks and other intellectual property rights therein.
Page 4 Agreement. 6. Warranty and Disclaimer a. Limited Warranty. McAfee warrants that for sixty (60) days from the date of original purchase the media (e.g., diskettes) on which the Software is contained will be free from defects in materials and workmanship.
Page 5 WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR FOR ANY AND ALL OTHER DAMAGES OR LOSSES. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE LIST PRICE MCAFEE CHARGES FOR A LICENSE TO THE SOFTWARE, EVEN IF MCAFEE SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Page 6 12. McAfee Customer Contact. If you have any questions concerning these terms and conditions, or if you would like to contact McAfee for any other reason, please call (408) 988-3832, fax (408) 970-9727, or write: McAfee Software, 3965 Freedom Circle, Santa Clara, California 95054.
Page 7: Table Of Contents
Table of Contents Preface ........... . . xi Anti-virus protection as information security .
Page 8 Table of Contents Installing Dr Solomon’s Anti-Virus software using command-line options Using Management Edition software ......72 Using ePolicy Orchestrator to deploy Dr Solomon’s Anti-Virus software Installing via System Management Server .
Page 9 Table of Contents Configuring the AutoUpdate Utility ....... . .118 Understanding the AutoUpgrade utility .
Page 10 Table of Contents SecureCast service .........197 BackWeb client .
Page 11: Preface
Preface Anti-virus protection as information security “The world changed [on March 26, 1999]—does anyone doubt that? The world is different. Melissa proved that ... and we are very fortunate ... the world could have gone very close to meltdown.” —Padgett Peterson, Chief Info Security Architect, Lockheed Martin Corporation, on the 1999 “Melissa”...
Page 12 Preface • W32/Ska, though technically a worm, replaced the infected computer’s WinSock file so that it could attach itself to outgoing Simple Mail Transfer Protocol (SMTP) messages and postings to USENET news groups. This strategy made it commonplace in many areas. •...
Page 13 Preface A rash of Melissa variants and copycats appeared soon after. Some, such as W97M/Prilissa, included destructive payloads. Later the same year, a number of new viruses and worms either demonstrated novel or unexpected ways to get into networks and compromise information security, or actually perpetuated attacks.
Page 14: Information Security As A Business Necessity
Preface Information security as a business necessity Coincidentally or not, these darkly inventive new virus attacks and speedy propagation methods appeared as more businesses made the transition to Internet-based information systems and electronic commerce operations. The convenience and efficiency that the Internet brought to business saved money and increased profits.
Page 15: Active Virus Defense Security Perimeters
Preface Active Virus Defense security perimeters The Dr Solomon’s Active Virus Defense product suite exists for one simple reason: there is no such thing as too much anti-virus protection for the modern, automated enterprise. Although at first glance it might seem needlessly redundant to protect all of your desktop computers, file and network servers, gateways, e-mail servers and firewalls, each of these network nodes serves a different function in your network, and has different duties.
Page 16 Preface • System memory, boot sectors, and master boot records. You can configure regularly scheduled scan operations that examine these favorite virus hideouts, or set up periodic operations whenever a threat seems likely. • Microsoft Exchange mailboxes. Dr Solomon’s Anti-Virus includes a specialized E-Mail Scan extension that assumes your network user’s Microsoft Exchange or Outlook identity to scan his or her mailbox directly—before viruses get downloaded to the local workstation.
Page 17: Dr Solomon's Anti-Virus Research
Preface • Integration with Dr Solomon’s ePolicy Orchestrator management software. Centralized anti-virus management takes a quantum leap forward with this highly scalable management tool. Dr Solomon’s Anti-Virus ships with a plug-in library file that works with the ePolicy Orchestrator server to enforce enterprise-wide network security policies.
Page 18: How To Contact Network Associates
• Magic Solutions. This division supplies the Total Service desk product line and related products • McAfee and Dr Solomon’s Software. These divisions provide the Active Virus Defense product suite and related anti-virus software solutions to corporate and retail customers.
Page 19: Technical Support
Internet techsupport@mcafee.com CompuServe GO NAI America Online keyword MCAFEE If the automated services do not have the answers you need, contact Network Associates at one of the following numbers Monday through Friday between 8:00 . and 8:00 . Central time to find out about Network Associates technical support plans.
Page 20: Download Support
Preface To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please include this information in your correspondence: • Product name and version number • Computer brand and model •...
Page 21 Preface Because Dr Solomon’s researchers are committed to providing you with effective and up-to-date tools you can use to protect your system, please tell them about any new Java classes, ActiveX controls, dangerous websites, or viruses that your software does not now detect. Note that Dr Solomon’s Software reserves the right to use any information you supply as it deems appropriate, without incurring any obligations whatsoever.
Page 22: International Contact Information
Preface International contact information To contact Network Associates outside the United States, use the addresses, phone numbers and fax numbers below. Network Associates Network Associates Australia Austria Level 1, 500 Pacific Highway Pulvermuehlstrasse 17 St. Leonards, NSW Linz, Austria Sydney, Australia 2065 Postal Code A-4040 Phone: 61-2-8425-4200 Phone: 43-732-757-244...
Page 23 Preface Network Associates Network Associates France S.A. Deutschland GmbH 50 Rue de Londres Ohmstraße 1 75008 Paris D-85716 Unterschleißheim France Deutschland Phone: 33 1 44 908 737 Phone: 49 (0)89/3707-0 Fax: 33 1 45 227 554 Fax: 49 (0)89/3707-1199 Network Associates Hong Kong Network Associates Srl 19th Floor, Matheson Centre Centro Direzionale Summit...
Page 24 Preface Network Associates Net Tools Network Associates Portugal South Africa Av. da Liberdade, 114 Bardev House, St. Andrews 1269-046 Lisboa Meadowbrook Lane Portugal Epson Downs, P.O. Box 7062 Phone: 351 1 340 4543 Bryanston, Johannesburg Fax: 351 1 340 4575 South Africa 2021 Phone: 27 11 706-1629 Fax:...
Page 25: Chapter 1. About Dr Solomon's Anti-Virus
About Dr Solomon’s Anti-Virus Introducing Dr Solomon’s Anti-Virus Eighty percent of the Fortune 100—and more than 50 million users worldwide—choose Dr Solomon’s Anti-Virus to protect their computers from the staggering range of viruses and other malicious agents that has emerged in the last decade to invade corporate networks and cause havoc for business users.
Page 26 About Dr Solomon’s Anti-Virus The new release also adds multiplatform support for Windows 95, Windows 98, Windows NT Workstation v4.0, and Windows 2000 Professional, all in a single package with a single installer, but optimized to take advantage of the benefits each platform offers.
Page 27: How Does Dr Solomon's Anti-Virus Work
Fast, accurate virus detection The foundation for that combination is the unique development environment that McAfee and Dr Solomon researchers constructed for the engine. That environment includes Virtran, a specialized programming language with a structure and “vocabulary” optimized for the particular requirements that virus detection and removal impose.
Page 28 About Dr Solomon’s Anti-Virus Encrypted polymorphic virus detection Along with generic virus variant detection, the scan engine now incorporates a generic decryption engine, a set of routines that enables Dr Solomon’s Anti-Virus to track viruses that try to conceal themselves by encrypting and mutating their code signatures.
Page 29: What Comes With Dr Solomon's Anti-Virus
About Dr Solomon’s Anti-Virus Wide-spectrum coverage As malicious agents have evolved to take advantage of the instant communication and pervasive reach of the Internet, so Dr Solomon’s Anti-Virus has evolved to counter the threats they present. A computer “virus” once meant a specific type of agent—one designed to replicate on its own and cause a limited type of havoc on the unlucky recipient’s computer.
Page 30 About Dr Solomon’s Anti-Virus • The Dr Solomon’s Anti-Virus application. This component gives you unmatched control over your scanning operations. You can configure and start a scan operation at any time—a feature known as “on-demand” scanning— specify local and network disks as scan targets, tell the application how to respond to any infections it finds, and see reports on its actions.
Page 31 About Dr Solomon’s Anti-Virus • A cc:Mail scanner. This component includes technology optimized for scanning Lotus cc:Mail mailboxes that do not use the MAPI standard. Install and use this component if your workgroup or network uses cc:Mail v7.x or earlier. •...
Page 32 About Dr Solomon’s Anti-Virus – BOOTSCAN.EXE, a smaller, specialized scanner for use primarily with the Emergency Disk utility. This scanner ordinarily runs from a floppy disk you create to provide you with a virus-free boot environment. When you run the Emergency Disk creation wizard, Dr Solomon’s Anti-Virus copies BOOTSCAN.EXE, and a specialized set of .DAT files to a single floppy disk.
Page 33: What's New In This Release
About Dr Solomon’s Anti-Virus – An administrator’s guide saved on the Dr Solomon’s Anti-Virus CD-ROM or installed on your hard disk in Adobe Acrobat .PDF format. You can also download it as VSC45WAG.PDF from Network Associates website or from other electronic services. The Dr Solomon’s Anti-Virus Administrator’s Guide describes in detail how to manage and configure Dr Solomon’s Anti-Virus from a local or remote desktop.
Page 34 About Dr Solomon’s Anti-Virus The next sections discuss other changes that this Dr Solomon’s Anti-Virus release introduces. Installation and distribution features Dr Solomon’s anti-virus products, including Dr Solomon’s Anti-Virus, now use the Microsoft Windows Installer (MSI), which comes with all Windows 2000 Professional systems.
Page 35 About Dr Solomon’s Anti-Virus • New WinGuard system tray icon states tell you more about which WinGuard modules are active. These states are: – All WinGuard modules are active – The System Scan module is active, but one or more of the other WinGuard modules is inactive –...
Page 36 About Dr Solomon’s Anti-Virus Incremental .DAT files are small packages of virus definition files that collect data from a certain range of .DAT file releases. The latest versions of the AutoUpdate and AutoUpgrade utilities come with transparent support for the new updates, downloading and installing only those virus definitions you don’t already have installed on your system.
Page 37: Chapter 2. Installing Dr Solomon's Anti-Virus
Installing Dr Solomon’s Anti-Virus Before you begin During Setup, you can choose to install Dr Solomon’s Anti-Virus software either on your local computer, or on other computers elsewhere on the network. The first option copies Dr Solomon’s Anti-Virus program files to your computer’s hard disk.
Page 38: Installing Dr Solomon's Anti-Virus Software On A Local Computer
Installing Dr Solomon’s Anti-Virus Installing Dr Solomon’s Anti-Virus software on a local computer Note which type of Dr Solomon’s Anti-Virus software distribution you have, then follow the corresponding steps to prepare your files for installation. • If you downloaded your copy of Dr Solomon’s Anti-Virus software from the Network Associates website, from a server on your local network, or from another electronic service, make a new, temporary folder on your hard disk, then use WinZip, PKZIP, or a similar utility to extract the Dr...
Page 39 Installing Dr Solomon’s Anti-Virus To install Dr Solomon’s Anti-Virus software, follow these steps: 1. If your computer runs Windows NT Workstation v4.0 or Windows 2000 Professional, log on to your system as Administrator. You must have administrative rights to install Dr Solomon’s Anti-Virus software on your system.
Page 40 Installing Dr Solomon’s Anti-Virus If you have a previous Dr Solomon’s Anti-Virus version on your system, Setup will find it immediately. It will then remove the previous version, but will temporarily preserve the configuration options you set for that version if your system is running Windows 95 or Windows 98. A later step (see Step 7 on page 42) will allow you to transfer those options to the...
Page 41 Installing Dr Solomon’s Anti-Virus Figure 2-3. Setup welcome panel 5. This first panel tells you where to locate the README.TXT file, which describes product features, lists any known issues, and includes the latest available product information for this Dr Solomon’s Anti-Virus version. When you have read the text, click Next>...
Page 42 Installing Dr Solomon’s Anti-Virus NOTE: If your computer runs Windows NT Workstation v4.0 or Windows 2000 Professional, Setup will remove the previous Dr Solomon’s Anti-Virus version in Step 4 on page 39, but will not preserve any previous WinGuard scanner settings. Figure 2-4.
Page 43 Installing Dr Solomon’s Anti-Virus Figure 2-5. Incompatible software panel 8. Select the checkbox shown, then click Next>. Setup will start the uninstallation utility that the conflicting software normally uses, and allow it to remove the software. The uninstallation utility might tell you that you need to restart your computer to completely remove the other software.
Page 44 Installing Dr Solomon’s Anti-Virus Either option you choose here will install the same Dr Solomon’s Anti-Virus version, with the same configuration options, and with the same scheduled tasks for all system users. Figure 2-6. Security Type panel 9. Select the security mode you prefer. Your choices are: •...
Page 45 Installing Dr Solomon’s Anti-Virus Figure 2-7. Setup Type panel 10. Choose the Setup Type you prefer. Your choices are: • Typical Installation. This option installs a basic component set that includes: – the Dr Solomon’s Anti-Virus application, and application extensions that allow you to right-click any object on your hard disk to start a scan operation –...
Page 46 Installing Dr Solomon’s Anti-Virus To learn more about what each component does, see “What comes with Dr Solomon’s Anti-Virus?” on page 33 of the Dr Solomon’s Anti-Virus User’s Guide. 11. Choose the option you prefer, then click Next> to continue. If you chose Custom Setup, you’ll see the panel shown in Figure 2-8.
Page 47 Installing Dr Solomon’s Anti-Virus You can also specify a different disk and destination directory for the installation. Click Change, then locate the drive or directory you want to use in the dialog box that appears. To see a summary of Dr Solomon’s Anti-Virus disk usage requirements relative to your available hard disk space, click Disk Usage.
Page 48 Installing Dr Solomon’s Anti-Virus Figure 2-10. Completing Setup panel 15. At this point, you can: • Finish your installation. Leave the Scan Memory for Viruses before Configuring checkbox clear, then click Skip Config to finish your installation. Setup will ask if you want to start the WinGuard scanner and the Dr Solomon’s Anti-Virus Console immediately.
Page 49 Installing Dr Solomon’s Anti-Virus Setup will start the Dr Solomon’s Anti-Virus application to examine your system memory for viruses before it continues. If it finds an infection, it will alert you and give you a chance to respond to the virus. To learn about your options, see Chapter 3, “Removing Infections From Your System.”...
Page 50 Installing Dr Solomon’s Anti-Virus • Create Emergency Disk. This option is active by default. It tells Setup to depart from its normal sequence to start the Emergency Disk creation utility. The creation utility formats and copies a scanner and support files onto a bootable floppy disk you can use to start your system in a virus-free environment.
Page 51 Installing Dr Solomon’s Anti-Virus Figure 2-12. Update Virus Definition Files panel 18. Choose the update option you prefer. You can: • Run AutoUpdate Now. This option uses default AutoUpdate configuration options to connect directly to the Network Associates website and download the latest incremental .DAT file updates. Select this option if your company has not designated a location on your network as an update site, and if you do not need to configure proxy server or firewall settings.
Page 52 Installing Dr Solomon’s Anti-Virus If you chose to run an AutoUpdate operation immediately, the utility will connect to the Network Associates website to download new incremental .DAT files. After it finishes, the Setup sequence will resume. If you chose to configure the AutoUpdate utility, the Automatic Update dialog box will appear.
Page 53: Using The Emergency Disk Creation Utility
Installing Dr Solomon’s Anti-Virus Using the Emergency Disk Creation utility If you choose to create an Emergency Disk during installation, Setup will start the Emergency Disk wizard in the middle of the Dr Solomon’s Anti-Virus software installation, then will return to the Setup sequence when it finishes. To learn how to create an Emergency Disk, begin with Step 1 on page 54.
Page 54 Installing Dr Solomon’s Anti-Virus To start the wizard, click Start in the Windows taskbar, point to Programs, then to Network Associates. Next, choose Create Emergency Disk. The Emergency Disk wizard welcome panel will appear (Figure 2-14). Figure 2-14. Emergency Disk welcome panel 1.
Page 55 Installing Dr Solomon’s Anti-Virus 2. If the wizard offers you a choice, choose which operating system files you want to use, then click Next> to continue. Depending on which operating system you choose, the wizard displays a different panel next. Figure 2-16.
Page 56 Installing Dr Solomon’s Anti-Virus Figure 2-17. Third Emergency Disk panel Your choices are: • If you have a virus-free, formatted floppy disk that contains only DOS or Windows system files, insert it into your floppy drive. Next, select the Don’t Format checkbox, then click Next> to continue. This tells the Emergency Disk wizard to copy only the Dr Solomon’s Anti-Virus software Command Line component the emergency .DAT files, and support files to the floppy disk.
Page 57 Installing Dr Solomon’s Anti-Virus Figure 2-18. Windows Format dialog box d. Verify that the Full checkbox in the Format Type area and the Copy system files checkbox in the Other Options area are both selected. Next, click Start. Windows will format your floppy disk and copy the system files necessary to start your computer.
Page 58: Determining When You Must Restart Your Computer
Installing Dr Solomon’s Anti-Virus If Dr Solomon’s Anti-Virus software does not detect any viruses during its scan operation, Setup will immediately copy BOOTSCAN.EXE and its support files to the floppy disk you created. If Dr Solomon’s Anti-Virus software does detect a virus, quit Setup immediately. See “If you suspect you have a virus...”...
Page 59: Testing Your Installation
Installing Dr Solomon’s Anti-Virus Table 2-1. Circumstances that require you to restart your system Windows 95 and Windows NT and Circumstance Windows 98 Windows 2000 Installation on computer with no No restart required, Restart required previous Dr Solomon’s unless you have Anti-Virus version and no Novell Client32 for incompatible software...
Page 60 Installing Dr Solomon’s Anti-Virus X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS- TEST-FILE!$H+H* NOTE: The line shown above should appear as one line in your text editor window, so be sure to maximize your text editor window and delete any carriage returns. Also, be sure to type the letter O, not the number 0, in the “X5O...”...
Page 61: Modifying Or Removing Your Local Dr Solomon's Anti-Virus Installation
Installing Dr Solomon’s Anti-Virus Modifying or removing your local Dr Solomon’s Anti-Virus installation The Microsoft Windows Installer version that Dr Solomon’s Anti-Virus software uses also includes a standard method to modify or remove a Dr Solomon’s Anti-Virus installation from the local workstation. To modify, or remove Dr Solomon’s Anti-Virus software, follow these steps: 1.
Page 62 Installing Dr Solomon’s Anti-Virus Figure 2-22. Program Maintenance panel 5. Choose whether to modify Dr Solomon’s Anti-Virus components or to remove Dr Solomon’s Anti-Virus software from your system completely. Your choices are: • Modify. Select this option to add or remove individual Dr Solomon’s Anti-Virus components.
Page 63: Installing Dr Solomon's Anti-Virus Software On Other Computers
Installing Dr Solomon’s Anti-Virus Figure 2-23. Remove the Program panel 6. Click Remove. Setup will display progress information as it deletes Dr Solomon’s Anti-Virus software from your system. When it has finished, click Finish to close the wizard panel. Installing Dr Solomon’s Anti-Virus software on other computers The next sections describe how to install Dr Solomon’s Anti-Virus software over your network, to many workstations at once, and with various custom...
Page 64: Installing Dr Solomon's Anti-Virus Software Using Command-Line Options
Installing Dr Solomon’s Anti-Virus NOTE: The Dr Solomon’s Anti-Virus package contains two versions of the Microsoft installer (MSI): one for Windows 95 and Windows 98, and one for Windows NT Workstation v4.0 and Windows 2000 Professional. You can remove these files from the package if your computers already have the installer.
Page 65 Installing Dr Solomon’s Anti-Virus Each property consists of a name, which must appear all in capitals, an = sign, and one or more values, each separated by commas. Most property values must appear in all capitals, too, but some—such as True and False, must appear in capitals and lower case.
Page 66 Installing Dr Solomon’s Anti-Virus Silent installation Use command-line options to set up Dr Solomon’s Anti-Virus software on each network node with little or no interaction from end users. During a silent installation, Setup does not display any of its usual wizard panels or windows, or offer the end user any configuration options.
Page 67 Installing Dr Solomon’s Anti-Virus Other semi-silent installation methods are: shows a small progress bar during installation, with a cancel button shows a success/failure installation complete dialog box /qb+ shows both the progress and completed dialog boxes shows the full progress bar screen from the regular installation Logging the installation To record installation progress in a log file, add this option and parameter to...
Page 68 Installing Dr Solomon’s Anti-Virus Installing to a custom directory To install Dr Solomon’s Anti-Virus software to a custom directory, add the INSTALLDIR property to the command line, then follow the property with a value for the directory you want to use. To install Dr Solomon’s Anti-Virus software to C:\My Anti-Virus Software, for example, type this line at the command prompt: setup INSTALLDIR= “c:\My Anti-Virus Software”...
Page 69 Installing Dr Solomon’s Anti-Virus Component Name Description Scheduler The Dr Solomon’s Anti-Virus Console McUpdate The AutoUpdate and AutoUpgrade utilities ShellExtentions Extensions that add right-click functionality that enables you to scan individual files ScreenScan The ScreenScan utility SendVirus An applet that allows you to send virus samples to AVERT Labs for analysis To use these component names in a command line, specify the destination and the component name, exactly as it appears in the table.
Page 70 Installing Dr Solomon’s Anti-Virus Setting reboot options You can force or prevent the target computer from restarting during the installation. To do this, add the REBOOT property to the command line. REBOOT=F forces the restart, while REBOOT=R prevents the restart. If you must first install the Windows Installer service on a target computer, Setup will require you to restart whether you force or prevent a restart for other reasons.
Page 71 Installing Dr Solomon’s Anti-Virus Scanning your system at startup By default, Setup adds a line to the AUTOEXEC.BAT file for Windows 95 and Windows 98 systems that tells the Dr Solomon’s Anti-Virus application to scan the master boot record (MBR) when your computer starts. To prevent Setup from doing so—during a silent installation, for example—add the property SCANATSTARTUP to the command line with the value False: setup SCANATSTARTUP=False...
Page 72: Using Management Edition Software
Installing Dr Solomon’s Anti-Virus Because Windows 95 and Windows 98 execute the login script at the same time they act on the contents of the RunOnce key, however, they will try to run another instance of Setup while, at the same time, they try to resume the previous Setup you started.
Page 73: Using Epolicy Orchestrator To Deploy Dr Solomon's Anti-Virus Software
Installing Dr Solomon’s Anti-Virus 3. Click Product. 4. Insert the Dr Solomon’s Anti-Virus CD into your CD-ROM drive. The Management Edition software copies Dr Solomon’s Anti-Virus files into the Repository. Once it does so, the components you installed appear in the Repository list. 5.
Page 74: Installing Via System Management Server
Installing Dr Solomon’s Anti-Virus With the ePolicy Orchestrator server, console, and agent you can manage a single database and software repository from any location on your company’s network. Once you have installed the ePolicy Orchestrator server and console, and have loaded Dr Solomon’s Anti-Virus software is loaded into the repository, you can use the console to push the agent onto the client machines.
Page 75: Installing Via Zenworks
Installing Dr Solomon’s Anti-Virus 2. Choose Open from the Software Distribution option, then choose Custom Package. The Create Custom Package configuration pages appear. 3. Click the General tab, then follow these substeps: a. Enter a name for the package that you are about to create. b.
Page 76 Installing Dr Solomon’s Anti-Virus The MSI_INST.EXE utility runs from the command line with this syntax: msi_inst.exe /option [value] Table 2-1 on page 59 lists the options you can use with the utility. To learn how to use the .INI file you create with MSI_INST.EXE to customize your installation, see the documentation for the Custom Installation Creator.
Page 77 Installing Dr Solomon’s Anti-Virus Table 2-1. MSI_INST.EXE command-line switches Option Purpose Usage Export nothing [generally unused] 0x00000000h Export System Scan 0x00000001h Export E-Mail Scan 0x00000002h Export Internet Scan 0x00000004h Export AvConsol.exe settings 0x00000008h Export Scheduled Tasks 0x00000010h Export Default On-Demand Scan 0x00000020h Export All (default) 0x00000800h...
Page 78 Installing Dr Solomon’s Anti-Virus Table 2-1. MSI_INST.EXE command-line switches Option Purpose Usage PREVIOUS Preserves the settings from /PREVIOUS <path and filename> previous WinGuard scanner settings. This option tells MSI_INST.EXE to read settings from a previous .INI file and set new installation settings appropriately.
Page 79: Chapter 3. Removing Infections
Removing Infections From Your System If you suspect you have a virus... First of all, don’t panic! Although far from harmless, most viruses that infect your machine will not destroy data, play pranks, or render your computer unusable. Even the comparatively rare viruses that do carry a destructive payload usually produce their nasty effects in response to a trigger event.
Page 80 Removing Infections From Your System If Dr Solomon’s Anti-Virus found an infection during installation, follow these steps carefully: 1. Quit Setup immediately, then shut down your computer. Be sure to turn the power to your system off completely. Do not press CTRL+ALT+DEL or reset your computer to restart your system—some viruses can remain intact during this type of “warm”...
Page 81 Removing Infections From Your System BOOTSCAN.EXE, the command-line scanner that comes with the Emergency Disk, will make four scanning passes to examine your hard disk boot sectors, your Master Boot Record (MBR), your system directories, program files, and other likely points of infection on all of your local computer's hard disks.
Page 82: Deciding When To Scan For Viruses
Removing Infections From Your System As your next step, locate and delete the infected file or files. You will need to restore any files that you delete from backup files. Be sure to check your backup files for infections also. Be sure also to use the Dr Solomon’s Anti-Virus application at your earliest opportunity to scan your system completely in order to ensure that your system is virus-free.
Page 83: Recognizing When You Don't Have A Virus
Removing Infections From Your System Recognizing when you don’t have a virus Personal computers have evolved, in their short life span, into highly complex machines that run ever-more-complicated software. Even the most farsighted of the early PC advocates could never have imagined the tasks for which workers, scientists and others have harnessed the modern PC’s speed, flexibility and power.
Page 84: Understanding False Detections
Removing Infections From Your System Understanding false detections A false detection occurs when Dr Solomon’s Anti-Virus sends a virus alert message or makes a log file entry that identifies a virus where none actually exists. You are more likely to see false detections if you have anti-virus software from more than one vendor installed on your computer, because some anti-virus software stores the code signatures it uses for detection unprotected in memory.
Page 85: Responding To Viruses Or Malicious Software
Removing Infections From Your System Responding to viruses or malicious software Because Dr Solomon’s Anti-Virus consists of several component programs, any one of which could be active at one time, your possible responses to a virus infection or to other malicious software will depend upon which program detected the harmful object, how you have that program configured to respond, and other circumstances.
Page 86 Removing Infections From Your System Figure 3-1. Initial System Scan response options If your computer runs Windows 95 or Windows 98, you can choose to display a different virus alert message. If you select BIOS in the Prompt Type area in the System Scan module Action page, you’ll see instead a full-screen warning that offers you response options (Figure...
Page 87 Removing Infections From Your System To take one of the actions shown in an alert message, click a button in the Access to File Was Denied dialog box, or type the letter highlighted in yellow when you see the full-screen warning. If you want the same response to apply to all infected files that the System Scan module finds during this scan operation, select the Apply to all items checkbox in the dialog box.
Page 88 Removing Infections From Your System Responding when the E-mail Scan module detects a virus This module looks for viruses in e-mail messages you receive via corporate e-mail systems such as cc:Mail and Microsoft Exchange. In its initial configuration, the module will prompt you to choose a response from among five options whenever it detects a virus (Figure 3-3).
Page 89 Removing Infections From Your System When you choose your action, the E-Mail Scan module will implement it immediately and add a notice to the top of the e-mail message that contained the infected attachment. The notice gives the file name of the infected attachment, identifies the name of the infecting virus, and describes the action that the module took in response.
Page 90 Removing Infections From Your System When you choose your action, the Download Scan module will implement it immediately and add a notice to the top of the e-mail message that contained the infected attachment. The notice gives the file name of the infected attachment, identifies the name of the infecting virus, and describes the action that the module took in response.
Page 91 Removing Infections From Your System Figure 3-6. Dr Solomon’s Anti-Virus response options To respond to the infection, click one of the buttons shown. You can tell the Dr Solomon’s Anti-Virus application to: • Continue. Click this button to proceed with the scan operation and have the application list each infected file in the lower portion of its main window (Figure...
Page 92 Removing Infections From Your System • Clean. Click this button to have the Dr Solomon’s Anti-Virus application try to remove the virus code from the infected file. If it cannot clean the file—either because it has no remover or because the virus has damaged the file beyond repair—it will record the incident in its log file and suggest alternative responses.
Page 93 Removing Infections From Your System Figure 3-8. E-Mail Scan response options To respond to the infection, click one of the buttons shown. You can tell the E-Mail Scan extension to: • Continue. Click this button to have the E-Mail Scan extension proceed with its scan operation, list each infected file it finds in the lower portion of its main window (Figure...
Page 94 Removing Infections From Your System Figure 3-9. E-Mail Scan extension window • Clean. Click this button to remove the virus code from the infected file. If the E-Mail Scan extension cannot clean the file—either because it has no remover or because the virus has damaged the file beyond repair—it will record the incident in its log file and suggest alternative responses.
Page 95 Removing Infections From Your System Figure 3-10. Network Associates Virus Information Library page The Virus Information Library has a collection of documents that give you a detailed overview of each virus that Dr Solomon’s Anti-Virus can detect or clean, along with information about how the virus infects and alters files, and the sorts of payloads it deploys.
Page 96 Removing Infections From Your System • Software tools you can use to extend or supplement your Dr Solomon’s anti-virus software • Contact addresses and other information for submitting questions, virus samples, and other data • Virus definition updates-this includes daily beta .DAT file updates, EXTRA.DAT files, updated Emergency .DAT files, current scan engine versions, regular weekly .DAT and SuperDAT updates, and new incremental virus definition files (.UPD)
Page 97: Submitting A Virus Sample
Removing Infections From Your System Submitting a virus sample If you have a suspicious file that you believe contains a virus, or experience a system condition that might result from an infection—but Dr Solomon’s Anti-Virus has not detected a virus—Dr Solomon’s Software recommends that you send a sample to its anti-virus research team for analysis.
Page 98 Removing Infections From Your System 4. Read the welcome message, then click Next> to continue. The Contact Information wizard panel appears. Figure 3-13. Your Contact Information panel 5. If you want AVERT researchers to contact you about your submission, enter your name, e-mail address, and any message you would like to send along with your submission in the text boxes provided, then click Next>...
Page 99 Removing Infections From Your System 6. Click Add to open a dialog box you can use to locate the files you believe are infected. Choose as many files as you want to submit for analysis. To remove any of the files shown in the submission list, select it, then click Remove. When you have chosen all of the files you want to submit, click Next>...
Page 100: Capturing Boot Sector, File-Infecting, And Macro Viruses
Removing Infections From Your System 7. Select the type of e-mail client application you have installed on your computer. Your choices are: • Use outgoing Internet mail. Click this button to send your sample via a Simple Mail Transfer Protocol e-mail client, such as Eudora, NetScape Mail, or Microsoft Outlook Express.
Page 101 Removing Infections From Your System 3. Type this line at the command prompt: format a: /s If your system hangs as it tries to format the disk, remove the disk from your floppy drive. Next, label the disk “Damaged during infected format as boot disk,”...
Page 102 Removing Infections From Your System • If you suspect that a macro virus has infected your PowerPoint files, copy the file BLANKPRESENTATION.POT from C:\Program Files\Microsoft Office\Templates to the disk. Making disk images To send the files now stored on any floppy disks you created, you can use a AVERT Labs tool called RWFLOPPY.EXE to make a floppy disk image that encapsulates the infection.
Page 103 Removing Infections From Your System 7. When prompted, retype your password to verify its accuracy, then click The Add With Password dialog box appears. 8. Select your sample files, then click OK. WinZip applies the password you entered to all files that you add to or extract from your archive.
Page 104 Removing Infections From Your System Mailing infected floppy disks You can also mail the actual disks you created directly to Dr Solomon’s anti-virus researchers. Dr Solomon’s Software recommends that you create a text file or write a message to accompany the disks that includes the same information you would submit with an electronic disk image.
Page 105: Chapter 4. Using Dr Solomon's Anti-Virus
Using Dr Solomon’s Anti-Virus Using the WinGuard scanner The WinGuard scanner protects your system in the background, as you work with your files, in order to prevent infection from viruses that arrive via floppy disks, from your network, embedded in file attachments that come with e-mail messages, or from your computer’s memory.
Page 106: Scheduling Scan Tasks
Using Dr Solomon’s Anti-Virus The Dr Solomon’s Anti-Virus application operates in two modes: the Dr Solomon’s Anti-Virus “Classic” interface gets you up and running quickly, with a minimum of configuration options, but with the full power of the Dr Solomon’s Anti-Virus anti-virus scanning engine; the Dr Solomon’s Anti-Virus Advanced mode adds flexibility to the program’s configuration options, including the ability to run more than one scan operation concurrently.
Page 107: Chapter 5. Sending Alert Messages
Sending Alert Messages Using the Alert Manager Client Configuration utility All McAfee anti-virus software includes wide range of methods to alert you when it has detected a virus or other malicious software. These methods include: • graphical and full-screen warnings that appear on your local computer, often with response options •...
Page 108: Dr Solomon's Anti-Virus As An Alert Manager Client
.ALR files, and distributing the alert messages from any it finds. NOTE: McAfee recommends that you send alert events directly to an Alert Manager server rather than via Centralized Alerting, unless your network configuration does not permit you to use Alert Manager servers.
Page 109 Alert Manager server or to your Desktop Management Interface (DMI) administrative software. By default, this checkbox is clear. McAfee recommends that you leave it clear so that the client sends alert messages out. NOTE: If you use McAfee ePolicy Orchestrator software in your network environment, Dr Solomon’s Anti-Virus will still send alert...
Page 110 Sending Alert Messages 3. Select the alerting method you want to use. Your choices are: • Enable Alert Manager alerting. Click this button to send alert events to an Alert Manager server somewhere on your network. Choosing this option prevents you from sending alert events to a Centralized Alerting directory.
Page 111 Sending Alert Messages When you've chosen a destination for your alert messages, click OK to close the dialog box. • Enable Centralized alerting. Click this button to have Dr Solomon’s Anti-Virus components send alert messages to a Centralized Alerting directory somewhere on your network. Choosing this option prevents you from sending alert events to an Alert Manager server.
Page 112 Sending Alert Messages • Additionally Enable DMI Alerts. Select this checkbox to supplement either of the other alerting methods. Next, click Configure to open the DMI Configuration dialog box, where you can enter the identifying number that your Desktop Management Interface (DMI) client application assigned to your Dr Solomon’s Anti-Virus when you installed it.
Page 113: Chapter 6. Updating And Upgrading Dr Solomon's Anti-Virus
Updating and Upgrading Dr Solomon’s Anti-Virus Developing an updating strategy Make no mistake about it: virus writers are electronic vandals who can destroy your data, cause system instability, and cost you time and money. The overwhelming majority of them are relatively inept programmers who rely on virus “kits,”...
Page 114: Update And Upgrade Methods
Updating and Upgrading Dr Solomon’s Anti-Virus legitimate files. The remaining parts of the Dr Solomon’s Anti-Virus package help to feed files to the engine for processing, integrate with various parts of your computer’s operating system to intercept files as they execute or as you work with them, and provide an interface you can use to configure various scan settings.
Page 115 Updating and Upgrading Dr Solomon’s Anti-Virus • SuperDAT scan engine and .DAT file updates. Dr Solomon’s Software releases a weekly SuperDAT package of current .DAT file updates and the current Olympus scan engine, together with a Setup feature that makes updating and upgrading a snap.
Page 116: Understanding The Autoupdate Utility
Updating and Upgrading Dr Solomon’s Anti-Virus Dr Solomon’s anti-virus software anticipates exactly this situation. It allows you to take advantage of capabilities built into the Dr Solomon’s scan engine to deploy a small, supplemental virus definition file in between .DAT file releases. This small EXTRA.DAT file holds the absolutely latest available virus signature data for viruses that AVERT researchers have identified as high-risk contaminants.
Page 117 Updating and Upgrading Dr Solomon’s Anti-Virus By default, the AutoUpdate task included with Dr Solomon’s Anti-Virus Console comes configured to download the most recent .DAT file updates directly from the Network Associates FTP site. This configuration can make administration simple and straightforward for small networks or individual Dr Solomon’s Anti-Virus installations.
Page 118: Configuring The Autoupdate Utility
Updating and Upgrading Dr Solomon’s Anti-Virus Configuring the AutoUpdate Utility To configure the AutoUpdate utility so that it runs properly as a task within the Dr Solomon’s Anti-Virus console, you must tell it: • which update sites have the new files you want to download •...
Page 119 Updating and Upgrading Dr Solomon’s Anti-Virus Figure 6-1. Automatic Update dialog box - Update Sites page Here, the AutoUpdate utility lists the sites from which it will download new .DAT files. It also reports each site's current status as Enabled or Disabled.
Page 120 Updating and Upgrading Dr Solomon’s Anti-Virus Figure 6-2. Automatic Update Properties dialog box - Update Options page • Change definitions for an existing update site. Select a site shown in the update site list, then click Edit to open the Automatic Update Properties dialog box (Figure 6-2).
Page 121 Updating and Upgrading Dr Solomon’s Anti-Virus If you have the Force Update option selected, AutoUpdate will download any .DAT files it finds on the first site to which it can connect successfully. See “Configuring advanced update options” on page 124 for more details.
Page 122 Updating and Upgrading Dr Solomon’s Anti-Virus To see the contents of the log file from Dr Solomon’s Anti-Virus Console, select the AutoUpdate task in the task list, then choose View Activity Log from the Task menu. 7. Click OK to save your changes and close the Automatic Update dialog box.
Page 123 Updating and Upgrading Dr Solomon’s Anti-Virus The AutoUpdate utility will make a maximum of three connection attempts for the site during each scheduled update operation. When it does connect and download the new .DAT file package, the utility also extracts the files and installs them into the correct directory. 3.
Page 124 Updating and Upgrading Dr Solomon’s Anti-Virus The AutoUpdate utility uses its own FTP implementation to connect to the server, but the timeout period for the connection attempt will depend on your existing network protocol settings. To use a different FTP site, enter the URL for the site you want to use in the text box labeled Enter an FTP Computer Name and Directory.
Page 125 Updating and Upgrading Dr Solomon’s Anti-Virus Figure 6-5. Automatic Update Properties dialog box - Advanced Update Options page Next, follow these steps: 1. Tell the AutoUpdate utility what you want it to do before or as it performs an update. Your options are: •...
Page 126 Updating and Upgrading Dr Solomon’s Anti-Virus You might want to use this option if you download new .DAT files to a central server on your network and want individual client computers to download, extract and install the new files locally. •...
Page 127: Understanding The Autoupgrade Utility
Updating and Upgrading Dr Solomon’s Anti-Virus By contrast, the Retrieve the Update file but do not perform the update option saves the unextracted file, but does not install the new .DAT files. To tell the AutoUpdate utility where to save the .DAT file package, enter a path and folder name in the text box below this checkbox, or click Browse to locate a suitable folder.
Page 128: Configuring The Autoupgrade Utility
Updating and Upgrading Dr Solomon’s Anti-Virus By default, the AutoUpgrade task included with Dr Solomon’s Anti-Virus Console does not come configured with any default upgrade site. Instead, Dr Solomon’s Software recommends that you use other mechanisms, such as the Enterprise SecureCast service, to receive new SuperDAT or program files, then place those files on a central server within your network.
Page 129 Updating and Upgrading Dr Solomon’s Anti-Virus • whether you want it to reboot your system after an upgrade • whether you want it to keep track of its actions in a log file Property pages in the Automatic Upgrade Properties dialog box control the options for your upgrade task.
Page 130 Updating and Upgrading Dr Solomon’s Anti-Virus Figure 6-7. Automatic Upgrade dialog box - Upgrade Sites page Here, the AutoUpgrade utility lists the sites from which it will download new Dr Solomon’s Anti-Virus program files. It also reports each site’s current status as Enabled or Disabled. A site is enabled if you have selected the Enabled checkbox in the Automatic Upgrade Properties dialog box.
Page 131 Updating and Upgrading Dr Solomon’s Anti-Virus 3. From this dialog box, you can: • Add a new site. Click Add to open the Automatic Upgrade Properties dialog box (Figure 6-2 on page 120). To learn how to specify options for your new site, see “Configuring upgrade options”...
Page 132 Updating and Upgrading Dr Solomon’s Anti-Virus To use this function, you must have configured enough of the necessary options for the AutoUpgrade utility to locate the listed site and, if necessary, log on to it. See “Configuring upgrade options” on page 133 to learn how to specify the options you need.
Page 133 Updating and Upgrading Dr Solomon’s Anti-Virus If you clear this checkbox, the log file can grow until disk space or file system limitations stop it. When the file reaches the maximum size you set, the AutoUpgrade utility first clears it, then starts the log again from where it left off.
Page 134 Updating and Upgrading Dr Solomon’s Anti-Virus 2. Select the Enabled checkbox to approve this site for the AutoUpgrade utility’s use. Clearing this checkbox preserves the options you’ve chosen, but causes the utility to skip this site when it tries to download new .DAT files. The AutoUpgrade utility will make a maximum of three connection attempts for the site during each scheduled update operation.
Page 135 Updating and Upgrading Dr Solomon’s Anti-Virus To use a custom account, clear the Use Logged In Account checkbox, then click UNC login information to enter a user name and password for an account that has access rights to the target server.
Page 136 Updating and Upgrading Dr Solomon’s Anti-Virus Figure 6-11. Automatic Update Properties dialog box - Advanced Update Options page Next, follow these steps: 1. Tell the AutoUpgrade utility what you want it to do before or as it performs an update. Your options are: •...
Page 137: Using The Autoupgrade And Superdat Utilities Together
Updating and Upgrading Dr Solomon’s Anti-Virus In most cases, you will not need to restart in order for Dr Solomon’s Anti-Virus to use new program files, but some systems will require that you do so in order for the new files to activate. If you want to restart your system at a more convenient time, clear this checkbox.
Page 138 Updating and Upgrading Dr Solomon’s Anti-Virus 3. If you want to, create and copy a SETUP.ISS file into the directory from which you tell AutoUpgrade to download new files. SETUP.ISS is a simple text file that governs how the AutoUpgrade utility upgrades your software.
Page 139: Deploying An Extra.dat File
Updating and Upgrading Dr Solomon’s Anti-Virus When you have placed the PKGDESC.INI file, the SETUP.EXE file, and any SETUP.ISS file you want to use on a central server, configure the AutoUpgrade utility copies on your workstation computers to download new files from the share you created on that central server.
Page 140 Updating and Upgrading Dr Solomon’s Anti-Virus For Dr Solomon’s Anti-Virus v4.5 and later releases, copy any EXTRA.DAT files you download to this directory: C:\Program Files\Common Files\Network Associates\Dr Solomon’s Anti-Virus Engine \4.0.xx Dr Solomon’s Anti-Virus...
Page 141: Appendix A. Using Dr Solomon's Anti-Virus Administrative Utilities
Using Dr Solomon’s Anti-Virus Administrative Utilities Understanding the Dr Solomon’s Anti-Virus control panel The Dr Solomon’s Anti-Virus control panel serves as the graphical front end for the Dr Solomon’s Anti-Virus management service, which initiates and controls all top-level component processes, including the Dr Solomon’s Anti-Virus application, the Console, and the WinGuard scanner.
Page 142: Choosing Dr Solomon's Anti-Virus Control Panel Options
Using Dr Solomon’s Anti-Virus Administrative Utilities To open the control panel, follow these steps: 1. Click Start in the Windows taskbar, point to Settings, then choose Control Panel. 2. Locate and double-click the Dr Solomon’s Anti-Virus control panel icon to open the control panel itself. Figure A-1.
Page 143 Using Dr Solomon’s Anti-Virus Administrative Utilities 3. Select the Load on startup checkbox in the Dr Solomon’s Anti-Virus Service area to start the Dr Solomon’s Anti-Virus management service (AVSYNMGR.EXE) as soon as you start your computer. The management service oversees all communications between Dr Solomon’s Anti-Virus program components, determines which components must load to accomplish program tasks, and allows you to start or stop all program components at once.
Page 144 Using Dr Solomon’s Anti-Virus Administrative Utilities NOTE: Dr Solomon’s Software recommends that you leave this checkbox selected. The WinGuard scanner is your best continuous defense against virus infections. 6. Click or enter a figure in the Exclude Items text box to specify how many items can appear in the WinGuard System Scan module's exclusion list.
Page 145 Using Dr Solomon’s Anti-Virus Administrative Utilities NOTE: The Dr Solomon’s Anti-Virus management service must restart itself and all active Dr Solomon’s Anti-Virus components in order to implement any changes you make. Administrator’s Guide...
Page 146 Using Dr Solomon’s Anti-Virus Administrative Utilities Dr Solomon’s Anti-Virus...
Page 147: Appendix B. Installed Files
Installed Files What’s in this appendix? The Dr Solomon’s Anti-Virus installation procedure places essential program files on the Dr Solomon’s Anti-Virus client workstation. This section provides an overview of the files installed. Some of the files are associated with a particular component while others are in common use, called by program functions as needed.
Page 148 Installed Files Table B-1. WinGuard scanner program files CONFWIZ.EXE WinGuard C:\Program Files\Network Associates\Dr configuration wizard Solomon’s Anti-Virus file VSHWIN32.EXE Communicates C:\Program Files\Network Associates\Dr between Solomon’s Anti-Virus VSSTAT.EXE and the WinGuard System Scan module MCSHIELD.EXE System Scan module. C:\Program Files\Common Files\Network Runs as a Windows Associates\McShield NT Service on...
Page 149 Installed Files Table B-1. WinGuard scanner program files NTCLIENT.DLL Support file for C:\Program Files\Network Associates\Dr System Scan module. Solomon’s Anti-Virus Runs only on Windows NT and Windows 2000 systems SCANSERV.DLL Support file for C:\Program Files\Common Files\Network System Scan module. Associates\McShield Runs only on Windows NT and Windows 2000...
Page 150 Installed Files Table B-1. WinGuard scanner program files EMALSCAN.DLL Scans e-mail you C:\Program Files\Network Associates\Dr receive from the Solomon’s Anti-Virus Internet or from your network via Messaging Application Programming Interface (MAPI) e-mail systems CCM_SCAN.EXE Scans e-mail you C:\Program Files\Network Associates\Dr receive via Lotus Solomon’s Anti-Virus cc:Mail v7.x and...
Page 151 Installed Files Table B-2. WinGuard scanner dependent files File Function Location AVSYNMGR.EXE Dr Solomon’s C:\Program Files\Network Associates\Dr Anti-Virus Solomon’s Anti-Virus management service. Initializes, starts and stops all Dr Solomon’s Anti-Virus services and components. Must run to enable all Dr Solomon’s Anti-Virus components.
Page 152 Installed Files Temporary files The WinGuard scanner and its related files use these files as “memory maps” to store configuration options copied from the Windows registry when the program runs. These files start out with a standard file size and minimal data, and grow or shrink as necessary to accommodate configuration data.
Page 153: Dependent And Related Files For The Dr Solomon's Anti-Virus Application
Installed Files Dependent and related files for the Dr Solomon’s Anti-Virus application The Dr Solomon’s Anti-Virus application runs as a stand-alone executable file that you can start yourself, or that the Dr Solomon’s Anti-Virus Scheduler can start according to a schedule you set. The application requires a number of support files to function, including some related to the Dr Solomon’s scan engine.
Page 154 Installed Files Table B-5. Dr Solomon’s Anti-Virus application dependent files File Function Location AVSYNMGR.EXE Dr Solomon’s C:\Program Files\Network Associates\Dr Anti-Virus Solomon’s Anti-Virus management service. Initializes, starts and stops all Dr Solomon’s Anti-Virus services and components. Must run to enable all Dr Solomon’s Anti-Virus components.
Page 155 Installed Files Table B-5. Dr Solomon’s Anti-Virus application dependent files MESSAGES.DAT Support file for scan C:\Program Files\Common Files\Network engine. Provides Associates\Dr Solomon’s Anti-Virus Engine\4.0.xx virus detection messages to engine S95EXT.DLL Shell extension file. C:\Program Files\Network Associates\Dr Allows you to Solomon’s Anti-Virus right-click .VSC settings files you saved and start scan...
Page 156: Alert Manager
Installed Files Table B-6. Dr Solomon’s Anti-Virus application temporary files VSCANOAS.MMF Memory map file for C:\Program Files\Network Associates\Dr SYNCUTIL.DLL Solomon’s Anti-Virus VSCANODS.MMF Memory map file for C:\Program Files\Network Associates\Dr SYNCUTIL.DLL Solomon’s Anti-Virus Alert Manager The Alert Manager client configuration utility requires these files to run. Table B-7.
Page 157: Dr Solomon's Anti-Virus Control Panel Files
Installed Files Table B-7. Alert Manager files NAKRNL32.DLL Library file for various C:\Program Files\Common Files\Network Dr Solomon’s Associates\McPal Anti-Virus utilities NAUTIL32.DLL Library file for various C:\Program Files\Common Files\Network Dr Solomon’s Associates\McPal Anti-Virus utilities Dr Solomon’s Anti-Virus control panel files As the initial process for all Dr Solomon’s Anti-Virus components, the Dr Solomon’s Anti-Virus management service does not depend on other Dr Solomon’s Anti-Virus components.
Page 158: Screenscan
Installed Files Temporary files The Dr Solomon’s Anti-Virus control panel and its related files use these files as “memory maps” to store configuration options copied from the Windows registry when the program runs. These files start out with a standard file size and minimal data, and grow or shrink as necessary to accommodate configuration data.
Page 159 Installed Files Program files These files run directly as ScreenScan files or are dedicated ScreenScan library or support files Table B-10. ScreenScan program files File Function Location SCRSCAN.EXE ScreenScan utility C:\Program Files\Network Associates\Dr executable file. Runs Solomon’s Anti-Virus the actual scan operation SCRSCANP.DLL ScreenScan control...
Page 160: Dr Solomon's Anti-Virus Emergency Disk Files
Installed Files Table B-11. ScreenScan dependent files RWABS32.DLL Support file for scan C:\Program Files\Common Files\Network engine Associates \Dr Solomon’s Anti-Virus Engine\4.0.xx MESSAGES.DAT Support file for scan C:\Program Files\Common Files\Network engine. Provides virus Associates detection messages \Dr Solomon’s Anti-Virus Engine\4.0.xx to engine Dr Solomon’s Anti-Virus Emergency Disk files The Emergency Disk wizard will copy files you need to start your computer and scan your hard disk for boot-sector viruses.
Page 161 Installed Files Table B-12. Dr Solomon’s Anti-Virus Emergency Disk files CLEAN.DAT Dr Solomon’s virus definition file. This file is a smaller, specialized version of the CLEAN.DAT file that other Dr Solomon’s Anti-Virus components use. You may not use a CLEAN.DAT file from the Dr Solomon’s Anti-Virus program directory for the...
Page 162: Dependent And Related Files For The E-Mail Scan Extension
Installed Files Table B-12. Dr Solomon’s Anti-Virus Emergency Disk files NAMES.DAT Dr Solomon’s virus definition file. This file is a smaller, specialized version of the NAMES.DAT file that other Dr Solomon’s Anti-Virus components use. You may not use a NAMES.DAT file from the Dr Solomon’s Anti-Virus program directory for the...
Page 163 Installed Files Program files Table B-13. E-Mail Scan program files File Function Location EMALSCAN.DLL Scans e-mail on your C:\Program Files\Network Associates\Dr Microsoft Exchange Solomon’s Anti-Virus server or other Messaging Application Programming Interface (MAPI) e-mail system. This file runs as an Exchange or Outlook extension that loads into the e-mail client...
Page 164 Installed Files Table B-14. E-Mail Scan dependent files SYNCUTIL.DLL Stores data shared C:\Program Files\Network Associates\Dr between components. Solomon’s Anti-Virus VSUTIL.DLL Provides common C:\Program Files\Network Associates\Dr utilities for Solomon’s Anti-Virus components. AVSMCPA.CPL Dr Solomon’s C:\Windows\System or C:\Winnt\System 32 Anti-Virus control panel applet.
Page 165 Installed Files Table B-15. E-Mail Scan temporary files DAV_CONS.MMF Memory map file for C:\Program Files\Network Associates\Dr SYNCUTIL.DLL Solomon’s Anti-Virus DAV_EXCL.MMF Memory map file for C:\Program Files\Network Associates\Dr SYNCUTIL.DLL Solomon’s Anti-Virus DAV_SCAN.MMF Memory map file for C:\Program Files\Network Associates\Dr SYNCUTIL.DLL Solomon’s Anti-Virus DEXCLDEF.MFF Memory map file for C:\Program Files\Network Associates\Dr...
Page 166 Installed Files Dr Solomon’s Anti-Virus...
Page 167: Appendix C. Using Dr Solomon's Anti-Virus Command-Line Options
Using Dr Solomon’s Anti-Virus Command-line Options Adding advanced Dr Solomon’s Anti-Virus engine options The following table lists all of the command-line options that can be communicated directly to the scanning engine via the Advanced Scan Settings dialog box provided by most Detection property pages. These command-line options (that you specify in the Advanced Scan Settings dialog box), will supplement, and can overwrite, the options selected in the WinGuard and Dr Solomon’s Anti-Virus Detection property pages.
Page 168 Using Dr Solomon’s Anti-Virus Command-line Options 2. Change to the Dr Solomon’s Anti-Virus program directory, in which the file SCAN.EXE is located. If you installed Dr Solomon’s Anti-Virus with its default options, type this line at your command prompt to locate the correct directory: C:\progra~1\networ~1\viruss~1 3.
Page 169 Using Dr Solomon’s Anti-Virus Command-line Options Table C-1. Dr Solomon’s Anti-Virus command-line scanner options /ADN On-demand Scan all network drives—including CD-ROM—for scanning only viruses, in addition to any other drive(s) specified on the command line. To scan both local drives and network drives, use the /ADL and /ADN commands together in the same command line.
Page 170 Using Dr Solomon’s Anti-Virus Command-line Options Table C-1. Dr Solomon’s Anti-Virus command-line scanner options /CONTACT On-access Displays specified message when a virus is <message> scanning only detected. This message cannot exceed 255 characters. /CONTACTFILE None Display the contents of <filename> when a virus is <filename>...
Page 171 Using Dr Solomon’s Anti-Virus Command-line Options Table C-1. Dr Solomon’s Anti-Virus command-line scanner options /LOAD <filename> On-demand Load scanning options from the named file. scanning only Use this option to perform a scan you’ve already configured by loading custom settings saved in an ASCII-formatted file.
Page 172 Using Dr Solomon’s Anti-Virus Command-line Options Table C-1. Dr Solomon’s Anti-Virus command-line scanner options /MOVE <dir> or *.??? On-demand /MOVE <directory>: scanning only Moves all infected files found during a scan to the specified directory, preserving drive letter and directory structure. This option has no effect if the Master Boot Record or boot sector is infected, since these are not actually files.
Page 173 Using Dr Solomon’s Anti-Virus Command-line Options Table C-1. Dr Solomon’s Anti-Virus command-line scanner options /NODDA On-demand No direct disk access. This prevents the scanner scanning only from examining the boot record. This feature has been added to allow the scanner to run under Windows NT.
Page 174 Using Dr Solomon’s Anti-Virus Command-line Options Table C-1. Dr Solomon’s Anti-Virus command-line scanner options /PAUSE On-demand Enables screen pause. scanning only The Press any key to continue prompt will appear when the scanner fills a screen with messages. Otherwise, by default, the scanner fills and scrolls a screen continuously without stopping, which allows it to run on PCs with multiple drives or that have severe infections, without needing your...
Page 175 Using Dr Solomon’s Anti-Virus Command-line Options Table C-1. Dr Solomon’s Anti-Virus command-line scanner options /RPTALL On-demand Include all scanned files in the /REPORT file. scanning only When used with /REPORT, this option adds the names of corrupted files to the report file. Dr Solomon’s recommends omitting /PAUSE when using any report option.
Page 176 Using Dr Solomon’s Anti-Virus Command-line Options Table C-1. Dr Solomon’s Anti-Virus command-line scanner options /VIRLIST On-demand Displays the name and a brief description of each scanning only virus that the scanner detects. You may use the /PAUSE option on the same command line as /VIRLIST to read the virus list one screen at a time.
Page 177: Running The On-Demand Scanner With Command-Line Arguments
Using Dr Solomon’s Anti-Virus Command-line Options Running the on-demand scanner with command-line arguments You can run the Dr Solomon’s Anti-Virus on-demand scanner with command-line arguments either from a Windows MS-DOS Prompt window, or by restarting your computer in DOS mode. (You can also run the scanner without command-line arguments, either from a Windows MS-DOS Prompt window or from the Start menu’s Run dialog box.) Network Associates recommends restarting in DOS mode for best results.
Page 178 Using Dr Solomon’s Anti-Virus Command-line Options Table C-2. SCAN32.EXE command-line options Option /SPLASH This option tells the Dr Solomon’s Anti-Virus application to display its identity or “splash” screen when it starts. /NOSPLASH This option tells the Dr Solomon’s Anti-Virus application to hide its identity or “splash”...
Page 179 Using Dr Solomon’s Anti-Virus Command-line Options Table C-2. SCAN32.EXE command-line options /UICONFIG This option tells the Dr Solomon’s Anti-Virus application to open its main window and await configuration option changes. To start a scan operation after you change configuration options, click the Scan Now button in the application window.
Page 180 Using Dr Solomon’s Anti-Virus Command-line Options Table C-2. SCAN32.EXE command-line options /COMP This option tells the Dr Solomon’s Anti-Virus application to scan files saved in compressed file archives. Examples of such archives include .ZIP, .CAB, .LZH, and .UUE files. This can slow down scan operations, but gives your system better protection.
Page 181 Using Dr Solomon’s Anti-Virus Command-line Options Table C-2. SCAN32.EXE command-line options /EXT This option tells the Dr Solomon’s Anti-Virus application to replace the default program extension list it uses to narrow the scope of its scan operations with a list made up of the extensions you specify on the same command line.
Page 182 Using Dr Solomon’s Anti-Virus Command-line Options Table C-2. SCAN32.EXE command-line options /LOGDETECT This option tells the Dr Solomon’s Anti-Virus application to record an event in the log file each time it finds a virus. /NOLOGDETECT This option tells the Dr Solomon’s Anti-Virus application to leave virus detection events out of the log file.
Page 183 Using Dr Solomon’s Anti-Virus Command-line Options Table C-2. SCAN32.EXE command-line options /NOLOGUSER This option tells the Dr Solomon’s Anti-Virus to leave out of the log file the name of the user logged into your computer when the scan task began. /PRIORITY This option tells Dr Solomon’s Anti-Virus to give a higher or lower priority to this scan task relative to other system operations.
Page 184 Using Dr Solomon’s Anti-Virus Command-line Options Dr Solomon’s Anti-Virus...
Page 185: Appendix D. Using The Securecast Service To Get New Data Files
Using the SecureCast Service to Get New Data Files Introducing the SecureCast service The Network Associates SecureCast service provides a convenient method you can use to receive the latest virus definition (.DAT) file updates automatically, as they become available, without your having to download them.
Page 186: Why Should I Update My Data Files
Using the SecureCast Service to Get New Data Files Why should I update my data files? Your software relies on information in its virus definition files (.DAT) files to identify viruses. More than 200 new viruses appear each month, however, and older .DAT files might not recognize them.
Page 187: Installing The Backweb Client And Securecast Service
Using the SecureCast Service to Get New Data Files Installing the BackWeb client and SecureCast service Setting up SecureCast service and the BackWeb client is a two-phase process: 1. Download and install the BackWeb client 2. Register to receive SecureCast service InfoPaks To get started with the SecureCast service, review the system requirements shown below, then follow the steps outlined in each section.
Page 188 Using the SecureCast Service to Get New Data Files Figure D-1. BackWeb client welcome panel 3. Read the instructions and warnings on this panel, then click Next> to continue. 4. The BackWeb license agreement appears (Figure D-2). Figure D-2. BackWeb Software License Agreement panel 5.
Page 189 Using the SecureCast Service to Get New Data Files Figure D-3. Choose Destination Location panel 7. Enter a new location for Setup to install the client software, if you wish, or click Browse to locate a suitable folder. Click Next> to continue. Setup will begin to copy BackWeb program files to your computer.
Page 190 Using the SecureCast Service to Get New Data Files 8. Specify the type of connection your computer has to the Internet. Your choices are: • Direct. Choose this option if you connect to the Internet through a local-area network, a high-bandwidth connection such as a cable modem or digital subscriber line (DSL) connection.
Page 191 Using the SecureCast Service to Get New Data Files 10. If you chose HTTP via proxy as your connection method, the HTTP Proxy Setup panel appears (Figure D-6). Figure D-6. HTTP Proxy Setup panel 11. Enter the name of your proxy server in the Proxy text box, then enter the port the server uses for communication in the Port text box.
Page 192 Using the SecureCast Service to Get New Data Files The Setup Complete panel appears (Figure D-8). Figure D-8. Setup Complete panel 13. To start immediately, leave both checkboxes selected in this panel, then click Finish to complete your installation. Phase 2: Register with the Enterprise SecureCast service After you install the BackWeb client and start it, the SecureCast service immediately opens the client application and sends its first InfoPak: the SecureCast registration forms...
Page 193 Using the SecureCast Service to Get New Data Files The SecureCast service alerts you that an InfoPak has arrived with the Flash message shown at the bottom right corner of Figure D-9. IMPORTANT: If you are a corporate user and have a high-speed Internet connection, the window may list Register Now as an already received InfoPak.
Page 194 Using the SecureCast Service to Get New Data Files 4. Double-click the BW Register icon in the window that opens next. A registration information form appears (Figure D-12). Figure D-12. SecureCast User Registration Information form 5. Enter your name, title and company contact information in the text boxes provided.
Page 195 Using the SecureCast Service to Get New Data Files Figure D-13. SecureCast Parent Company Information form 6. If your company is the subsidiary of another company, enter contact information for your parent company in the text boxes provided. When you have finished, click Next>. The Proxy Communication Configuration dialog box appears (Figure D-14).
Page 196 Using the SecureCast Service to Get New Data Files Figure D-15. SecureCast Online Activity Status panel 9. Click Finish after a check mark appears in all the boxes. The setup process in complete. At that point, your web browser will connect to the Network Associates SecureCast service electronic customer care page.
Page 197: Troubleshooting The Enterprise Securecast Service
Using the SecureCast Service to Get New Data Files Troubleshooting the Enterprise SecureCast service Registration problems If you try to register during a busy time of day on the web, you may encounter a delay while the server tries to process your registration request. If you receive the error message “1105 Error”...
Page 198: Backweb Client
Using the SecureCast Service to Get New Data Files BackWeb client • For a comprehensive guide to BackWeb, including additional troubleshooting advice, see the online BackWeb User’s Manual: http://www.backweb.com/ Dr Solomon’s Anti-Virus...
Page 199: Appendix E. Network Associates
Network Associates Support Services Adding value to your Dr Solomon’s product Choosing Dr Solomon’s anti-virus, Sniffer Technologies network management, and PGP security software helps to ensure that the critical technology you rely on functions smoothly and effectively. Taking advantage of a Network Associates support plan extends the protection you get from your software by giving you access to the expertise you need to install, monitor, maintain and upgrade your system with the latest Network Associates technology.
Page 200 Network Associates Support Services If you purchased a perpetual license for your Network Associates product, you can purchase a PrimeSupport KnowledgeCenter plan for an annual fee. To receive your KnowledgeCenter password or to register your PrimeSupport agreement with Network Associates, visit: http://www.nai.com/asp_set/support/introduction/default.asp Your completed form will go to the Network Associates Customer Service Center.
Page 201 Network Associates Support Services The PrimeSupport Priority plan The PrimeSupport Priority plan gives you round-the-clock telephone access to essential product assistance from experienced Network Associates technical support staff members. You can purchase the PrimeSupport Priority plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.
Page 202: Ordering A Corporate Primesupport Plan
Network Associates Support Services By calling in advance, your PrimeSupport Enterprise representative can help to prevent problems before they occur. If, however, an emergency arises, the PrimeSupport Enterprise plan gives you a committed response time that assures you that help is on the way. You may purchase the PrimeSupport Enterprise plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.
Page 203 Network Associates Support Services Table E-1. Corporate PrimeSupport Plans at a Glance Plan Knowledge Feature Center Connect Priority Enterprise Technical support via website Software updates Technical — Monday–Friday Monday–Friday, after Monday–Friday, after support via hours emergency hours emergency telephone access access North America: North America:...
Page 204: Primesupport Options For Home Users
– Visit the Network Associates CompuServe forum at GO NAI – Visit Network Associates on America Online: keyword MCAFEE • Free access to the PrimeSupport KnowledgeBase: online access to technical solutions from a searchable knowledge base, electronic incident submission, and technical documents such as user’s guides, FAQs, and release notes.
Page 205 Network Associates Support Services If you need additional support, Network Associates offers a variety of other support plans that you can purchase either with your Network Associates product or after your complimentary 30-day support period expires. These include: NOTE: The support plans described here are available only in North America—contact your regional sales representative to learn about local support options.
Page 206: How To Reach International Home User Support
Network Associates Support Services How to reach international home user support The following table lists telephone numbers for technical support in several international locations. The specific costs, availability of service, office hours and plan details might vary from location to location. Consult your sales representative or a regional Network Associates office for details.
Page 207: Network Associates Consulting And Training
Network Associates Support Services Network Associates consulting and training The Network Associates Total Service Solutions program provides you with expert consulting and comprehensive education that can help you maximize the security and performance of your network investments. The Total Service Solutions program includes the Network Associates Professional Consulting arm and the Total Education Services program.
Page 208: Total Education Services
Network Associates Support Services Network consulting Network Associates consultants provide expertise in protocol analysis and offer a vendor-independent perspective to recommend unbiased solutions for troubleshooting and optimizing your network. Consultants can also bring their broad understanding of network management best practices and industry relationships to speed problem escalation and resolution through vendor support.
Page 209: Appendix F. Understanding Idat Technology
Understanding iDAT Technology Understanding incremental .DAT files To function at peak efficiency, Dr Solomon’s Anti-Virus needs regular infusions of new virus definition data files (.DAT files). Without them, the software might not detect new virus strains or respond effectively to remove the threat from your system.
Page 210: How Does Idat Updating Work
Understanding iDAT Technology Product requirements To download and install iDAT parcels, you must have Dr Solomon’s Anti-Virus v4.5 or later anti-virus software along with the corresponding AutoUpdate utility, and you must have already upgraded your Olympus scan engine to v4.0.50 or later. Incremental .DAT files do not work with earlier product or engine versions.
Page 211: What Does Dr Solomon's Post Each Week
Understanding iDAT Technology 12=40554056.UPD For this example, suppose you have .DAT version 4053 installed on your computer and the current .DAT file release is version 4056. The AutoUpdate utility can look in the DELTA.INI file to learn that it needs to download the 10th, 11th, and 12th .UPD file releases to have all of the virus definitions that the current .DAT file release does.
Page 212: Best Practices
Understanding iDAT Technology A typical file listing would be: 00_index.txt 40534054.UPD 40544055.UPD 40554056.UPD dat-4056.zip dat-4056.tar DELTA.INI README.TXT Best practices The following sections outline some suggestions for how to employ iDAT downloads in your updating strategy. Three-stage updating If you need to roll out new virus definitions to multiple workstations on your network, Dr Solomon’s recommends a three-stage update strategy that will save you external network bandwidth, minimize your security risks, and give you more control over your internal updating strategy:...
Page 213: Frequently Asked Questions
Understanding iDAT Technology 3. Install all of the .UPD files and the DELTA.INI file you downloaded to a central server on your network, then configure the AutoUpdate copies on your network computers to download and install the iDAT set. Do not mark these files read-only, as this could cause the target computer to report an error when it tries to delete old files later.
Page 214 Understanding iDAT Technology Q: What happens if my Internet or network connection goes down during an update? A: If the AutoUpdate utility downloaded one or more iDAT files before the connection loss, it will install them into your existing .DAT files and record its failure to download the remaining iDAT files in its activity log.
Page 215 Understanding iDAT Technology A: Normally, Dr Solomon’s posts updated .DAT files on a weekly basis. You may, however, check more or less often as your network security needs require. Be aware that your risk of virus infection grows as the period between updates to the virus data files grows.
Page 216 Understanding iDAT Technology Dr Solomon’s Anti-Virus...
Page 217: Index
FTP, use of to log on to update and upgrade sites anti-virus software Command line options consequences of running multiple vendor silent versions command line options reporting new viruses not detected by to McAfee on access scanner autoexe.bat preserving settings AutoUpdate rebooting advanced options for, security configuring...
Page 218 VirusScan e-mail cannot addresses for reporting new viruses to files installed McAfee Force Update, use of to replace corrupted E-Mail Scan .DAT files dependent files FTP (File Transfer Protocol) program files use of to obtain VirusScan upgrades...
Page 219 America Online and install via CompuServe what they are within the United States incremental .DAT files, understanding and McAfee Emergency Disk using creating incremental DAT files on uninfected computer use of DELTA.INI file for use of to reboot system...
Page 220 PKGDESC.INI file, use of for SuperDAT limiting size of utility upgrades UPDATE UPGRADE ACTIVITY.TXT preserving settings PrimeSupport reporting viruses not detected to McAfee corporate response options at a glance choosing KnowledgeCenter when Download Scan module finds a ordering...
Page 221 "silent" and "record" modes, using viruses aborting if virus detected during restarting SETUP.EXE, renaming SuperDAT packages with the McAfee Emergency Disk for use with AutoUpgrade SETUP.ISS file, use of for SuperDAT utility upgrades software conflicts, as potential cause for scan engine...
Page 222 Index system requirements installing VirusScan for VirusScan Total Education Services SecureCast description of System Scan module Total Service Solutions default response options for contacting Total Virus Defense VirusScan as component of Task menu training for Network Associates products View Activity Log scheduling technical support troubleshooting SecureCast...
Page 223 VirusScan Command Line removing use of when booting with Emergency before installation, necessity of and Disk steps for VirusScan control panel from infected files files reporting new strains to McAfee options Administrator’s Guide...
Page 224 Index temporary files VirusScan Emergency Disk files VirusScan Scheduler purpose of VShield default responses to virus detection Download Scan module default response options for E-mail Scan module default response options for Internet Filter module default response options for System Scan module default response options for what it does Vshield...

This manual is also suitable for:

Dr solomon’s anti-virus

McAfee DR SOLOMON S ANTI-VIRUS 8.5 Administrator's Manual

Chapter 1. About Dr Solomon's Anti-Virus

Chapter 2. Installing Dr Solomon's Anti-Virus

Chapter 3. Removing Infections

Chapter 4. Using Dr Solomon's Anti-Virus

Chapter 5. Sending Alert Messages

Chapter 6. Updating and Upgrading Dr Solomon's Anti-Virus

Appendix A. Using Dr Solomon's Anti-Virus Administrative Utilities

Appendix B. Installed Files

Appendix C. Using Dr Solomon's Anti-Virus Command-Line Options

Appendix D. Using the Securecast Service to Get New Data Files

Appendix E. Network Associates

Appendix F. Understanding Idat Technology

Quick Links

Related Manuals for McAfee DR SOLOMON S ANTI-VIRUS 8.5

Summary of Contents for McAfee DR SOLOMON S ANTI-VIRUS 8.5

This manual is also suitable for:

Table of Contents