McAfee VIRUSSCAN - FOR UNIX Datasheet

McAfee Command Line Scanners
and VirusScan for UNIX
When Only a Command Line Scanner Will Do
McAfee ® VirusScan ® is trusted by millions of enterprises to
provide effective defense from virus attacks. In most cases,
of course, this means continuous background protection
under various versions of Microsoft
there are occasions when it's useful to have a command line
scanner at your disposal. Perhaps you need to use a
command line scanner alongside another application—for
example, in tandem with a third-party content filter at the
Internet gateway. Or perhaps you wish to integrate a
command line scanner into your own custom business
application or process. McAfee command line scanners are
perfect for such situations. They combine comprehensive
detection and cleaning with the granular control that you can
get only by using a command line scanner.
Scanning Under DOS and Windows
When SCAN.EXE is run, it checks to see if you're running
Windows. If you are, it uses the McAfee 32-bit Windows
scan engine. If you're running DOS, it calls SCANPM.EXE,
which switches the PC into protected mode and scans using
the McAfee 32-bit DOS scan engine. SCANPM.EXE will run
in a Windows environment if it's launched explicitly from the
command line. However, this isn't recommended since it is
not optimized for this environment.
Scanning UNIX File Systems
McAfee provides command line scanners for a wide range
of UNIX platforms—AIX, FreeBSD, HP-UX, Linux v2.x kernels,
SCO UNIX, and Solaris (SPARC). Our UNIX scanners provide
more than just search-and-destroy scanning capability for the
growing number of native UNIX viruses. They scan for all
viruses that may be stored on any UNIX systems operating
as file stores for Windows desktops across your enterprise.
Comprehensive Scanning for Today's Threats
There are now in excess of 85,000 threats, and more than
275 new threats appear each month. Alongside "traditional"
virus threats, there are now e-mail worms, Internet worms,
DDoS (Distributed Denial of Service) attacks, backdoor and
remote access Trojans, and zombies. Many of these threats
combine multiple-attack mechanisms to maximize their
chances of spreading quickly through corporate networks
worldwide. Blended threats, in particular, have had a marked
effect, combining the use of system exploits, formerly
associated with hacking activities, with the spreading
capabilities of viruses and worms. An increasing number of
www.mcafeesecurity.com
® Windows . However, ®
McAfee System Protection Solutions
threats are designed to cash in on vulnerabilities in operating
systems and applications. McAfee command line scanners,
using the superior scanning technology of the McAfee scan
engine, detect all of these threats.
Advance Protection from Tomorrow's Threats
New threats appear all the time, and many of today's viruses
and worms travel at Internet speed—they strike fast and
move quickly. So a scanner's ability to flag new, unknown
threats is more important than ever. McAfee command line
scanners harness the McAfee scan engine's proactive
detection technologies to isolate new threats.
Heuristic Detection
The McAfee advanced heuristic analysis lets us look through
the code in a file to determine if the actions it takes are
typical of a virus. The more virus-like code that's found, the
more likely the file is to be infected. To reduce the risk of
false alarms—identifying a virus when there isn't one—we
combine positive heuristics with negative heuristics to
search for those things that are distinctly non-virus like.
Generic Detection and Cleaning
Generic detection involves using a single virus definition to
detect and clean many variants of the same virus family.
This is especially useful today when a successful threat is
often followed by a host of variants. Of course, all threats
must be detected, but it is much less efficient to build
individual signatures for each one as they appear. Piecemeal
detection isn't just less efficient—it also means that a new
variant has the opportunity to spread before the scanner is
able to detect it.
McAfee's generic detection capability, developed over
several years, has brought enormous benefits to McAfee
customers, who have been protected—in advance—from
threats such as Anna Kournikova, Homepage, Badtrans.b,
Fbound.c, Klez.h, W32/Frethem, Bugbear.b, Sobig.e,
W32/Mimail, Lovsan, and many others.
The Hidden Threat
When a file is compressed or archived, the original bytes of
the file are rearranged as part of the space-saving process. If
the file is infected, the bytes belonging to the virus are also
rearranged, and the characteristic string that an anti-virus
scanner looks for may no longer exist. So there could be a
hidden threat lurking within any compressed, archived, or
Data Sheet