F-SECURE CLIENT SECURITY 8.00 Administrator's Manual page 246

246
Try to get different infected files from your system. Usually 3-5
different samples are enough. If possible, add clean copies of the
same files as well (taken from backups). To do this, use two
directories in your zip file, for example:
ORIGINAL\APPPEND.EXE
ORIGINAL\COMMAND.COM
INFECTED\APPEND.EXE
INFECTED\COMMAND.COM
5. Macro virus
Send an infected copy of the NORMAL.DOT file (the global template)
in addition to the infected DOC files. With Excel viruses, send the
PERSONAL.XLS file, if it exists, in addition to the infected XLS files. If
the macro virus also infected other types of files, send a sample of
every file type.
6. Boot sector virus
If an infection is on a hard drive, use the GetMBR utility to collect boot
sector samples. When the script is finished send us the mbr.dmp file
in the way described in this chapter. GetMBR can be downloaded
from our ftp site:
ftp://ftp.f-secure.com/anti-virus/tools/getmbr.zip
If the infection is on a floppy disk, create a DCF image of the infected
diskette and send the .DCF image file to us. You can download the
DCF utility from our ftp site at:
ftp://ftp.f-secure.com/anti-virus/tools/dcf53.zip
You can also send the infected diskette by mail to our Helsinki office
(see address below). Please include a description of the problem.
Note that we do not send diskettes back.
7. An infection or a false alarm on a CD
If an infection or false alarm is on a CD, you can send the CD to our
office in Finland. For the address, see below.
Please include a description of the problem, and a printed F-Secure
Client Security report, if possible. We will return your CD if it has no
infection.