Page 1 McAfee VirusScan Administrator’s Guide Version 4.5...
Page 2 Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts &...
Page 3: Table Of Contents
McAfee anti-virus research ........
Page 4 Configuring the AutoUpdate Utility ....... . .109 McAfee VirusScan Anti-Virus Software...
Page 5 Table of Contents Understanding the AutoUpgrade utility ......118 Configuring the AutoUpgrade utility ....... .119 Using the AutoUpgrade and SuperDAT utilities together .
Page 6 Appendix E. Network Associates Support Services ....185 Adding value to your McAfee product ......185 PrimeSupport options for corporate customers .
Page 7: Preface
Preface Anti-virus protection as information security “The world changed [on March 26, 1999]—does anyone doubt that? The world is different. Melissa proved that ... and we are very fortunate ... the world could have gone very close to meltdown.” —Padgett Peterson, Chief Info Security Architect, Lockheed Martin Corporation, on the 1999 “Melissa”...
Page 8 In this way, Melissa almost made the need for viral code to spread itself obsolete—end users themselves cooperated in its propagation, and their own computers blindly participated. viii McAfee VirusScan Anti-Virus Software...
Page 9 Preface A rash of Melissa variants and copycats appeared soon after. Some, such as W97M/Prilissa, included destructive payloads. Later the same year, a number of new viruses and worms either demonstrated novel or unexpected ways to get into networks and compromise information security, or actually perpetuated attacks.
Page 10: Information Security As A Business Necessity
Part of the solution is deploying the McAfee Active Virus Defense* software suite, which provides a comprehensive, multi-platform series of defensive perimeters for your network. You can also build on that security with the...
Page 11: Active Virus Defense Security Perimeters
Preface Active Virus Defense security perimeters The McAfee Active Virus Defense product suite exists for one simple reason: there is no such thing as too much anti-virus protection for the modern, automated enterprise. Although at first glance it might seem needlessly...
Page 12 The new AutoUpgrade version includes support for v1.2 of the McAfee SuperDAT utility, which you can use to update the Olympus scan engine and its support files.
Page 13: Mcafee Anti-Virus Research
200 to 300 viruses and variants appear each month, the .DAT files that enable McAfee software to detect and remove viruses can get quickly outdated. If you have not updated the files that originally came with your software, you could risk infection from newly emerging viruses.
Page 14: How To Contact Mcafee And Network Associates
• Magic Solutions. This division supplies the Total Service desk product line and related products • McAfee. This division provides the Active Virus Defense product suite and related anti-virus software solutions to corporate and retail customers. • PGP Security. This division provides award-winning encryption and...
Page 15: Technical Support
The companies have continued this tradition by making their sites on the World Wide Web valuable resources for answers to technical support issues. McAfee encourages you to make this your first stop for answers to frequently asked questions, for updates to McAfee and Network Associates...
Page 16: Download Support
(801) 492-2650 Retail customers (801) 492-2600 Network Associates training For information about scheduling on-site training for any McAfee or Network Associates product, call Network Associates Customer Service at: (972) 308-9960. Comments and feedback McAfee appreciates your comments and reserves the right to use any information you supply in any way it believes appropriate without incurring any obligation whatsoever.
Page 17: Reporting New Items For Anti-Virus Data File Updates
Java classes, ActiveX controls, dangerous websites, or viruses that your software does not now detect. Note that McAfee reserves the right to use any information you supply as it deems appropriate, without incurring any obligations whatsoever.
Page 18: International Contact Information
NA Network Associates Oy Lautruphoej 1-3 Mikonkatu 9, 5. krs. 2750 Ballerup 00100 Helsinki Danmark Finland Phone: 45 70 277 277 Phone: 358 9 5270 70 Fax: 45 44 209 910 Fax: 358 9 5270 7100 xviii McAfee VirusScan Anti-Virus Software...
Page 19 Preface Network Associates Network Associates France S.A. Deutschland GmbH 50 Rue de Londres Ohmstraße 1 75008 Paris D-85716 Unterschleißheim France Deutschland Phone: 33 1 44 908 737 Phone: 49 (0)89/3707-0 Fax: 33 1 45 227 554 Fax: 49 (0)89/3707-1199 Network Associates Hong Kong Network Associates Srl 19th Floor, Matheson Centre Centro Direzionale Summit...
Page 20 Suite 6, 11F, No. 188, Sec. 5 227 Bath Road Nan King E. Rd. Slough, Berkshire Taipei, Taiwan, Republic of China SL1 5PP Phone: 886-2-27-474-8800 United Kingdom Fax: 886-2-27-635-5864 Phone: 44 (0)1753 217 500 Fax: 44 (0)1753 217 520 McAfee VirusScan Anti-Virus Software...
Page 21: Chapter 1. About Virusscan Software
“zombie” agents that assist in large-scale denial-of-service attacks from across the Internet. They do so also because they recognize how much value McAfee anti-virus research and development brings to their fight to maintain network integrity and service levels, ensure data security, and reduce ownership costs.
Page 22 At the same time, as the cornerstone product in the McAfee Active Virus Defense and Total Virus Defense security suites, VirusScan software retains the same core features that have made it the utility of choice for the corporate desktop.
Page 23: How Does Virusscan Software Work
The scan engine, meanwhile, combines the best features of technologies that McAfee and Dr Solomon researchers developed independently for more than a decade.
Page 24 This meant that the simple pattern-matching method that earlier scan engine incarnations used to find many viruses simply no longer worked, since no constant sequence of bytes existed to detect. To respond to this threat, McAfee researchers developed the PolyScan Decryption Engine, which locates and analyzes the algorithm that these types of viruses use to encrypt and decrypt themselves.
Page 25: What Comes With Virusscan Software
About VirusScan Software Still others open “back doors” into desktop systems or create security holes in a way that closely resembles a deliberate attempt at network penetration, rather than the more random mayhem that most viruses tend to leave in their wakes.
Page 26 Centralized Alerting messages, or supplement either method with Desktop Management Interface (DMI) alerts sent via your DMI client software. • The ScreenScan utility. This optional component scans your computer as your screen saver runs during idle periods. McAfee VirusScan Anti-Virus Software...
Page 27 About VirusScan Software • The SendVirus utility. This component gives you an easy and painless way to submit files that you believe are infected directly to McAfee anti-virus researchers. A simple wizard guides you as you choose files to submit, include contact details and, if you prefer, strip out any personal or confidential data from document files.
Page 28 The dialog boxes with Help buttons open the help file to the specific topic that describes the entire dialog box. McAfee VirusScan Anti-Virus Software...
Page 29: What's New In This Release
Chapter 2, “Installing VirusScan Software” in the VirusScan Administrator’s Guide. This VirusScan version also comes with complete support for the McAfee ePolicy Orchestrator software distribution tool. A specially packaged VirusScan version ships with the ePolicy Orchestrator software, ready for enterprise-wide distribution. You can distribute VirusScan software, configure it from the ePolicy Orchestrator console, update that configuration and any program or .DAT files at any time, and schedule scan operations, all...
Page 30 • System Scan module action options now include a new Prompt Type configuration option for Windows 95 and Windows 98 systems. This option lets you determine how the Prompt for user action alert appears. McAfee VirusScan Anti-Virus Software...
Page 31 VirusScan software still requires regular .DAT file updates to keep pace with the 200 to 300 new viruses that appear each month. To meet this need, McAfee has incorporated updating technology in VirusScan software from its earliest incarnations. With this release, that technology takes a quantum leap forward with incremental .DAT...
Page 32 About VirusScan Software McAfee VirusScan Anti-Virus Software...
Page 33: Chapter 2. Installing Virusscan Software
VirusScan program files to your computer’s hard disk. The second option copies selected components to the target workstation. McAfee distributes VirusScan software in two ways: as an archived file that you can download from the McAfee website or from other electronic services, and on CD-ROM disc.
Page 34: Installing Virusscan Software On A Local Computer
Installation steps McAfee recommends that you first quit all other applications you have running on your system before you start Setup. Doing so reduces the possibility that software conflicts will interfere with your installation.
Page 35 Installing VirusScan Software 2. Choose Run from the Start menu in the Windows taskbar. The Run dialog box will appear (Figure 2-1). Figure 2-1. Run dialog box 3. Type <X>:\SETUP.EXE in the text box provided, then click OK. Here, <X> represents the drive letter for your CD-ROM drive or the path to the folder that contains your extracted VirusScan files.
Page 36 Next> to continue. 6. The next wizard panel displays the VirusScan software end-user license agreement. Read this agreement carefully—if you install VirusScan software, you agree to abide by the terms of the license. McAfee VirusScan Anti-Virus Software...
Page 37 Installing VirusScan Software If you do not agree to the license terms, select I do not agree to the terms of the License Agreement, then click Cancel. Setup will quit immediately. Otherwise, click I agree to the terms of the License Agreement, then click Next>...
Page 38 Setup can continue without conflicts. Š NOTE: McAfee strongly recommends that you remove incompatible software. Because most anti-virus software operates at a very low level within your system, two anti-virus programs that compete for access to the same files or that perform critical operations can make your system very unstable.
Page 39 Installing VirusScan Software The options in this panel govern whether others who use your computer can make changes to the configuration options you choose, can schedule and run tasks, or can enable and disable VirusScan components. VirusScan software includes extensive security measures to ensure that unauthorized users cannot make any changes to software configurations in Maximum Security mode.
Page 40 Custom Installation. This option starts with the same components as the Typical setup, but allows you to choose from among these additional items: – The VShield E-Mail Scan, Download Scan, and Internet Filter modules – The ScreenScan utility McAfee VirusScan Anti-Virus Software...
Page 41 Installing VirusScan Software To learn more about what each component does, see “What comes with VirusScan software?” on page 29 of the VirusScan User’s Guide. 11. Choose the option you prefer, then click Next> to continue. If you chose Custom Setup, you’ll see the panel shown in Figure 2-8.
Page 42 Setup first removes any incompatible software from your system. It then copies VirusScan program files to your hard disk. When it has finished, it displays a panel that asks if you want to configure the product you installed (see Figure 2-10 on page 43). McAfee VirusScan Anti-Virus Software...
Page 43 Installing VirusScan Software Figure 2-10. Completing Setup panel 15. At this point, you can: • Finish your installation. Leave the Scan Memory for Viruses before Configuring checkbox clear, then click Skip Config to finish your installation. Setup will ask if you want to start the VShield scanner and the VirusScan Console immediately.
Page 44 After the utility creates the disk, it returns to the regular Setup sequence. Clear this checkbox to skip the Emergency Disk creation. You can start the utility at any time after installation. McAfee VirusScan Anti-Virus Software...
Page 45 Installing VirusScan Software • Run Default Scan for Viruses after Installation. This option is active by default. The option tells Setup to finish the installation, then to run the VirusScan application immediately afterwards to scan your entire startup partition. The application will alert you if it finds any viruses on this partition, but otherwise will quit without any further notice.
Page 46 19. When you have chosen the option you want, click Next>. If you chose to run an AutoUpdate operation immediately, the utility will connect to the McAfee website to download new incremental .DAT files. After it finishes, the Setup sequence will resume.
Page 47: Using The Emergency Disk Creation Utility
Installing VirusScan Software Figure 2-13. Successful Installation panel 20. To do so, select the Start VirusScan checkbox, then click Finish. The VirusScan software “splash screens” will appear, and the VShield scanner and VirusScan Console icons will appear in the Windows system tray.
Page 48 The special .DAT files have these names: • EMCLEAN.DAT • EMNAMES.DAT • EMSCAN.DAT McAfee periodically updates these .DAT files to detect new boot-sector viruses. You can download new Emergency .DAT files from this location: http://www.nai.com/asp_set/anti_virus/avert/tools.asp Š NOTE: McAfee recommends that you download new Emergency .DAT files directly to a newly formatted floppy disk in order to reduce the risk of infection.
Page 49 Installing VirusScan Software 1. Click Next> to continue. The next wizard panel appears (Figure 2-15). Figure 2-15. Second Emergency Disk panel If your computer runs Windows NT Workstation or Windows 2000 Professional, the wizard tells you that it will format your Emergency Disk with the NAI-OS.
Page 50 Click Finish to quit the wizard when it has created your disk. Next, remove the disk from your floppy drive, lock it, label it McAfee Emergency Boot Disk and store it in a safe place.
Page 51 Emergency Disk to start your computer. Follow these substeps: a. Insert an unlocked and unformatted floppy disk into your floppy drive. McAfee recommends that you use a completely new disk that you have never previously formatted to prevent the possibility of virus infections on your Emergency Disk.
Page 52 If you don’t see two holes, look for a plastic sliding tab at one of the disk corners, then slide the tab until it locks in an open position. McAfee VirusScan Anti-Virus Software...
Page 53: Determining When You Must Restart Your Computer
In some cases, however, the Microsoft Installer (MSI) will need to replace or initialize certain files, or previous McAfee product installations might require you to remove files in order for VirusScan software to run correctly. These requirements can also vary for each supported Windows platform.
Page 54: Testing Your Installation
IMPORTANT: This file is n ot a virus— it cannot spread or infect other files, or otherw ise harm your system . D elete the file w hen you have finished testing your installation to avoid alarm ing other users. McAfee VirusScan Anti-Virus Software...
Page 55: Modifying Or Removing Your Local Virusscan Installation
1. Click Start in the Windows taskbar, point to Settings, then choose Control Panel. 2. Locate and double-click the Add/Remove Programs control panel. 3. In the Add/Remove Programs Properties dialog box, choose McAfee VirusScan v4.5.0 in the list, then click Add/Remove. Setup will start and display the first Maintenance wizard panel (Figure 2-21).
Page 56 • Remove. Select this option to remove VirusScan software from your computer completely. Setup will ask you to confirm that you want to remove the software from your system (see Figure 2-23 on page 57). McAfee VirusScan Anti-Virus Software...
Page 57: Installing Virusscan Software On Other Computers
Installing VirusScan Software Figure 2-23. Remove the Program panel 6. Click Remove. Setup will display progress information as it deletes VirusScan software from your system. When it has finished, click Finish to close the wizard panel. Installing VirusScan software on other computers The next sections describe how to install VirusScan software over your network, to many workstations at once, and with various custom configurations.
Page 58: Installing Virusscan Software Using Command-Line Options
NOTE: You can run Setup from the command line only to install VirusScan software to a local computer. To install the software over a network, you must use McAfee Management Edition or ePolicy Orchestrator software. To do so, click Start in the Windows taskbar, then choose Run. Next, enter the command line you want to use in the Run dialog box, then click OK.
Page 59 Installing VirusScan Software – PRESERVESETTINGS. This property tells Setup whether it should retain the configuration options you used for previous VShield scanner installations. By default, its value is True. – REBOOT. This property tells Setup whether it should restart your computer.
Page 60 McAfee VirusScan Anti-Virus Software...
Page 61 Installing VirusScan Software Installing to a custom directory To install VirusScan software to a custom directory, add the INSTALLDIR property to the command line, then follow the property with a value for the directory you want to use. To install VirusScan software to C:\My Anti-Virus Software, for example, type this line at the command prompt: setup INSTALLDIR= “c:\My Anti-Virus Software”...
Page 62 41) will show only the components you specify as those available for installation. If you use these same examples to specify a component set for installation, Setup will install only the components you specified during a Typical installation. McAfee VirusScan Anti-Virus Software...
Page 63 Installing VirusScan Software Setting reboot options You can force or prevent the target computer from restarting during the installation. To do this, add the REBOOT property to the command line. REBOOT=F forces the restart, while REBOOT=R prevents the restart. If you must first install the Windows Installer service on a target computer, Setup will require you to restart whether you force or prevent a restart for other reasons.
Page 64 Without the /LSCRIPT option, Setup will run and, if you do not have MSI v1.1 installed or if you have a previous VirusScan version on the target computer, will require the target computer to restart. Before it does so, however, it places a flag in the Windows RunOnce registry key. McAfee VirusScan Anti-Virus Software...
Page 65: Using Management Edition Software
VirusScan installation package to a local directory on the target computer. You may not use a login script to install VirusScan software from elsewhere on your network. To install VirusScan software from a remote location on the network, use McAfee Management Edition or McAfee ePolicy Orchestrator management software. Š...
Page 66: Using Epolicy Orchestrator To Deploy Virusscan Software
Using ePolicy Orchestrator to deploy VirusScan software ePolicy Orchestrator management software provides a single point of control for all of your McAfee anti-virus products. It is a scalable anti-virus management tool that provides centralized policy management and enforcement, software distribution, and extensive reporting features.
Page 67: Installing Via System Management Server
Installing VirusScan Software With the ePolicy Orchestrator server, console, and agent you can manage a single database and software repository from any location on your company’s network. Once you have installed the ePolicy Orchestrator server and console, and have loaded VirusScan software is loaded into the repository, you can use the console to push the agent onto the client machines.
Page 68: Installing Via Zenworks
Novell ZENworks documentation. Exporting VirusScan custom settings McAfee provides a small utility that you can use to put a VirusScan installation package together with all of the configuration settings you want to use for each target computer. McAfee releases this utility, the Custom Installation Creator, apart from the VirusScan product package.
Page 69 Installing VirusScan Software Table 2-1. MSI_INST.EXE command-line switches Option Purpose Usage IMPORT Import settings into a VirusScan /IMPORT<path and filename> installation from an .INI file you designate EXPORT Export settings from a VirusScan /EXPORT<path and filename> installation to an .INI file you designate EXPOPTIONS Export certain settings from...
Page 70 MSI_INST.EXE to read the exclusion settings from a previous .INI file and set new installation appropriately. You must use this option with the /PREVIOUS option. NOTE: You may use this option only to preserve VirusScan v4.0.2 and v4.0.3 settings. McAfee VirusScan Anti-Virus Software...
Page 71: Chapter 3. Removing Infections From Your System
Removing Infections From Your System If you suspect you have a virus... First of all, don’t panic! Although far from harmless, most viruses that infect your machine will not destroy data, play pranks, or render your computer unusable. Even the comparatively rare viruses that do carry a destructive payload usually produce their nasty effects in response to a trigger event.
Page 72 The Emergency Disk will load the files it needs to conduct the scan operation into memory. If you have extended memory on your computer, it will load its database files into that memory for faster execution. McAfee VirusScan Anti-Virus Software...
Page 73 Š NOTE: McAfee strongly recommends that you do not interrupt the BOOTSCAN.EXE scanner as it runs its scan operation. The Emergency Disk will not detect macro viruses, script viruses, or Trojan horse programs, but it will detect common file-infecting and boot-sector viruses.
Page 74: Deciding When To Scan For Viruses
The VirusScan Console includes AutoUpdate and AutoUpgrade tasks you can use to update your .DAT files and the VirusScan engine. To learn how to update your software, see Chapter 6, “Updating and Upgrading VirusScan Software.”. McAfee VirusScan Anti-Virus Software...
Page 75: Recognizing When You Don't Have A Virus
You can, however, rely on McAfee researchers to identify and isolate the virus, then to update VirusScan software immediately so that you can detect and, if possible, remove the virus when you next encounter it.
Page 76: Understanding False Detections
If none of these situations apply, contact Network Associates technical support or send e-mail to virus_research@nai.com with a detailed explanation of the problem you encountered. McAfee VirusScan Anti-Virus Software...
Page 77: Responding To Viruses Or Malicious Software
Removing Infections From Your System Responding to viruses or malicious software Because VirusScan software consists of several component programs, any one of which could be active at one time, your possible responses to a virus infection or to other malicious software will depend upon which program detected the harmful object, how you have that program configured to respond, and other circumstances.
Page 78 Action page. Š NOTE: The Continue access checkbox is unavailable if your computer runs Windows NT Workstation v4.0 or Windows 2000, or if you choose the GUI prompt type on Windows 95 and Windows 98 systems. McAfee VirusScan Anti-Virus Software...
Page 79 Removing Infections From Your System To take one of the actions shown in an alert message, click a button in the Access to File Was Denied dialog box, or type the letter highlighted in yellow when you see the full-screen warning. If you want the same response to apply to all infected files that the System Scan module finds during this scan operation, select the Apply to all items checkbox in the dialog box.
Page 80 • Exclude. Click this button to prevent the E-Mail Scan module from flagging this file as a virus in future scan operations. If you copy this file to your hard disk, this also prevents the System Scan module from detecting the file as a virus. McAfee VirusScan Anti-Virus Software...
Page 81 Removing Infections From Your System When you choose your action, the E-Mail Scan module will implement it immediately and add a notice to the top of the e-mail message that contained the infected attachment. The notice gives the file name of the infected attachment, identifies the name of the infecting virus, and describes the action that the module took in response.
Page 82 VirusScan software to suit your own needs. With this initial configuration, the program will prompt you for a response when it finds a virus (Figure 3-6). Figure 3-6. VirusScan response options McAfee VirusScan Anti-Virus Software...
Page 83 Removing Infections From Your System To respond to the infection, click one of the buttons shown. You can tell the VirusScan application to: • Continue. Click this button to proceed with the scan operation and have the application list each infected file in the lower portion of its main window (Figure 3-7), record each detection in its log file, but take no other...
Page 84 Once it has finished examining your system, you can right-click each file listed in the main window, then choose an individual response from the shortcut menu that appears. McAfee VirusScan Anti-Virus Software...
Page 85 Removing Infections From Your System • Stop. Click this button to stop the scan operation immediately. The E-Mail Scan extension will list the infected files it has already found in the lower portion of its main window (Figure 3-9) and record each detection in its log file, but it will take no other action to respond to the virus.
Page 86 Chapter 6, “Creating and Configuring Scheduled Tasks” in the VirusScan User’s Guide. The Library is part of the McAfee AVERT website, which you can visit at: http://www.nai.com/asp_set/anti_virus/avert/intro.asp The AVERT website has a wealth of virus-related data and software. McAfee VirusScan Anti-Virus Software...
Page 87 Examples include: • Current information and risk assessments on emerging and active virus threats • Software tools you can use to extend or supplement your McAfee anti-virus software • Contact addresses and other information for submitting questions, virus samples, and other data •...
Page 88: Submitting A Virus Sample
If you have a suspicious file that you believe contains a virus, or experience a system condition that might result from an infection—but VirusScan software has not detected a virus—McAfee recommends that you send a sample to its anti-virus research team for analysis. When you do so, be sure to start your system in the apparently infected state—don’t start your system from a clean...
Page 89 Removing Infections From Your System 4. Read the welcome message, then click Next> to continue. The Contact Information wizard panel appears. Figure 3-13. Your Contact Information panel 5. If you want AVERT researchers to contact you about your submission, enter your name, e-mail address, and any message you would like to send along with your submission in the text boxes provided, then click Next>...
Page 90 Remove my personal data from file checkbox, then click Next> to continue. This tells the SENDVIR.EXE utility to strip everything out of the file except macros or executable code. The Choose E-Mail Service panel appears (Figure 3-16). Figure 3-16. Choose E-mail Service panel McAfee VirusScan Anti-Virus Software...
Page 91: Capturing Boot Sector, File-Infecting, And Macro Viruses
If you suspect you have a virus infection, you can collect a sample of the virus, then either create a floppy disk image to send via e-mail, or mail the floppy disk itself to McAfee anti-virus researchers. The researchers would also benefit from having samples of your current system files on a separate floppy disk.
Page 92 If you suspect you have a file-infecting virus or a macro virus that has infected any of your Microsoft Word, Excel, or PowerPoint files, send these files to McAfee anti-virus researchers, either with the SENDVIR.EXE utility, via e-mail as floppy disk images, or through the mail on floppy disk: •...
Page 93 Making disk images To send the files now stored on any floppy disks you created, you can use a McAfee AVERT Labs tool called RWFLOPPY.EXE to make a floppy disk image that encapsulates the infection. The RWFLOPPY.EXE tool does not...
Page 94 9. Attach the .ZIP file that you created to an e-mail message. Sending samples via e-mail Once you’ve made disk images or created a file archive for your samples, send them to McAfee researchers at one of these e-mail addresses: In the United States virus_research@nai.com In the United Kingdom vsample@nai.com...
Page 95 Removing Infections From Your System Mailing infected floppy disks You can also mail the actual disks you created directly to McAfee anti-virus researchers. McAfee recommends that you create a text file or write a message to accompany the disks that includes the same information you would submit with an electronic disk image.
Page 96 Removing Infections From Your System McAfee VirusScan Anti-Virus Software...
Page 97: Chapter 4. Using Virusscan Software
Using VirusScan Software Using the VShield scanner The VShield scanner protects your system in the background, as you work with your files, in order to prevent infection from viruses that arrive via floppy disks, from your network, embedded in file attachments that come with e-mail messages, or from your computer’s memory.
Page 98: Scheduling Scan Tasks
Exchange or Outlook client application. To learn how to configure the E-Mail Scan extension and other specialized scanners, see Chapter 8, “Using Specialized Scanning Tools,” in the VirusScan User’s Guide. McAfee VirusScan Anti-Virus Software...
Page 99: Chapter 5. Sending Alert Messages
Sending Alert Messages Using the Alert Manager Client Configuration utility All McAfee anti-virus software includes wide range of methods to alert you when it has detected a virus or other malicious software. These methods include: • graphical and full-screen warnings that appear on your local computer, often with response options •...
Page 100: Virusscan Software As An Alert Manager Client
.ALR files, and distributing the alert messages from any it finds. Š NOTE: McAfee recommends that you send alert events directly to an Alert Manager server rather than via Centralized Alerting, unless your network configuration does not permit you to use Alert Manager servers.
Page 101 Configuration utility not to pass alert messages from your anti-virus software to the Alert Manager server or to your Desktop Management Interface (DMI) administrative software. By default, this checkbox is clear. McAfee recommends that you leave it clear so that the client sends alert messages out. Š...
Page 102 Alert Manager server if you have Active Directory Services installed on this computer and running on your network. To prevent the client utility from doing so, select the Disable Active Directory Lookup checkbox, when it appears. McAfee VirusScan Anti-Virus Software...
Page 103 Sending Alert Messages When you’ve chosen a destination for your alert messages, click OK to close the dialog box. • Enable Centralized alerting. Click this button to have VirusScan components send alert messages to a Centralized Alerting directory somewhere on your network. Choosing this option prevents you from sending alert events to an Alert Manager server.
Page 104 Consult your system administrator for specific details that apply to your DMI software. When you have entered a number, click OK to close the dialog box. 4. Click OK to save your changes and close the Alert Manager Client Configuration dialog box. McAfee VirusScan Anti-Virus Software...
Page 105: Chapter 6. Updating And Upgrading Virusscan Software
“Understanding iDAT Technology.” What is the scan engine? The McAfee scan engine is at the heart of McAfee anti-virus software. The engine contains the program logic necessary to scan files at particular points, process and pattern-match virus definitions with data it finds in your files,...
Page 106: Update And Upgrade Methods
Appendix F, “Understanding iDAT Technology.” • SuperDAT scan engine and .DAT file updates. McAfee releases a weekly SuperDAT package of current .DAT file updates and the current Olympus scan engine, together with a Setup feature that makes updating and upgrading a snap.
Page 107 128. In addition to the weekly SuperDAT package that contains both current .DAT files and a current scan engine, McAfee will make available a SuperDAT package that consists only of .DAT files. This executable file minimizes the need for you to closely manage your .DAT file updates. It...
Page 108: Understanding The Autoupdate Utility
“push-pull” arrangement. Once you install its client software on an administrative server, the SecureCast service can send, or “push,” updated files to you automatically, as soon as McAfee makes them available on its servers. To learn more about the SecureCast service, see Appendix D, “Using...
Page 109: Configuring The Autoupdate Utility
• Reduce the likelihood that you will need to wait to download new .DAT files. Traffic on McAfee servers increases dramatically on regular .DAT file publishing dates. Avoiding the competition for network bandwidth enables you to deploy your update with minimal interruptions.
Page 110 Disabled. A site is enabled if you have selected the Enabled checkbox in the Automatic Update Properties dialog box. A site is disabled if you clear this checkbox. This designation does not change whether or not the AutoUpdate utility can connect with the site. McAfee VirusScan Anti-Virus Software...
Page 111 Updating and Upgrading VirusScan Software Initially, the utility comes configured to connect only to the Network Associates FTP site. You can add as many different sites as you need, and alter the order in which AutoUpdate tries to connect to them, from this dialog box.
Page 112 By default, the AutoUpdate utility records what happens during update attempts and saves the record in the file UPDATE UPGRADE ACTIVITY LOG.TXT in the VirusScan program directory whenever you stop the task or when you shut your system down. McAfee VirusScan Anti-Virus Software...
Page 113 Updating and Upgrading VirusScan Software If you would prefer to log this data to a different text file, enter its path and filename in the text box provided, or click Browse to locate the file. The AutoUpdate utility will not generate a text file—it will write only to an existing file.
Page 114 If you click Update now, the AutoUpdate utility will use the same account you used to log on to your network to connect to the upgrade server. McAfee VirusScan Anti-Virus Software...
Page 115 Updating and Upgrading VirusScan Software To use a custom account, clear the Use Logged In Account checkbox, then click UNC login information to enter a user name and password for an account that has access rights to the target server. •...
Page 116 After a Successful Update area. To tell AutoUpdate where to save the .DAT file package, enter a path and folder name in the text box below this checkbox, or click Browse to locate a suitable folder. McAfee VirusScan Anti-Virus Software...
Page 117 WARNING: McAfee recommends that you use this option with extreme caution. If you have configured your AutoUpdate task to connect to a server that stores older .DAT...
Page 118: Understanding The Autoupgrade Utility
OK. To close the dialog box without saving your changes, click Cancel. Understanding the AutoUpgrade utility McAfee revises VirusScan software and the Olympus scan engine regularly to add new detection and repair capabilities, new features for manageability and flexibility, and other enhancements that make it a better anti-virus security tool.
Page 119: Configuring The Autoupgrade Utility
Updating and Upgrading VirusScan Software By default, the AutoUpgrade task included with VirusScan Console does not come configured with any default upgrade site. Instead, McAfee recommends that you use other mechanisms, such as the Enterprise SecureCast service, to receive new SuperDAT or program files, then place those files on a central server within your network.
Page 120 User’s Guide. To learn how to set a schedule for the task, see “Enabling tasks” on page 208 of the User’s Guide. 2. Click Configure. The Automatic Upgrade dialog box appears with the Upgrade Sites property page selected (see Figure 6-7 on page 121). McAfee VirusScan Anti-Virus Software...
Page 121 Updating and Upgrading VirusScan Software Figure 6-7. Automatic Upgrade dialog box - Upgrade Sites page Here, the AutoUpgrade utility lists the sites from which it will download new VirusScan program files. It also reports each site’s current status as Enabled or Disabled. A site is enabled if you have selected the Enabled checkbox in the Automatic Upgrade Properties dialog box.
Page 122 Move Down. • Update your files immediately from the sites listed in the update list, using default configuration options or the options you chose for this task. Click Upgrade now. McAfee VirusScan Anti-Virus Software...
Page 123 Updating and Upgrading VirusScan Software To use this function, you must have configured enough of the necessary options for the AutoUpgrade utility to locate the listed site and, if necessary, log on to it. See “Configuring upgrade options” on page 124 to learn how to specify the options you need.
Page 124 Figure 6-10. Automatic Upgrade Properties dialog box - Upgrade Options page Next, follow these steps: 1. Enter a descriptive name in the Site Name text box that clearly identifies the new site. An example might be Internal Program File Upgrade Site. McAfee VirusScan Anti-Virus Software...
Page 125 Updating and Upgrading VirusScan Software 2. Select the Enabled checkbox to approve this site for the AutoUpgrade utility’s use. Clearing this checkbox preserves the options you’ve chosen, but causes the utility to skip this site when it tries to download new .DAT files. The AutoUpgrade utility will make a maximum of three connection attempts for the site during each scheduled update operation.
Page 126 To have AutoUpgrade do additional pre- or post-processing on the files, or to have it take other actions, click the Advanced Upgrade Options tab to display the property page shown in Figure 6-5 on page 116. McAfee VirusScan Anti-Virus Software...
Page 127 Updating and Upgrading VirusScan Software Figure 6-11. Automatic Update Properties dialog box - Advanced Update Options page Next, follow these steps: 1. Tell the AutoUpgrade utility what you want it to do before or as it performs an update. Your options are: •...
Page 128: Using The Autoupgrade And Superdat Utilities Together
Using the AutoUpgrade and SuperDAT utilities together For this release, you must modify the SuperDAT package you download from the McAfee website in order to use it with the AutoUpgrade utility. Š NOTE: VirusScan v4.5 and later releases require you to use the SuperDAT v1.2 or later utility.
Page 129 Updating and Upgrading VirusScan Software 3. If you want to, create and copy a SETUP.ISS file into the directory from which you tell AutoUpgrade to download new files. SETUP.ISS is a simple text file that governs how the AutoUpgrade utility upgrades your software.
Page 130: Deploying An Extra.dat File
• A virus presents a “medium on-watch” or “high” risk threat of infection. To learn about what constitutes a medium on-watch or high risk, or about McAfee AVERT risk assessment in general, visit the AVERT website at: http://www.mcafeeb2b.com/asp_set/anti_virus/alerts/ara.asp • A high-prevalence virus threatens an outbreak situation Ë...
Page 131 Updating and Upgrading VirusScan Software For VirusScan v4.5 and later releases, copy any EXTRA.DAT files you download to this directory: C:\Program Files\Common Files\Network Associates\VirusScan Engine \4.0.xx User’s Guide...
Page 132 Updating and Upgrading VirusScan Software McAfee VirusScan Anti-Virus Software...
Page 133: Appendix A. Using Virusscan Administrative Utilities
Š NOTE: McAfee strongly recommends that you set the VirusScan management service to load at startup. If you do not, you might not be able to start some VirusScan components, and you will lose the benefit of data sharing between components.
Page 134: Choosing Virusscan Control Panel Options
VirusScan management service (AVSYNMGR.EXE) as soon as you start your computer. The management service oversees all communications between VirusScan program components, determines which components must load to accomplish program tasks, and allows you to start or stop all program components at once. McAfee VirusScan Anti-Virus Software...
Page 135 Manager. If your computer runs Windows 95 or Windows 98, this service is not directly accessible. Š NOTE: McAfee strongly recommends that you set the VirusScan management service to load at startup. If you do not, you might not be able to start some VirusScan components, and you will lose the benefit of data sharing between components.
Page 136 Click OK to save your changes and close the control panel. Click Cancel to close the control panel without saving your changes. Š NOTE: The VirusScan management service must restart itself and all active VirusScan components in order to implement any changes you make. McAfee VirusScan Anti-Virus Software...
Page 137: Appendix B. Installed Files
Installed Files What’s in this appendix? The VirusScan installation procedure places essential program files on the VirusScan client workstation. This section provides an overview of the files installed. Some of the files are associated with a particular component while others are in common use, called by program functions as needed.
Page 138 Filter driver for C:\Program Files\Common Files\Network System Scan module. Associates Runs only on \McShield Windows NT and Windows 2000 systems NAIFSREC.SYS File system redirector C:\Winnt\System32\drivers for System Scan module. Runs only on Windows NT and Windows 2000 systems McAfee VirusScan Anti-Virus Software...
Page 139 VShield support file. C:\Windows\System Initializes services for DOS protected-mode interface. Runs only on Windows 95 and Windows 98 systems MCSCAN32.VXD McAfee scan engine. C:\Windows\System Runs only on Windows 95 and Windows 98 systems MCUTIL.VXD Support file for C:\Windows\System System Scan module.
Page 140 Filter modules. Intercepts files downloaded through web browsers for scan engine to examine Dependent files VShield requires these files to run, but these are not VShield program files, or are not dedicated solely to VShield support. McAfee VirusScan Anti-Virus Software...
Page 141 VirusScan control C:\Windows\System or C:\Winnt\System 32 panel applet RESDLL.DLL Resource file for all C:\Program Files\Common Files\Network components Associates\McPal MCSCAN32.DLL McAfee Scan engine C:\Program Files\Common Files\Network file Associates\VirusScan Engine\4.0.xx RWABS16.DLL Support file for scan C:\Program Files\Common Files\Network engine Associates\VirusScan Engine\4.0.xx RWABS32.DLL...
Page 142 DVS_EXCL.MMF Memory map file for C:\Program Files\Network Associates\VirusScan SYNCUTIL.DLL VSCANGEN.MMF Memory map file for C:\Program Files\Network Associates\VirusScan SYNCUTIL.DLL VSCANOAS.MMF Memory map file for C:\Program Files\Network Associates\VirusScan SYNCUTIL.DLL VSCANODS.MMF Memory map file for C:\Program Files\Network Associates\VirusScan SYNCUTIL.DLL McAfee VirusScan Anti-Virus Software...
Page 143: Dependent And Related Files For The Virusscan Application
VirusScan Scheduler can start according to a schedule you set. The application requires a number of support files to function, including some related to the McAfee scan engine. This table lists VirusScan application and related files: Program files...
Page 144 C:\Program Files\Common Files\Network VirusScan Associates\McPal components MCSCAN32.DLL McAfee Scan engine C:\Program Files\Common Files\Network file Associates\VirusScan Engine\4.0.xx RWABS16.DLL Support file for scan C:\Program Files\Common Files\Network engine Associates\VirusScan Engine\4.0.xx RWABS32.DLL Support file for scan C:\Program Files\Common Files\Network engine Associates\VirusScan Engine\4.0.xx McAfee VirusScan Anti-Virus Software...
Page 145 Installed Files Table B-5. VirusScan application dependent files MESSAGES.DAT Support file for scan C:\Program Files\Common Files\Network engine. Provides Associates\VirusScan Engine\4.0.xx virus detection messages to engine S95EXT.DLL Shell extension file. C:\Program Files\Network Associates\VirusScan Allows you to right-click .VSC settings files you saved and start scan operations or view scan task properties.
Page 146: Alert Manager
NAEVENT.DLL Library file. Handles C:\Program Files\Common Files\Network event processing from Associates\McPal desktop client anti-virus software to Alert Manager utility and McAfee ePolicy Orchestrator software NAGUI32.DLL Graphical library file for C:\Program Files\Common Files\Network various VirusScan Associates\McPal utilities McAfee VirusScan Anti-Virus Software...
Page 147: Virusscan Control Panel Files
Installed Files Table B-7. Alert Manager files NAKRNL32.DLL Library file for various C:\Program Files\Common Files\Network VirusScan utilities Associates\McPal NAUTIL32.DLL Library file for various C:\Program Files\Common Files\Network VirusScan utilities Associates\McPal VirusScan control panel files As the initial process for all VirusScan components, the VirusScan management service does not depend on other VirusScan components.
Page 148: Screenscan
The ScreenScan utility runs as an executable file that starts whenever your screen saver runs. The utility requires a number of support files to function, including some related to the McAfee scan engine. This table lists ScreenScan utility and related files: Program files...
Page 149 Table B-11. ScreenScan dependent files File Function Location RESDLL.DLL Resource file for all C:\Program Files\Common Files\Network VirusScan Associates components \McPal MCSCAN32.DLL McAfee Scan engine C:\Program Files\Common Files\Network file Associates \VirusScan Engine\4.0.xx RWABS16.DLL Support file for scan C:\Program Files\Common Files\Network engine Associates \VirusScan Engine\4.0.xx RWABS32.DLL...
Page 150: Virusscan Emergency Disk Files
CLEAN.DAT file that other VirusScan components use. You may not use a CLEAN.DAT file from the VirusScan program directory for the Emergency Disk. COMMAND.COM Command interpreter. This file is a command shell that responds to command-line input McAfee VirusScan Anti-Virus Software...
Page 151 Table B-12. VirusScan Emergency Disk files GETREPLY.EXE Application file. This file processes output from the scan operation KERNEL.SYS System file LICENSE.DAT McAfee License file. The command-line scanner uses this to track use eligibility for this product MESSAGES.DAT McAfee resource file. This file stores...
Page 152: Dependent And Related Files For The E-Mail Scan Extension
Tools menu and as buttons in the application toolbar. You can use the extension to run scan operations whenever you wish. The extension requires a number of support files to function, including some related to the McAfee scan engine. This table lists extension and related files: Program files Table B-13.
Page 153 VirusScan control C:\Windows\System or C:\Winnt\System 32 panel applet. RESDLL.DLL Resource file for all C:\Program Files\Common Files\Network VirusScan Associates\McPal components. MCSCAN32.DLL McAfee Scan engine C:\Program Files\Common Files\Network file. Associates\VirusScan Engine\4.0.xx RWABS16.DLL Support file for scan C:\Program Files\Common Files\Network engine. Associates\VirusScan Engine\4.0.xx RWABS32.DLL...
Page 154 DVS_EXCL.MMF Memory map file for C:\Program Files\Network Associates\VirusScan SYNCUTIL.DLL VSCANGEN.MMF Memory map file for C:\Program Files\Network Associates\VirusScan SYNCUTIL.DLL VSCANOAS.MMF Memory map file for C:\Program Files\Network Associates\VirusScan SYNCUTIL.DLL VSCANODS.MMF Memory map file for C:\Program Files\Network Associates\VirusScan SYNCUTIL.DLL McAfee VirusScan Anti-Virus Software...
Page 155: Appendix C. Using Virusscan Command-Line Options
Using VirusScan Command-line Options Adding advanced VirusScan engine options The following table lists all of the command-line options that can be communicated directly to the scanning engine via the Advanced Scan Settings dialog box provided by most Detection property pages. These command-line options (that you specify in the Advanced Scan Settings dialog box), will supplement, and can overwrite, the options selected in the VShield and VirusScan Detection property pages.
Page 156 To scan both local drives and network drives, use the /ADL and /ADN commands together in the same command line. /ALERTPATH <dir> On-demand Designates the directory <dir> as a network path scanning only for Centralized Alerting alert messages. McAfee VirusScan Anti-Virus Software...
Page 157 Using VirusScan Command-line Options Table C-1. VirusScan command-line scanner options /ALL On-demand Overrides the default scan setting by scanning all scanning only infectable files—regardless of extension. Using the /ALL option substantially increases the scanning time required. Use it only if you find a virus or suspect that you have one.
Page 158 Does not check any files loaded from the specified scanning only drive(s). /LOAD <filename> On-demand Load scanning options from the named file. scanning only Use this option to perform a scan you’ve already configured by loading custom settings saved in an ASCII-formatted file. McAfee VirusScan Anti-Virus Software...
Page 159 /LOCK is appropriate in highly vulnerable network environments environments, such as open-use computer labs. McAfee recommends using /LOCK with the /CONTACTFILE option to tell users what to do or whom to contact if VirusScan locks the system. /MANALYZE On-demand Sets the scanner’s heuristic scanning features to...
Page 160 Disables the “expiration date” message if the scanning only VirusScan data files are out of date. /NOMEM None Does not scan memory for viruses. This greatly reduces scan time. Use /NOMEM only when you are absolutely certain that your computer is virus-free. McAfee VirusScan Anti-Virus Software...
Page 161 PCs with multiple drives or that have severe infections, without needing your input. McAfee recommends omitting /PAUSE when using the report options (/REPORT, /RPTCOR, and /RPTERR) /PLAD...
Page 162 You can include the destination drive and directory (such as D:\VSREPRT\ALL.TXT), but if the destination is a network drive, you must have rights to create and delete files on that drive. McAfee recommends omitting /PAUSE when using any report option. /RPTALL On-demand Include all scanned files in the /REPORT file.
Page 163 /VIRLIST <filename>.txt Because the scanner can detect many viruses, this file will be over 250 pages long. This is too large for the MS-DOS Edit program to open; McAfee recommends using Notepad or another text editor to open the virus list.
Page 164: Running The On-Demand Scanner With Command-Line Arguments
Prompt window, type exit at the command prompt. If you restarted your computer in DOS mode, type win to start Windows, or restart your computer as you would normally. The following table lists the arguments that can be added to the SCAN32 command. McAfee VirusScan Anti-Virus Software...
Page 165 Using VirusScan Command-line Options Table C-2. SCAN32.EXE command-line options Option /SPLASH This option tells the VirusScan application to display its identity or “splash” screen when it starts. /NOSPLASH This option tells the VirusScan application to hide its identity or “splash” screen when it starts.
Page 166 This option tells the VirusScan application to scan files saved in compressed file archives. Examples of such archives include .ZIP, .CAB, .LZH, and .UUE files. This can slow down scan operations, but gives your system better protection. McAfee VirusScan Anti-Virus Software...
Page 167 Using VirusScan Command-line Options Table C-2. SCAN32.EXE command-line options /NOCOMP This option tells the VirusScan application not to scan any files in compressed file archives. This can speed up scan operations. /CONTINUE This option tells the VirusScan application to continue the scan operation automatically when it detects a virus.
Page 168 This option tells the VirusScan application to leave virus detection events out of the log file. /LOGCLEAN This option tells the VirusScan application to record an event in the log file each time it cleans, or fails to clean, an infected file. McAfee VirusScan Anti-Virus Software...
Page 169 Using VirusScan Command-line Options Table C-2. SCAN32.EXE command-line options /NOLOGCLEAN This option tells the VirusScan application not to record an event when it cleans or fails to clean an infected file. /LOGDELETE This option tells the VirusScan application to record an event in the log file each time it deletes an infected file.
Page 170 Using VirusScan Command-line Options McAfee VirusScan Anti-Virus Software...
Page 171: Appendix D. Using The Securecast Service To Get New Data Files
Using the SecureCast Service to Get New Data Files Introducing the SecureCast service The Network Associates SecureCast service provides a convenient method you can use to receive the latest virus definition (.DAT) file updates automatically, as they become available, without your having to download them.
Page 172: Why Should I Update My Data Files
Your software relies on information in its virus definition files (.DAT) files to identify viruses. More than 200 new viruses appear each month, however, and older .DAT files might not recognize them. To meet this challenge, McAfee releases new .DAT files each week. You are entitled to these free data file updates for use with your version of the software.
Page 173: Installing The Backweb Client And Securecast Service
Using the SecureCast Service to Get New Data Files Installing the BackWeb client and SecureCast service Setting up SecureCast service and the BackWeb client is a two-phase process: 1. Download and install the BackWeb client 2. Register to receive SecureCast service InfoPaks To get started with the SecureCast service, review the system requirements shown below, then follow the steps outlined in each section.
Page 174 3. Read the instructions and warnings on this panel, then click Next> to continue. 4. The BackWeb license agreement appears (Figure D-2). Figure D-2. BackWeb Software License Agreement panel 5. Click Yes to continue. 6. The Choose Destination Location panel appears (Figure D-3 on page 175). McAfee VirusScan Anti-Virus Software...
Page 175 Using the SecureCast Service to Get New Data Files Figure D-3. Choose Destination Location panel 7. Enter a new location for Setup to install the client software, if you wish, or click Browse to locate a suitable folder. Click Next> to continue. Setup will begin to copy BackWeb program files to your computer.
Page 176 This allows you to control how the BackWeb client behaves with respect to other applications you might have running when SecureCast InfoPaks arrive at your desktop. For more information, see the BackWeb online help at http://www.backweb.com/. Next, skip to Step McAfee VirusScan Anti-Virus Software...
Page 177 Using the SecureCast Service to Get New Data Files 10. If you chose HTTP via proxy as your connection method, the HTTP Proxy Setup panel appears (Figure D-6). Figure D-6. HTTP Proxy Setup panel 11. Enter the name of your proxy server in the Proxy text box, then enter the port the server uses for communication in the Port text box.
Page 178 SecureCast channels to which you InfoPaks subscribe downloaded appear here. to your system appear here. Choose which service information you want to SecureCast see in this Flash Banner area. Figure D-9. The Enterprise SecureCast client window McAfee VirusScan Anti-Virus Software...
Page 179 Using the SecureCast Service to Get New Data Files The SecureCast service alerts you that an InfoPak has arrived with the Flash message shown at the bottom right corner of Figure D-9. Ë IMPORTANT: If you are a corporate user and have a high-speed Internet connection, the window may list Register Now as an already received InfoPak.
Page 180 Parent Company Information dialog box appears (see Figure D-13 on page 181). Skip to Step 7 on page 181. • If you have cleared the Subsidiary of a Parent Company checkbox, continue with Step 6 on page 181. McAfee VirusScan Anti-Virus Software...
Page 181 Using the SecureCast Service to Get New Data Files Figure D-13. SecureCast Parent Company Information form 6. If your company is the subsidiary of another company, enter contact information for your parent company in the text boxes provided. When you have finished, click Next>. The Proxy Communication Configuration dialog box appears (Figure D-14).
Page 182 You can use this page to download product updates and upgrades, contact technical support, and get other information directly from Network Associates. The terms of your grant will determine what information you see here and what you can download. McAfee VirusScan Anti-Virus Software...
Page 183: Troubleshooting The Enterprise Securecast Service
Using the SecureCast Service to Get New Data Files Troubleshooting the Enterprise SecureCast service Registration problems If you try to register during a busy time of day on the web, you may encounter a delay while the server tries to process your registration request. If you receive the error message “1105 Error”...
Page 184: Backweb Client
Using the SecureCast Service to Get New Data Files BackWeb client • For a comprehensive guide to BackWeb, including additional troubleshooting advice, see the online BackWeb User’s Manual: http://www.backweb.com/ McAfee VirusScan Anti-Virus Software...
Page 185: Administrator's Guide
Network Associates Support Services Adding value to your McAfee product Choosing McAfee anti-virus, Sniffer Technologies network management, and PGP security software helps to ensure that the critical technology you rely on functions smoothly and effectively. Taking advantage of a Network...
Page 186 Network Associates website • Electronic incident and query submission • Technical documents, including user’s guides, FAQ lists, and release notes • Data file updates and product upgrades via the Network Associates website McAfee VirusScan Anti-Virus Software...
Page 187 Network Associates Support Services The PrimeSupport Priority plan The PrimeSupport Priority plan gives you round-the-clock telephone access to essential product assistance from experienced Network Associates technical support staff members. You can purchase the PrimeSupport Priority plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.
Page 188: Ordering A Corporate Primesupport Plan
Friday from 8:00 a.m. to 7:00 p.m. Central time. Press 3 on your telephone keypad for sales assistance. • In Europe, the Middle East, and Africa, contact your local Network Associates office. Contact information appears near the front of this guide. McAfee VirusScan Anti-Virus Software...
Page 189 Network Associates Support Services Table E-1. Corporate PrimeSupport Plans at a Glance Plan Knowledge Feature Center Connect Priority Enterprise Technical support via website Software updates Technical — Monday–Friday Monday–Friday, after Monday–Friday, after support via hours emergency hours emergency telephone access access North America: North America:...
Page 190: Primesupport Options For Home Users
– Visit the Network Associates CompuServe forum at GO NAI – Visit Network Associates on America Online: keyword MCAFEE • Free access to the PrimeSupport KnowledgeBase: online access to technical solutions from a searchable knowledge base, electronic incident submission, and technical documents such as user’s guides, FAQs, and release notes.
Page 191 Network Associates online or electronic services. • Quarterly Disk/CD Plan. This plan gives you automatic quarterly delivery of upgrade disks or CDs if you cannot obtain product upgrades online. This service is available for McAfee VirusScan and NetShield software only. Administrator’s Guide...
Page 192: How To Reach International Home User Support
• In North America, call Network Associates Customer Service at (972) 855-7044 • In international locations, contact the Network Associates retail technical support center closest to your location for more information. Some support options may not be available in some locations. McAfee VirusScan Anti-Virus Software...
Page 193: Network Associates Consulting And Training
Network Associates Support Services Network Associates consulting and training The Network Associates Total Service Solutions program provides you with expert consulting and comprehensive education that can help you maximize the security and performance of your network investments. The Total Service Solutions program includes the Network Associates Professional Consulting arm and the Total Education Services program.
Page 194: Total Education Services
• Contact your regional sales representative. • Call Network Associates Total Education Services at (800) 395-3151 Ext. 2670 (for private course scheduling) or (888) 624-8724 (for public course scheduling). • Visit the Network Associates website at: http://www.nai.com/asp_set/services/educational_services/education_intro.asp McAfee VirusScan Anti-Virus Software...
Page 195: Appendix F. Understanding Idat Technology
50,000 virus definitions. With this VirusScan release, McAfee introduced a new incremental virus definition (.DAT or iDAT) technology that consists of small parcels that contain only the virus definitions that have changed between weekly .DAT file...
Page 196: How Does Idat Updating Work
AutoUpdate utility can look in the DELTA.INI file to learn that it needs to download the 10th, 11th, and 12th .UPD file releases to have all of the virus definitions that the current .DAT file release does. McAfee VirusScan Anti-Virus Software...
Page 197: What Does Mcafee Post Each Week
What does McAfee post each week? Each week McAfee posts a complete .DAT file update, along with a new weekly iDAT update, and a new DELTA.INI file that has updated Multiple Patch Table and Incremental Resolver entries. You can download these files...
Page 198: Best Practices
2. From the baseline state, use a web browser or FTP client software each week to download new .UPD files directly from the McAfee FTP site to a central server on your network.
Page 199: Frequently Asked Questions
If you configure your computers to download iDAT files directly from the McAfee website, be sure to schedule your updates for a time after the regular weekly .DAT file postings.
Page 200 Scheduling issues Q: How often should I check for updates? A: Normally, McAfee posts updated .DAT files on a weekly basis. You may, however, check more or less often as your network security needs require. Be aware that your risk of virus infection grows as the period between updates to the virus data files grows.
Page 201: Index
FTP, use of to log on to update and upgrade sites anti-virus software Command line options consequences of running multiple vendor silent versions command line options reporting new viruses not detected by to McAfee xvii on access scanner autoexe.bat preserving settings AutoUpdate rebooting advanced options for, security...
Page 202 E-Mail Scan Force Update, use of to replace corrupted dependent files .DAT files program files FTP (File Transfer Protocol) temporary files use of to obtain VirusScan upgrades E-Mail Scan program component, default responses when virus found McAfee VirusScan Anti-Virus Software...
Page 203 America Online incremental DAT files via CompuServe use of DELTA.INI file for within the United States infected files McAfee Emergency Disk cleaning yourself when VirusScan creating cannot on uninfected computer removing viruses from use of to reboot system...
Page 204 Small Office/Home Office Annual training Plan website address for software updates and Professional Consulting Services upgrades description of new viruses, reporting to McAfee xvii program components, included with numbering conventions for .DAT files VirusScan programs running after successful updates Olympus scan engine...
Page 205 Sending restarting Setup with the McAfee Emergency Disk "silent" and "record" modes, using aborting if virus detected during SETUP.EXE, renaming SuperDAT packages scan engine for use with AutoUpgrade upgrading with AutoUpdate and the SETUP.ISS file, use of for SuperDAT utility...
Page 206 VirusScan PrimeSupport SecureCast for home users System Scan module ordering default response options for via electronic services testing your installation Tivoli installing VirusScan Total Education Services description of Total Service Solutions contacting McAfee VirusScan Anti-Virus Software...
Page 207 AutoUpdate steps for recommended method for downloading from infected files and distributing reporting new strains to McAfee xvii updates and upgrades viewing information about use of anonymous FTP to log into sites use of UNC notation to designate...
Page 208 VirusScan application website, Network Associates technical support via dependent files program files temporary files ZENworks VirusScan Command Line installing VirusScan use of when booting with Emergency Disk VirusScan control panel files options temporary files McAfee VirusScan Anti-Virus Software...

McAfee VIRUSSCAN 4.5 Administrator's Manual

Chapter 1. About Virusscan Software

Chapter 2. Installing Virusscan Software

Chapter 3. Removing Infections from Your System

Chapter 4. Using Virusscan Software

Chapter 5. Sending Alert Messages

Chapter 6. Updating and Upgrading Virusscan Software

Appendix A. Using Virusscan Administrative Utilities

Appendix B. Installed Files

Appendix C. Using Virusscan Command-Line Options

Appendix D. Using the Securecast Service to Get New Data Files

Appendix E. Network Associates Support Services

Appendix F. Understanding Idat Technology

Quick Links

Need help?

Questions and answers

Related Manuals for McAfee VIRUSSCAN 4.5

Summary of Contents for McAfee VIRUSSCAN 4.5

Table of Contents