Dr Solomon’s Anti-Virus User’s Guide Version 8.
COPYRIGHT Copyright © 2000 Network Associates, Inc. and its Affiliated Companies. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Network Associates, Inc.
(i.e., the required number of licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end"). If the number of Client Devices or seats that can connect to the Software can exceed the number of licenses you have obtained, then you must have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use limits specified for the licenses you have obtained.
5. Restrictions. You may not rent, lease, loan or resell the Software. You may not permit third parties to benefit from the use or functionality of the Software via a timesharing, service bureau or other arrangement, except to the extent such use is specified in the applicable list price or product packaging for the Software. You may not transfer any of the rights granted to you under this Agreement.
7. Limitation of Liability. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, SHALL MCAFEE OR ITS SUPPLIERS BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR FOR ANY AND ALL OTHER DAMAGES OR LOSSES.
SOME COUNTRIES HAVE RESTRICTIONS ON THE USE OF ENCRYPTION WITHIN THEIR BORDERS, OR THE IMPORT OR EXPORT OF ENCRYPTION EVEN IF FOR ONLY TEMPORARY PERSONAL OR BUSINESS USE. YOU ACKNOWLEDGE THAT THE IMPLEMENTATION AND ENFORCEMENT OF THESE LAWS IS NOT ALWAYS CONSISTENT AS TO SPECIFIC COUNTRIES.
Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii What happened? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Why worry? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Where do viruses come from? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Virus prehistory . . . . . . . . . . . . . .
Table of Contents Determining when you must restart your computer . . . . . . . . . . . . . . . .62 Testing your installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Modifying or removing your Dr Solomon’s Anti-Virus installation . . . .64 Chapter 3. Removing Infections From Your System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 If you suspect you have a virus... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Starting the Dr Solomon’s Anti-Virus Console . . . . . . . . . . . . . . . . . . . . . . .210 Using the Console window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212 Working with default tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215 Working with the VShield task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217 Working with the AutoUpgrade and AutoUpdate tasks . . . . . . . . . . . .
Table of Contents Appendix A. Default Vulnerable and Compressed File Extensions . . 313 Adding file name extensions for scanning . . . . . . . . . . . . . . . . . . . . . . . . . . .313 Current list of vulnerable file name extensions . . . . . . . . . . . . . . . . . . . . . . .314 Current list of compressed files scanned . . . . . . . . . . . . . . . . . . . . . . . . . . .318 Appendix B. Network Associates Support Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents xii Dr Solomon’s Anti-Virus
Preface What happened? If you’ve ever lost important files stored on your hard disk, watched in dismay as your computer ground to a halt only to display a prankster’s juvenile greeting on your monitor, or found yourself having to apologize for abusive e-mail messages you never sent, you know first-hand how computer viruses and other harmful programs can disrupt your productivity. If you haven’t yet suffered from a virus “infection,” count yourself lucky.
Preface The threat from viruses and other malicious software is real, and it is growing worse. Some estimates have placed the total worldwide cost in time and lost productivity for merely detecting and cleaning virus infections at more than $10 billion per year, a figure that doesn’t include the costs of data loss and recovery in the wake of attacks that destroyed data.
Preface Some of these students soon discovered that they could use certain features of the host computer’s operating system to give them unauthorized access to computer resources. Others took advantage of users who had relatively little computer knowledge to substitute their own programs—written for their own purposes—in place of common or innocuous utilities.
Preface For a time, sophisticated descendants of this first boot-sector virus represented the most serious virus threat to computer users. Variants of boot sector viruses also infect the Master Boot Record (MBR), which stores the partition information your computer needs to figure out where to find each of your hard disk partitions and the boot sector itself. Realistically, nearly every step in the boot process, from reading the MBR to loading the operating system, is vulnerable to virus sabotage.
Preface Particularly clever viruses can even subvert attempts to clear them from memory by trapping the CTRL+ALT+DEL keyboard sequence for a warm reboot, then faking a restart. Sometimes the only outward indication that anything on your system is amiss—before any payload detonates, that is—might be a small change in the file size of infected legitimate software.
Preface Macro viruses By 1995 or so, the virus war had come to something of a standstill. New viruses appeared continuously, prompted in part by the availability of ready-made virus “kits” that enabled even some non-programmers to whip up a new virus in no time. But most existing anti-virus software easily kept pace with updates that detected and disposed of the new virus variants, which consisted primarily of minor tweaks to well-known templates.
Preface Convergences in the technologies that have resulted from this feverish pace of invention have given website designers tools they can use to collect and display information in ways never previously available. Websites soon sprang up that could send and receive e-mail, formulate and execute queries to databases using advanced search engines, send and receive live audio and video, and distribute data and multimedia resources to a worldwide audience.
Preface Instead, harmful objects exist to deliver their equivalent of a virus payload. Programmers have written objects, for example, that can read data from your hard disk and send it back to the website you visited, that can “hijack” your e-mail account and send out offensive messages in your name, or that can watch data that passes between your computer and other computers. Even more powerful agents have begun to appear in applications that run directly from websites you visit.
Preface How to protect yourself Dr Solomon’s Anti-Virus already gives you an important bulwark against infection and damage to your data, but anti-virus software is only one part of the security measures you should take to protect yourself. Anti-virus software, moreover, is only as good as its latest update. Because as many as 200 to 300 viruses and variants appear each month, the virus definition (.DAT) files that enable Dr Solomon’s software to detect and remove viruses can get quickly outdated.
Preface How to contact Network Associates Customer service On December 1, 1997, McAfee Associates merged with Network General Corporation, Pretty Good Privacy, Inc., and Helix Software, Inc. to form Network Associates, Inc. The combined Company subsequently acquired Dr Solomon's Software, Trusted Information Systems, Magic Solutions, and CyberMedia, Inc. A January 2000 company reorganization formed four independent business units, each concerned with a particular product line. These are: • Magic Solutions.
Preface Other contact information for retail-licensed customers: Phone: (972) 308-9960 Fax: (972) 619-7485 (24-hour, Group III fax) E-Mail: cust_care@nai.com Web: http://www.drsolomon.com/ Technical support Dr Solomon’s Software and Network Associates are famous for their dedication to customer satisfaction. The companies have continued this tradition by making their sites on the World Wide Web valuable resources for answers to technical support issues.
Preface To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please include this information in your correspondence: • Product name and version number • Computer brand and model • Any additional hardware or peripherals connected to your computer • Operating system type and version numbers • Network type and version, if applicable • Contents of your AUTOEXEC.BAT, CONFIG.
Preface Because Dr Solomon’s researchers are committed to providing you with effective and up-to-date tools you can use to protect your system, please tell them about any new Java classes, ActiveX controls, dangerous websites, or viruses that your software does not now detect. Note that Dr Solomon’s Software reserves the right to use any information you supply as it deems appropriate, without incurring any obligations whatsoever. Send your questions or virus samples to: virus_research@nai.
Preface International contact information To contact Network Associates outside the United States, use the addresses, phone numbers and fax numbers below. Network Associates Australia Network Associates Austria Level 1, 500 Pacific Highway Pulvermuehlstrasse 17 St.
Preface Network Associates France S.A.
Preface Network Associates Portugal Net Tools Network Associates South Africa Av. da Liberdade, 114 Bardev House, St. Andrews 1269-046 Lisboa Meadowbrook Lane Portugal Epson Downs, P.O. Box 7062 Phone: 351 1 340 4543 Bryanston, Johannesburg Fax: South Africa 2021 351 1 340 4575 Phone: 27 11 706-1629 Fax: Network Associates South East Asia Network Associates Spain 78 Shenton Way Orense 4, 4a Planta.
1 1 About Dr Solomon’s Anti-Virus Introducing Dr Solomon’s Anti-Virus Eighty percent of the Fortune 100—and more than 50 million users worldwide—choose Dr Solomon’s Anti-Virus to protect their computers from the staggering range of viruses and other malicious agents that has emerged in the last decade to invade corporate networks and cause havoc for business users.
About Dr Solomon’s Anti-Virus The new release also adds multiplatform support for Windows 95, Windows 98, Windows NT Workstation v4.0, and Windows 2000 Professional, all in a single package with a single installer, but optimized to take advantage of the benefits each platform offers. Windows NT Workstation v4.0 and Windows 2000 Professional users, for example, can run Dr Solomon’s Anti-Virus with differing security levels that provide a range of enforcement options for system administrators.
About Dr Solomon’s Anti-Virus How does Dr Solomon’s Anti-Virus work? Dr Solomon’s Anti-Virus combines the anti-virus industry’s most capable scan engine with top-notch interface enhancements that give you complete access to that engine’s power. The Dr Solomon’s Anti-Virus graphical user interface unifies its specialized program components, but without sacrificing the flexibility you need to fit the software into your computing environment.
About Dr Solomon’s Anti-Virus Encrypted polymorphic virus detection Along with generic virus variant detection, the scan engine now incorporates a generic decryption engine, a set of routines that enables Dr Solomon’s Anti-Virus to track viruses that try to conceal themselves by encrypting and mutating their code signatures. These “polymorphic” viruses are notoriously difficult to detect, since they change their code signature each time they replicate.
About Dr Solomon’s Anti-Virus Wide-spectrum coverage As malicious agents have evolved to take advantage of the instant communication and pervasive reach of the Internet, so Dr Solomon’s Anti-Virus has evolved to counter the threats they present. A computer “virus” once meant a specific type of agent—one designed to replicate on its own and cause a limited type of havoc on the unlucky recipient’s computer.
About Dr Solomon’s Anti-Virus • The Dr Solomon’s Anti-Virus application. This component gives you unmatched control over your scanning operations. You can configure and start a scan operation at any time—a feature known as “on-demand” scanning— specify local and network disks as scan targets, tell the application how to respond to any infections it finds, and see reports on its actions.
About Dr Solomon’s Anti-Virus • The E-Mail Scan extension. This component allows you to scan your Microsoft Exchange or Outlook mailbox, or public folders to which you have access, directly on the server. This invaluable “x-ray” peek into your mailbox means that Dr Solomon’s Anti-Virus can find potential infections before they make their way to your desktop, which can stop a Melissa-like virus in its tracks. See “Scanning Microsoft Exchange and Outlook mail” on page 277 for details. • A cc:Mail scanner.
About Dr Solomon’s Anti-Virus – SCANPM.EXE, a scanner for 16- and 32-bit environments. This scanner provides you with a full set of scanning options for 16- and 32-bit protected-mode DOS environments. It also includes support for extended memory and flexible memory allocations. FINDVIRU.EXE will transfer control to this scanner when its capabilities can enable your scan operation to run more efficiently. – SCAN86.EXE, a scanner for 16-bit environments only.
About Dr Solomon’s Anti-Virus – This user’s guide saved on the Dr Solomon’s Anti-Virus CD-ROM or installed on your hard disk in Adobe Acrobat .PDF format. You can also download it as VSC45WUG.PDF from Network Associates website or from other electronic services. The Dr Solomon’s Anti-Virus User’s Guide describes in detail how to use Dr Solomon’s Anti-Virus and includes other information useful as background or as advanced configuration options. Acrobat .
About Dr Solomon’s Anti-Virus What’s new in this release? This Dr Solomon’s Anti-Virus release introduces a number of innovative new features to the product’s core functionality, to its range of coverage, and to the details of its application architecture. A previous section, “How does Dr Solomon’s Anti-Virus work?” on page 31, discusses many of these features.
About Dr Solomon’s Anti-Virus Interface enhancements This release moves the Dr Solomon’s Anti-Virus interface for all supported platforms solidly into the territory Dr Solomon’s Anti-Virus for Windows 95 and Windows 98. This adds extensive WinGuard scanner configuration options for the Windows NT Workstation v4.0 and Windows 2000 Professional platforms, while reducing the complexity of some previous configuration options.
About Dr Solomon’s Anti-Virus Changes in product functionality • A new Alert Manager Client configuration utility allows you to choose an Alert Manager server installed on your network as an alert message destination, or to select a network share as a destination for Centralized Alerting messages. You can also supplement either of these alert methods with Desktop Management Interface alert messages.
Installing Dr Solomon’s Anti-Virus 2 2 Before you begin Dr Solomon’s Software distributes Dr Solomon’s Anti-Virus in two ways: 1) as an archived file that you can download from the Network Associates website; and 2) on CD-ROM. Although the method you use to transfer Dr Solomon’s Anti-Virus files from an archive you download differs from the method you use to transfer files from a CD-ROM you place in your CD-ROM drive, the installation steps you follow after that are the same for both distribution types.
Installing Dr Solomon’s Anti-Virus Other recommendations To take full advantage of Dr Solomon’s Anti-Virus’s automatic update features, you should have an Internet connection, either through your local-area network, or via a high-speed modem and an Internet service provider. Preparing to install Dr Solomon’s Anti-Virus Note which type of Dr Solomon’s Anti-Virus distribution you have, then follow the corresponding steps to prepare your files for installation.
Installing Dr Solomon’s Anti-Virus Installation options The “Installation steps”section describes how to install Dr Solomon’s Anti-Virus with its most common options on a single computer or workstation. You can choose to do a Typical setup—which installs commonly used Dr Solomon’s Anti-Virus components but leaves out some WinGuard modules and the ScreenScan utility—or you can choose to do a Custom setup, which gives you the option to install all Dr Solomon’s Anti-Virus components.
Installing Dr Solomon’s Anti-Virus Here, represents the drive letter for your CD-ROM drive or the path to the folder that contains your extracted Dr Solomon’s Anti-Virus files. To search for the correct files on your hard disk or CD-ROM, click Browse. NOTE: If your Dr Solomon’s Anti-Virus copy came on an Active Virus Defense or a Total Virus Defense CD-ROM, you must also specify which folder contains the Dr Solomon’s Anti-Virus.
Installing Dr Solomon’s Anti-Virus 4. This first panel tells you where to locate the README.TXT file, which describes product features, lists any known issues, and includes the latest available product information for this Dr Solomon’s Anti-Virus version. When you have read the text, click Next> to continue. 5. The next wizard panel displays the Dr Solomon’s Anti-Virus end-user license agreement.
Installing Dr Solomon’s Anti-Virus 6. Select Preserve On Access Settings, if the option is available, then click Next> to continue. If Setup finds incompatible software, it will display a wizard panel that gives you the option to remove the conflicting software (see Figure 2-4 on page 46). If you have no incompatible software on your system and your computer runs Windows 95 or Windows 98, skip to Step 9 on page 48 to continue with the installation.
Installing Dr Solomon’s Anti-Virus If your computer runs Windows NT Workstation v4.0 or Windows 2000 Professional, Setup next asks you which security mode you want to use to run Dr Solomon’s Anti-Virus on your system (see Figure 2-5 on page 47). The options in this panel govern whether others who use your computer can make changes to the configuration options you choose, can schedule and run tasks, or can enable and disable Dr Solomon’s Anti-Virus components.
Installing Dr Solomon’s Anti-Virus Users who do not have administrative rights may still configure and run their own scan operations with the Dr Solomon’s Anti-Virus application and save settings for those operations in a .VSC file, but they cannot change default Dr Solomon’s Anti-Virus application settings. To learn more about how to configure and save Dr Solomon’s Anti-Virus application settings, see Chapter 5, “Using the Dr Solomon’s Anti-Virus application.” • Use Standard Security.
Installing Dr Solomon’s Anti-Virus – the Send Virus utility – the Emergency Disk utility – the Dr Solomon’s Anti-Virus Command Line scanner software • Custom Installation. This option starts with the same components as the Typical setup, but allows you to choose from among these additional items: – The WinGuard E-Mail Scan, Download Scan, and Internet Filter modules – The ScreenScan utility To learn more about what each component does, see “What comes with Dr Solomon’s Anti-Virus?” on page 33. 10.
Installing Dr Solomon’s Anti-Virus • Add a component to the installation. Click beside a component name, then choose This feature will be installed on local hard drive from the menu that appears. To add a component and any related modules within the component, choose This feature, and all subfeatures, will be installed on local hard drive instead. You can choose this option only if a component has related modules. • Remove a component from the installation.
Installing Dr Solomon’s Anti-Virus Figure 2-8. Ready to Install panel 13. Click Install to begin copying files to your hard drive. Otherwise, click
Installing Dr Solomon’s Anti-Virus • Finish your installation. Leave the Scan Memory for Viruses before Configuring checkbox clear, then click Skip Config to finish your installation. Setup will ask if you want to start the WinGuard scanner and the Dr Solomon’s Anti-Virus Console immediately. To do so, select the Start Dr Solomon’s Anti-Virus checkbox, then click Finish. Your Dr Solomon’s Anti-Virus is ready for use.
Installing Dr Solomon’s Anti-Virus Figure 2-10. Configuration panel 15. If your computer runs Windows 95 or Windows 98, you can choose any of the configuration options shown here. These are: • Scan boot record at startup. Select this checkbox to have Setup write these lines to your Windows AUTOEXEC.BAT file: C:\PROGRA~1\NETWOR~1\DRSOLO~1\FINDVIRU.EXE C:\ @IF ERRORLEVEL 1 PAUSE This tells your system to start the Dr Solomon’s Anti-Virus Command Line scanner when your system starts.
Installing Dr Solomon’s Anti-Virus • Run Default Scan for Viruses after Installation. This option is active by default. The option tells Setup to finish the installation, then to run the Dr Solomon’s Anti-Virus application immediately afterwards to scan your entire startup partition. The application will alert you if it finds any viruses on this partition, but otherwise will quit without any further notice. Clear this checkbox to skip this scan operation.
Installing Dr Solomon’s Anti-Virus Figure 2-11. Update Virus Definition Files panel 17. Choose the update option you prefer. You can: • Run AutoUpdate Now. This option uses default AutoUpdate configuration options to connect directly to the Network Associates website and download the latest incremental .DAT file updates. Select this option if your company has not designated a location on your network as an update site, and if you do not need to configure proxy server or firewall settings.
Installing Dr Solomon’s Anti-Virus If you chose to run an AutoUpdate operation immediately, the utility will connect to the Network Associates website to download new incremental .DAT files. After it finishes, the Setup sequence will resume. If you chose to configure the AutoUpdate utility, the Automatic Update dialog box will appear. Choose your configuration options, then click Update Now to start an immediate update operation, or click OK to save the options you chose.
Installing Dr Solomon’s Anti-Virus Using the Emergency Disk Creation utility If you choose to create an Emergency Disk during installation, Setup will start the Emergency Disk wizard in the middle of the Dr Solomon’s Anti-Virus installation, then will return to the Setup sequence when it finishes. To learn how to create an Emergency Disk, begin with Step 1 on page 58. You can also start the Emergency Disk wizard at any point after you install Dr Solomon’s Anti-Virus.
Installing Dr Solomon’s Anti-Virus To start the wizard after installation, click Start in the Windows taskbar, point to Programs, then to Network Associates. Next, choose Create Emergency Disk. The Emergency Disk wizard welcome panel will appear (Figure 2-13). Figure 2-13. Emergency Disk welcome panel 1. Click Next> to continue. The next wizard panel appears (Figure 2-14). Figure 2-14.
Installing Dr Solomon’s Anti-Virus If your computer runs Windows NT Workstation or Windows 2000 Professional, the wizard tells you that it will format your Emergency Disk with the NAI-OS. You must use these proprietary operating system files to create your Emergency Disk, because Windows NT Workstation v4.0 and Windows 2000 Professional system files do not fit on a single floppy disk.
Installing Dr Solomon’s Anti-Virus Next, remove the disk from your floppy drive, lock it, label it Dr Solomon’s Anti-Virus Emergency Boot Disk and store it in a safe place. • If you chose to format your disk with Windows system files, the wizard displays a panel that lets you choose whether to format your floppy disk (see Figure 2-16 on page 60). Figure 2-16.
Installing Dr Solomon’s Anti-Virus The Windows disk format dialog box appears (see Figure 2-17 on page 61). Figure 2-17. Windows Format dialog box d. Verify that the Full checkbox in the Format Type area and the Copy system files checkbox in the Other Options area are both selected. Next, click Start. Windows will format your floppy disk and copy the system files necessary to start your computer. e.
Installing Dr Solomon’s Anti-Virus If Dr Solomon’s Anti-Virus does not detect any viruses during its scan operation, Setup will immediately copy BOOTSCAN.EXE and its support files to the floppy disk you created. If Dr Solomon’s Anti-Virus does detect a virus, quit Setup immediately. See “If you suspect you have a virus...” on page 69 to learn what to do next. 4. When the wizard finishes copying the Emergency Disk files, it displays the final wizard panel (Figure 2-19). Figure 2-19.
Installing Dr Solomon’s Anti-Virus To learn which circumstances require you to restart your computer, see Table 2-1. Table 2-1.
Installing Dr Solomon’s Anti-Virus To test your installation, follow these steps: 1. Open a standard Windows text editor, such as Notepad, then type this character string as one line, with no spaces or carriage returns: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUSTEST-FILE!$H+H* NOTE: The line shown above should appear as one line in your text editor window, so be sure to maximize your text editor window and delete any carriage returns.
Installing Dr Solomon’s Anti-Virus 2. Locate and double-click the Add/Remove Programs control panel. 3. In the Add/Remove Programs Properties dialog box, choose Dr Solomon’s Dr Solomon’s Anti-Virus v8.5.0 in the list, then click Add/Remove. Setup will start and display the first Maintenance wizard panel (Figure 2-20). Figure 2-20. First maintenance panel 4. Click Next> to continue. Setup displays the Program Maintenance wizard panel.
Installing Dr Solomon’s Anti-Virus Figure 2-21.
Installing Dr Solomon’s Anti-Virus 5. Choose whether to modify Dr Solomon’s Anti-Virus components or to remove Dr Solomon’s Anti-Virus from your system completely. Your choices are: • Modify. Select this option to add or remove individual Dr Solomon’s Anti-Virus components. Setup will display the Custom wizard panel (see Figure 2-7 on page 49). Start with Step 11 on page 49 to choose the components you want to add or remove.
Installing Dr Solomon’s Anti-Virus 68 Dr Solomon’s Anti-Virus
Removing Infections From Your System 3 3 If you suspect you have a virus... First of all, don’t panic! Although far from harmless, most viruses that infect your machine will not destroy data, play pranks, or render your computer unusable. Even the comparatively rare viruses that do carry a destructive payload usually produce their nasty effects in response to a trigger event.
Removing Infections From Your System If Dr Solomon’s Anti-Virus found an infection during installation, follow these steps carefully: 1. Quit Setup immediately, then shut down your computer. Be sure to turn the power to your system off completely. Do not press CTRL+ALT+DEL or reset your computer to restart your system—some viruses can remain intact during this type of “warm” reboot. 2.
Removing Infections From Your System BOOTSCAN.EXE, the command-line scanner that comes with the Emergency Disk, will make four scanning passes to examine your hard disk boot sectors, your Master Boot Record (MBR), your system directories, program files, and other likely points of infection on all of your local computer's hard disks. NOTE: Dr Solomon’s Software strongly recommends that you do not interrupt the BOOTSCAN.EXE scanner as it runs its scan operation.
Removing Infections From Your System As your next step, locate and delete the infected file or files. You will need to restore any files that you delete from backup files. Be sure to check your backup files for infections also. Be sure also to use the Dr Solomon’s Anti-Virus application at your earliest opportunity to scan your system completely in order to ensure that your system is virus-free.
Removing Infections From Your System Recognizing when you don’t have a virus Personal computers have evolved, in their short life span, into highly complex machines that run ever-more-complicated software. Even the most farsighted of the early PC advocates could never have imagined the tasks for which workers, scientists and others have harnessed the modern PC’s speed, flexibility and power.
Removing Infections From Your System Understanding false detections A false detection occurs when Dr Solomon’s Anti-Virus sends a virus alert message or makes a log file entry that identifies a virus where none actually exists. You are more likely to see false detections if you have anti-virus software from more than one vendor installed on your computer, because some anti-virus software stores the code signatures it uses for detection unprotected in memory.
Removing Infections From Your System Responding to viruses or malicious software Because Dr Solomon’s Anti-Virus consists of several component programs, any one of which could be active at one time, your possible responses to a virus infection or to other malicious software will depend upon which program detected the harmful object, how you have that program configured to respond, and other circumstances.
Removing Infections From Your System As this dialog box awaits your response, your computer will continue to process any other tasks it is running in the background. Figure 3-1. Initial System Scan response options If your computer runs Windows 95 or Windows 98, you can choose to display a different virus alert message. If you select BIOS in the Prompt Type area in the System Scan module Action page, you’ll see instead a full-screen warning that offers you response options (Figure 3-2). Figure 3-2.
Removing Infections From Your System NOTE: The Continue access checkbox is unavailable if your computer runs Windows NT Workstation v4.0 or Windows 2000, or if you choose the GUI prompt type on Windows 95 and Windows 98 systems. To take one of the actions shown in an alert message, click a button in the Access to File Was Denied dialog box, or type the letter highlighted in yellow when you see the full-screen warning.
Removing Infections From Your System • Exclude the file from scan operations. Click Exclude in the dialog box, or type E when you see the full-screen warning, to tell the System Scan module to exclude this file from future scan operations. Normally, you would use this option to bypass files that you know do not have viruses.
Removing Infections From Your System • Exclude. Click this button to prevent the E-Mail Scan module from flagging this file as a virus in future scan operations. If you copy this file to your hard disk, this also prevents the System Scan module from detecting the file as a virus. When you choose your action, the E-Mail Scan module will implement it immediately and add a notice to the top of the e-mail message that contained the infected attachment.
Removing Infections From Your System • Move. Click this to tell the Download Scan module to move the infected file to the quarantine directory you chose in the module’s Action property page. When you choose your action, the Download Scan module will implement it immediately and add a notice to the top of the e-mail message that contained the infected attachment.
Removing Infections From Your System Figure 3-6. Dr Solomon’s Anti-Virus response options To respond to the infection, click one of the buttons shown. You can tell the Dr Solomon’s Anti-Virus application to: • Continue. Click this button to proceed with the scan operation and have the application list each infected file in the lower portion of its main window (Figure 3-7), record each detection in its log file, but take no other action to respond to the virus.
Removing Infections From Your System • Clean. Click this button to have the Dr Solomon’s Anti-Virus application try to remove the virus code from the infected file. If it cannot clean the file—either because it has no remover or because the virus has damaged the file beyond repair—it will record the incident in its log file and suggest alternative responses.
Removing Infections From Your System Figure 3-8. E-Mail Scan response options To respond to the infection, click one of the buttons shown. You can tell the E-Mail Scan extension to: • Continue. Click this button to have the E-Mail Scan extension proceed with its scan operation, list each infected file it finds in the lower portion of its main window (Figure 3-9), and record each detection in its log file, but it will take no other action to respond to the virus.
Removing Infections From Your System Figure 3-9. E-Mail Scan extension window • Clean. Click this button to remove the virus code from the infected file. If the E-Mail Scan extension cannot clean the file—either because it has no remover or because the virus has damaged the file beyond repair—it will record the incident in its log file and suggest alternative responses. In the example shown in Figure 3-8, Clean is not an available response option.
Removing Infections From Your System Figure 3-10. Network Associates Virus Information Library page The Virus Information Library has a collection of documents that give you a detailed overview of each virus that Dr Solomon’s Anti-Virus can detect or clean, along with information about how the virus infects and alters files, and the sorts of payloads it deploys.
Removing Infections From Your System • Software tools you can use to extend or supplement your Dr Solomon’s anti-virus software • Contact addresses and other information for submitting questions, virus samples, and other data • Virus definition updates-this includes daily beta .DAT file updates, EXTRA.DAT files, updated Emergency .DAT files, current scan engine versions, regular weekly .DAT and SuperDAT updates, and new incremental virus definition files (.
Removing Infections From Your System Submitting a virus sample If you have a suspicious file that you believe contains a virus, or experience a system condition that might result from an infection—but Dr Solomon’s Anti-Virus has not detected a virus—Dr Solomon’s Software recommends that you send a sample to its anti-virus research team for analysis. When you do so, be sure to start your system in the apparently infected state—don’t start your system from a clean floppy disk.
Removing Infections From Your System 4. Read the welcome message, then click Next> to continue. The Contact Information wizard panel appears. Figure 3-13. Your Contact Information panel 5. If you want AVERT researchers to contact you about your submission, enter your name, e-mail address, and any message you would like to send along with your submission in the text boxes provided, then click Next> to continue.
Removing Infections From Your System 6. Click Add to open a dialog box you can use to locate the files you believe are infected. Choose as many files as you want to submit for analysis. To remove any of the files shown in the submission list, select it, then click Remove. When you have chosen all of the files you want to submit, click Next> to continue. The Choose Upload Options panel appears (Figure 3-15). Figure 3-15.
Removing Infections From Your System 7. Select the type of e-mail client application you have installed on your computer. Your choices are: • Use outgoing Internet mail. Click this button to send your sample via a Simple Mail Transfer Protocol e-mail client, such as Eudora, NetScape Mail, or Microsoft Outlook Express. Next, enter the name of your outgoing mail server in the text box provided-mail.domain.com, for example. • Use Microsoft Exchange.
Removing Infections From Your System 3. Type this line at the command prompt: format a: /s If your system hangs as it tries to format the disk, remove the disk from your floppy drive. Next, label the disk “Damaged during infected format as boot disk,” then set it aside. 4. Insert a new, formatted floppy disk into your floppy drive. 5. Copy your current system files to that disk. For most DOS versions, those files will include: • IO.SYS • MSDOS.SYS • COMMAND.
Removing Infections From Your System • If you suspect that a macro virus has infected your PowerPoint files, copy the file BLANKPRESENTATION.POT from C:\Program Files\Microsoft Office\Templates to the disk. Making disk images To send the files now stored on any floppy disks you created, you can use a Network Associates AVERT Labs tool called RWFLOPPY.EXE to make a floppy disk image that encapsulates the infection. The RWFLOPPY.
Removing Infections From Your System 6. Type INFECTED in the Password text box, then click OK. 7. When prompted, retype your password to verify its accuracy, then click OK. The Add With Password dialog box appears. 8. Select your sample files, then click OK. WinZip applies the password you entered to all files that you add to or extract from your archive. Password-protected files appear in the archive list with a plus sign (+) after their names.
Removing Infections From Your System Mailing infected floppy disks You can also mail the actual disks you created directly to Dr Solomon’s anti-virus researchers. Dr Solomon’s Software recommends that you create a text file or write a message to accompany the disks that includes the same information you would submit with an electronic disk image. Send your sample to only one research lab address so that you can receive the fastest possible response to your issue.
4 4 Using the WinGuard Scanner What does the WinGuard scanner do? Dr Solomon’s desktop anti-virus products use two general methods to protect your system. The first method, background scanning, operates continuously, watching for viruses as you use your computer for everyday tasks. In the Dr Solomon’s Anti-Virus product, the WinGuard scanner performs this function. A second method allows you to initiate your own scan operations. The Dr Solomon’s Anti-Virus application generally handles these tasks.
Using the WinGuard Scanner • Download Scan. This module scans files that you download to your system from the Internet. If you have enabled the Internet mail option in the E-Mail Scan module, this will include e-mail and file attachments that arrive via SMTP or POP-3 e-mail systems, which include such e-mail client programs as Eudora Pro, Microsoft Outlook Express, NetScape mail, and America Online mail. • Internet Filter.
Using the WinGuard Scanner • Malicious object detection and blocking. The WinGuard scanner can block harmful ActiveX and Java objects from gaining access to your system, before they pose a threat. The scanner does this by scanning the hundreds of objects you download as you connect to the web or to other Internet sites, and the file attachments you receive with your e-mail. It compares these items against a current list of harmful objects that it maintains, and blocks those that could cause problems.
Using the WinGuard Scanner Dr Solomon’s Software has also tested these e-mail clients and verified that they work with the WinGuard Download Scan module: • Microsoft Outlook Express • Qualcomm Eudora v3.x and v4.x • Netscape Mail (included with most versions of Netscape Navigator and Netscape Communicator) • America Online mail v3.0 and v4.0 In order to work with the WinGuard E-mail Scan module, your corporate e-mail system must use Lotus cc:Mail, Microsoft Exchange, or Microsoft Outlook client.
Using the WinGuard Scanner If your computer runs Windows NT Workstation v4.0 or Windows 2000 Professional, the WinGuard scanner loads as a Windows NT service called McShield, which you can see in the Windows Services control panel. NOTE: Dr Solomon’s Software recommends that you do not start or stop the McShield service from the Windows control panel. Instead, you can stop and restart the scanner from the provided Dr Solomon’s Anti-Virus control panel.
Using the WinGuard Scanner 4. Select the Load WinGuard on startup checkbox at the top of the Components property page. 5. Click OK to close the control panel. Enabling the WinGuard scanner and its modules Once you have all WinGuard components installed, you can use any of four methods to enable them, in various combinations. NOTE: Enabling a module means activating it and loading it into your computer's memory for use.
Using the WinGuard Scanner Figure 4-1. System Scan Status dialog box 2. For each module that you want to enable, click the corresponding tab, then click Enable. The same button in the property page for active modules will read Disable. 3. Click Close to close the dialog box. Depending on which combination of modules you enable, the WinGuard icon will display a different state. Method 3: Use the WinGuard Properties dialog box Follow these steps: 1.
Using the WinGuard Scanner Figure 4-2. WinGuard Properties dialog box 2. For each module that you want to enable, click the corresponding icon along the left side of the dialog box, then click the Detection tab. 3. Select the Enable checkbox at the top of each page. As you do so, the scanner enables that module. Depending on which combination of modules you enable, the WinGuard icon displays a different state.
Using the WinGuard Scanner 3. Click the minimize or the close button in the upper-right corner of the Console window to shrink the Console window back to a system tray icon. NOTE: Do not choose Exit from the Task menu. This will shut the Console down and unload it from memory. To run any tasks you have scheduled, the Console must be active.
Using the WinGuard Scanner To start the WinGuard configuration wizard: 1. Right-click the WinGuard icon in the Windows system tray to display the WinGuard shortcut menu, point to Properties, then choose System Scan to open the WinGuard Properties dialog box (see Figure 4-2 on page 102). 2. Click Wizard in the lower-left corner of the dialog box to display the configuration wizard welcome panel (Figure 4-3). Figure 4-3. WinGuard configuration wizard - Welcome panel 3.
Using the WinGuard Scanner Here you can tell the WinGuard scanner to look for viruses in files susceptible to infection whenever you open, run, copy, save or otherwise modify them. Susceptible files include various types of executable files and document files with embedded macros, such as Microsoft Office files. The System Scan module will also scan files stored on floppy disks whenever you read from or write to them, or when you shut down your computer.
Using the WinGuard Scanner • Enable Corporate Mail. Select this checkbox if you use a proprietary e-mail system at work or in a networked environment. Most such systems use a central network server to receive and distribute mail that individual users send to each other from client applications. Such systems might send and receive mail from outside the network or from the Internet, but they usually do so through a “gateway” application run from the server.
Using the WinGuard Scanner The next wizard panel sets options for the WinGuard Download Scan module (Figure 4-6). Figure 4-6. WinGuard Configuration Wizard - Download Scan panel 6. To have the Download Scan module look for viruses in each file that you download from the Internet, select the Yes, do scan my downloaded files for viruses checkbox, then click Next> to continue. The module will look for viruses in those files most susceptible to infection and will scan compressed files as you receive them.
Using the WinGuard Scanner 7. To have the Internet Filter module block hostile Java and ActiveX objects or dangerous Internet sites that can cause your system harm, select Yes, enable hostile applet protection and access prevention to unsafe websites, then click Next>. The Internet Filter module maintains a list of harmful objects and sites that it uses to check the sites you visit and the objects you encounter.
Using the WinGuard Scanner Setting WinGuard scanner properties To ensure its optimal performance on your computer or in your network environment, the WinGuard scanner needs to know what you want it to scan, what you want it to ignore, what you want it to do if it finds a virus or other malicious software, and how it should let you know when it has.
Using the WinGuard Scanner Configuring the System Scan module The WinGuard System Scan module is at the heart of the WinGuard scanner. It scans files that come from any source, including those that the other WinGuard modules direct to it from Internet downloads and e-mail messages. The module can check your system for viruses each time you open, run, copy, save, rename or otherwise modify files on your hard disk, on any removable media attached to your computer, or on network drives mapped to your system.
Using the WinGuard Scanner 2. Tell the module when and where you want it to look for viruses. You can have it • Scan files as you work with them. Each time you open, run, copy, save, rename, or otherwise use files on your hard disk, virus code can execute and spread infections to other files. To prevent this on computers that run Windows NT Workstation v4.0 or Windows 2000 Professional, select both the Inbound files and the Outbound files checkboxes.
Using the WinGuard Scanner Your copy of the System Scan module will then examine files as your computer reads them from your hard disk, then again as it writes them to the destination computer’s hard disk. If the destination computer has its own copy of the System Scan module active, it too will scan the file as you write it to the network drive if that System Scan module has the Inbound files checkbox selected.
Using the WinGuard Scanner • Choose file types for scanning. Viruses cannot infect files that contain no executable code, whether script, macro, or binary code. You can, therefore, safely narrow the scope of your scan sessions so that the module examines only those files most susceptible to virus infection.To do so, select the Program files only button.
Using the WinGuard Scanner 4. Choose WinGuard software management options. These options let you control your interaction with the WinGuard scanner. You can • Disable the System Scan module at will. Select the System Scan can be disabled checkbox in order to have the option to disable this module. Note that Dr Solomon’s Software recommends that you leave the System Scan module enabled for maximum protection.
Using the WinGuard Scanner Figure 4-11. Advanced Scan Settings dialog box Heuristic scanning technology enables the System Scan module to recognize new viruses based on their resemblance to similar viruses that the module already knows. To do this, the module looks for certain “virus-like” characteristics in the files you’ve asked it to scan.
Using the WinGuard Scanner – Enable program file heuristics scanning. Choose this option to have the System Scan module locate new viruses in program files by examining file characteristics and comparing them against a list of known virus characteristics. The module will identify files with a sufficient number of these characteristics as potential viruses. – Enable macro and program file heuristics scanning. Choose this option to have the module use both types of heuristics scanning.
Using the WinGuard Scanner Choosing Action options When the System Scan module detects a virus, it can respond either by asking you what it should do with the infected file, or by automatically taking an action that you determine ahead of time. Use the Action property page to specify which response options you want the module to give you when it finds a virus, or which actions you want it to take on its own.
Using the WinGuard Scanner 3. The items you can choose from the list are: • Prompt for user action. Choose this response to have the System Scan module ask you what to do when it finds a virus—the module will display an alert message and offer you a set of possible responses. If your computer runs Windows 95 or Windows 98, choosing this response displays the Prompt Type option (Figure 4-13). Here you can choose the method you want the System Scan module to use to alert you when it finds a virus.
Using the WinGuard Scanner – Move file. This option tells the module to move the infected file to a quarantine folder. The GUI version of the alert message will display a Move file to button that allows you to locate a quarantine folder to use. – Stop access. This option tells the module to prevent you or anyone else who tried to modify this file from working with it in any way at all. – Exclude file. This option tells the module to skip the file during this and later scan sessions. – Continue access.
Using the WinGuard Scanner • Deny access to infected files and continue. Choose this response to have the module mark the file “off limits” and continue with its normal scanning operations. Choose this response only if you plan to leave your computer unattended for long periods.
Using the WinGuard Scanner 2. Select the Notify Alert Manager checkbox to have the module send alert messages to Alert Manager for distribution. Alert Manager is a separate Dr Solomon’s software component that collects alert messages and uses a variety of methods to send them to recipients that you specify. To have the System Scan module send these alert messages successfully, you must also set up the Alert Manager Client Configuration utility.
Using the WinGuard Scanner Choosing Report options The System Scan module lists its current settings and summarizes all of the actions it takes during its scanning operations in a log file called VSHLOG.TXT. You can have the module write its log to this file, or you can use any text editor to create a text file for it to use. You can then open and print the log file for later review from any text editor. The VSHLOG.
Using the WinGuard Scanner You can enter a different name and path in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network.You may use a different file, but the text file must already exist. The module will not create a new file. 3. Select the Limit size of log file to checkbox to minimize the log file size, then enter a value for the file size, in kilobytes, in the text box provided.
Using the WinGuard Scanner If you choose this option, the log will record: – How many files the module examined. – How many infected files the module cleaned. – How many infected files the module deleted. – How many infected files the module moved to a quarantine folder. – Your System Scan module settings. Clear the checkbox to leave this information out of the log file. 5. Date and time. Select this checkbox to have the log file record the date and time at which the module starts each scan session.
Using the WinGuard Scanner Once you use Dr Solomon’s Anti-Virus to scan your system thoroughly, you can tell the System Scan module to ignore those files and folders that do not change or that are not normally vulnerable to virus infection. To choose your options, follow these steps: 1. Click the Exclusion tab in the System Scan module to display the correct property page (Figure 4-16). Figure 4-16. System Scan Properties dialog box - Exclusion page 2. Specify the items you want to exclude.
Using the WinGuard Scanner Next, follow these substeps to add items to the list: a. Enter a path to a folder or a file name in the text box provided, or click Browse to locate the item you want the module to exclude. NOTE: If you have chosen to move infected files to a quarantine folder automatically, the module excludes that folder from scan operations. b. Select the Include subfolders checkbox to tell the module to ignore files stored in any subfolders within the folder you specified in Step a.
Using the WinGuard Scanner • Remove an item from the list. To delete an exclusion item, select it in the list, then click Remove. This means that the System Scan module will scan this file or folder during this scan session. 3. Click a different tab to change any of your System Scan settings, or click one of the icons along the side of the System Scan Properties dialog box to choose options for a different module. To save your changes in the System Scan module without closing its dialog box, click Apply.
Using the WinGuard Scanner Choosing Detection options The WinGuard scanner does not start with the E-mail Scan module enabled by default because it needs to know which e-mail system you use. Once you configure it for use with your regular e-mail client, the module will use your MAPI profile, or your cc:Mail user name and password, to log on to your mail account whenever it starts a scan session.
Using the WinGuard Scanner 2. Select the type of e-mail system you use. Your options are: • Enable Corporate Mail. Select this checkbox to have the E-Mail Scan module scan mail attachments you receive via a mail system that runs within your office network. Usually such systems use a proprietary mail protocol and have a central mail server to which you send mail for delivery. Often such systems send and receive Internet mail, but they usually do so through a gateway application.
Using the WinGuard Scanner 3. Tell the E-Mail Scan module which mail sources it should monitor: • If you chose Microsoft Exchange (MAPI) as your corporate e-mail system, the Folders area shows All incoming mail, which means that the module will look for viruses in files attached to each e-mail message as it arrives in your MAPI mailbox or via other MAPI services.
Using the WinGuard Scanner • Choose file types for scanning. Viruses cannot infect files that contain no executable code, whether script, macro, or binary code. You can, therefore, safely narrow the scope of your scan sessions so that the module examines only those files most susceptible to virus infection.To do so, select the Program files only button.
Using the WinGuard Scanner To do this, the module looks for certain “virus-like” characteristics in the files you’ve asked it to scan. The presence of a sufficient number of these characteristics in a file leads the module to identify the file as potentially infected with a new or previously unidentified virus. Because the E-Mail Scan module looks simultaneously for file characteristics that rule out the possibility of virus infection, it will rarely give you a false indication of a virus infection.
Using the WinGuard Scanner 6. Click the Action tab to choose additional E-Mail Scan module options. To save your changes without closing the E-mail Scan Properties dialog box, click Apply. To save your changes and close the dialog box, click OK. To close the dialog box without saving your changes, click Cancel. NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply.
Using the WinGuard Scanner 2. Choose a response from the When a virus is found list. The area beneath the list will change to show you additional options for each response. Your choices are: • Prompt for user action. Choose this response if you want the E-Mail Scan module to ask you what to do when it finds a virus—the module will display an alert message and offer you a range of possible responses.
Using the WinGuard Scanner You can change the name and location of the folder into which the module deposits infected Internet mail, but to do so, you must switch to the Download Scan module and click the Action tab there. See “Choosing Action options” on page 146 for details. • Clean infected files. Choose this response to tell the module to remove the virus code from the infected file as soon as it finds it. If the module cannot remove the virus, it will note the incident in its log file.
Using the WinGuard Scanner Choosing Alert options Once you configure it with the response options you want in the Action page, you can let the E-Mail Scan module look for and remove viruses from your system automatically, as it finds them, with almost no further intervention. But if you want the module to tell you as soon as it finds a virus so you can take appropriate action, configure it to send an alert message to you or to others. Follow these steps: 1.
Using the WinGuard Scanner You can pass alert messages directly to an Alert Manager server, or you can send alert messages as text (.ALR) files to a Centralized Alerting directory that the Alert Manager server checks periodically. NOTE: Clearing this checkbox tells the E-Mail Scan module not to send an alert message via Alert Manager, but does not affect other alert messages that you configure in this property page.
Using the WinGuard Scanner b. To send a copy of this message to someone else, enter an e-mail address in the text box labeled Cc:, or click Cc: to choose a recipient from your mail system's user directory or address book. NOTE: To find an e-mail address in your mail system's user directory, you must store address information in a MAPIcompliant user directory, database, or address book, or in an equivalent Lotus cc:Mail directory.
Using the WinGuard Scanner The module will sound the standard system warning beep or .WAV file you have your computer set to play. 5. Select the Display custom message checkbox to have the module add a custom message to the alert box it displays when it finds an infected file. As with the audible alert, you can change the setting for this option only if you choose Prompt for user action in the Action property page.
Using the WinGuard Scanner Figure 4-24. E-mail Scan Properties dialog box - Report page 2. Select the Log to file checkbox. By default, the module writes log information to the file WEBEMAIL.TXT in the Dr Solomon’s Anti-Virus program directory. you can enter a different name and path in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network. 3.
Using the WinGuard Scanner • Infected file deletion. Select this checkbox to have the log file record how many viruses the module deletes during each scan session. Clear this checkbox to leave this information out. • Infected file move. Select this checkbox to have the log file record how many viruses the module moves to a quarantine folder during each scan session. Clear this checkbox to leave this information out. • Session settings.
Using the WinGuard Scanner Configuring the Download Scan module The Download Scan module can check files you download from the Internet as you visit websites, FTP sites, and other Internet sites. This module is also where you set the options you want to use to respond to infected e-mail attachments you receive via POP-3 or SMTP e-mail client programs such as Eudora, Netscape Mail, or Microsoft Outlook Express.
Using the WinGuard Scanner To modify the settings in this property page, follow these steps: 1. Select the Enable Internet download scanning checkbox. The options in the rest of the property page activate. 2. Specify the types of files you want the Download Scan module to examine. You can: • Choose file types for scanning. Viruses cannot infect files that contain no executable code, whether script, macro, or binary code.
Using the WinGuard Scanner This option ensures that viruses do not spread from compressed files, but because the module uncompresses these files before it scans them, choosing this option can lengthen the time it takes to scan a given set of files as you work with your computer. NOTE: When the Download Scan module examines a file archive, it will scan only the file archive itself, not the compressed files within the archive.
Using the WinGuard Scanner – Enable macro heuristics scanning. Choose this option to have the Download Scan module identify all Microsoft Word, Microsoft Excel, and other Microsoft Office files that contain embedded macros, then compare the macro code to its virus definitions database. The module will identify exact matches with the virus name; code signatures that resemble existing viruses cause the module to tell you it has found a potential macro virus. – Enable program file heuristics scanning.
Using the WinGuard Scanner Choosing Action options When the Download Scan module detects a virus, it can respond either by asking you what it should do with the infected file, or by automatically taking an action that you determine ahead of time. Use the Action property page to specify which response options you want the module to give you when it finds a virus, or which actions you want it to take on its own. Follow these steps: 1.
Using the WinGuard Scanner Select the options you want to see in the alert message. Each of the checkboxes you select here causes an option button to appear in an alert message that the module displays when it finds a virus. Selecting Delete file here, for example, causes a Delete button to appear in the alert message. You can choose from these options: – Delete file. This option tells the module to delete the infected attachment immediately.
Using the WinGuard Scanner 3. Click the Alert tab to choose additional Download Scan module options. To save your changes without closing the Download Scan Properties dialog box, click Apply. To save your changes and close the dialog box, click OK. To close the dialog box without saving your changes, click Cancel. NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply.
Using the WinGuard Scanner Alert Manager is a separate Dr Solomon’s software component that collects alert messages and uses a variety of methods to send them to recipients that you specify. To have the Download Scan module send these alert messages successfully, you must also set up the Alert Manager Client Configuration utility. See “Using the Alert Manager Client Configuration utility” on page 306 for details.
Using the WinGuard Scanner Choosing Report options The Download Scan module lists its current settings and summarizes all of the actions it takes during its scanning operations in a log file called WEBINET.TXT. You can have the module write its log to this file, or you can use any text editor to create a text file for it to use. You can then open and print the log file for later review from any text editor. Use the Report property page to determine which information the module will include in its log file.
Using the WinGuard Scanner You can enter a different name and path in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network. You may use a different file, but the text file must already exist. The module will not create a new file. 3. Select the Limit size of log file to checkbox to minimize the log file size, then enter a value for the file size, in kilobytes, in the text box provided.
Using the WinGuard Scanner 5. Click a different tab to change any of your Download Scan settings, or click one of the icons along the side of the Download Scan Properties dialog box to choose options for a different module. To save your changes in the Download Scan module without closing its dialog box, click Apply. To save your changes and close the dialog box, click OK. To close the dialog box without saving your changes, click Cancel.
Using the WinGuard Scanner Choosing Detection options The Internet Filter module starts by assuming that you want to block all of the harmful objects and sites it has listed in its database in order to prevent you from accidentally encountering them (Figure 4-31). This option provides you with the tightest security against harmful objects, but allows you to make use of other objects on the Internet sites you visit. Figure 4-31.
Using the WinGuard Scanner 3. Tell the module which sites to filter. The program uses a list of dangerous Internet sites to decide which ones to prevent your browser from visiting. You can enable this function and add to the list of “banned” sites in two ways: • IP Addresses to block. Select this checkbox to tell the module to identify dangerous Internet sites by using their Internet Protocol (IP) addresses.
Using the WinGuard Scanner To change the list, you can: – Click Add to open the Add IP Address dialog box (Figure 4-33). Figure 4-33. Add IP address dialog box Next, follow these substeps: a. Type the Internet Protocol (IP) address you want to add to the Banned IP Addresses list in the text box on the left. Be sure to format the address with periods between each number group. b.
Using the WinGuard Scanner The Banned URLs dialog box identifies which Uniform Resource Locators you want the Internet Filter module to block whenever you or someone else tries to connect to them. By default, the list includes two domain names that download hostile Java or ActiveX objects to your machine as soon as you connect. You can add other domain names, then password-protect your settings to ensure that users do not delete them.
Using the WinGuard Scanner 4. Click the Action tab to choose additional Internet Filter module options. To save your changes without closing the Internet Filter Properties dialog box, click Apply. To save your changes and close the dialog box, click OK. To close the dialog box without saving your changes, click Cancel. NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply.
Using the WinGuard Scanner • Deny access to objects. Choose this response to have the module block harmful objects or sites automatically. The program will do so based on the contents of its own database, plus whatever site information you added. See “Choosing Detection options” on page 153 for details. Click the Alert tab to choose additional Internet Filter module options. To save your changes without closing the Internet Filter Properties dialog box, click Apply.
Using the WinGuard Scanner 2. Select the Notify Alert Manager checkbox to have the module send alert messages to Alert Manager for distribution. Alert Manager is a separate Dr Solomon’s software component that collects alert messages and uses a variety of methods to send them to recipients that you specify. To have the Internet Filter module send these alert messages successfully, you must also set up the Alert Manager Client Configuration utility.
Using the WinGuard Scanner Choosing Report options The Internet Filter module records how many Java and ActiveX objects it scanned, and how many it blocked from access to your computer in a log file called WEBFLTR.TXT. The same file records the number of Internet sites you visited while the module was active, and how many dangerous sites the program kept your browser from visiting. You can have the module write its log to its default file, or you can use any text editor to create a text file for it to use.
Using the WinGuard Scanner 2. Select the Log to file checkbox. By default, the module writes log information to the file WEBFILTR.TXT in the Dr Solomon’s Anti-Virus program directory. You can enter a different name and path in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network. 3. To minimize the log file size, select the Limit size of log file to checkbox, then enter a value for the file size, in kilobytes, in the text box provided.
Using the WinGuard Scanner Use the Security module to assign a password and to choose which pages to protect. Enabling password protection The WinGuard Security module does not come enabled by default, because it needs to know which password you want to assign to your settings. To activate and configure Security module password protection, follow these steps: 1. Select the Enable password protection checkbox. The options in the rest of the property page activate (Figure 4-39). Figure 4-39.
Using the WinGuard Scanner 3. Enter a password to use to lock your settings. Type any combination of up to 20 characters in the upper text box in the Password area, then enter the exact same combination in the text box below to confirm your choice. IMPORTANT: The password protection in the WinGuard scanner is different from the password protection you can assign to tasks in the Dr Solomon’s Anti-Virus Console or to settings in the Dr Solomon’s Anti-Virus application.
Using the WinGuard Scanner Protecting individual property pages If you chose Password-protect selected property pages only in the Security module’s Password page, you can choose which configuration options you want to lock for individual modules. Follow these steps: 1. Click the tab for the module whose settings you want to protect. If you don’t see the tab you want, click or to bring it into view. A representative page appears in Figure 4-41. Figure 4-41.
Using the WinGuard Scanner Using the WinGuard shortcut menu The WinGuard scanner groups several of its common commands in a shortcut menu associated with its system tray icon . Double-click this icon to display the WinGuard Status dialog box. Right-click the icon to display these commands: • Status. Choose this to open the WinGuard Status dialog box. • Properties. Point to this, then choose one of the modules listed to open the WinGuard Properties dialog box to the property page for that module.
Using the WinGuard Scanner This differs from disabling the scanner, which means deactivating one or more of its modules and preventing those modules from running during a scan session. It does not mean stopping the scanner and unloading it from your computer's memory. The WinGuard scanner can remain active in memory even with none of its modules enabled. In this state, the scanner still leaves an icon in the Windows system tray that you can use to enable it again.
Using the WinGuard Scanner The WinGuard scanner will stop and unload itself from memory. The WinGuard icon will disappear from the Windows taskbar.
Using the WinGuard Scanner Method 2: Use the Dr Solomon’s Anti-Virus Console Follow these steps: 1. Double-click the Dr Solomon’s Anti-Virus Console icon in the Windows system tray to bring the Console window to the foreground (Figure 4-42). Figure 4-42. Dr Solomon’s Anti-Virus Console window 2. Select WinGuard in the task list, then choose Disable from the Task menu. the Console will stop the WinGuard scanner and all of its modules, and unload them from memory.
Using the WinGuard Scanner Method 3: Use the Dr Solomon’s Anti-Virus control panel Follow these steps: 1. Click Start in the Windows taskbar, point to Settings, then choose Control Panel. 2. Locate and double-click the Dr Solomon’s Anti-Virus control panel to open it (Figure 4-43). Figure 4-43. Dr Solomon’s Anti-Virus control panel - Service page 3. Click Stop in the Service page.
Using the WinGuard Scanner Method 1: Use the WinGuard shortcut menu Follow these steps: 1. Right-click the WinGuard icon its shortcut menu. in the Windows system tray to display 2. Point to Quick Enable. 3. Choose one of the module names shown with a check mark beside it to deactivate it. Module names that have a check mark beside them are active. Those without a check mark are inactive. This method disables a module only for the length of a scan session, or until you enable it again.
Using the WinGuard Scanner Method 3: Use the WinGuard Properties dialog box Follow these steps: 1. Right-click the WinGuard icon the WinGuard shortcut menu. in the Windows system tray to display 2. Point to Properties, then choose a module name to open the WinGuard Properties dialog box (Figure 4-45). Figure 4-45. WinGuard Properties dialog box 3. For each module that you want to disable, click the corresponding icon along the left side of the dialog box, then click the Detection tab. 4.
Using the WinGuard Scanner Tracking WinGuard software status information Once you activate and configure the WinGuard scanner, it operates continuously in the background, watching for and then scanning e-mail you receive, files you run or download, or Java and ActiveX objects you encounter. To see a real-time summary of its progress: 1. Double-click the WinGuard system tray icon box. to open the Status dialog 2. Click the tab that corresponds to the program module whose progress you want to check.
Using the WinGuard Scanner Viewing WinGuard task status information You can also see statistical information in the Task Properties dialog box for each WinGuard module. To view this information, follow these steps: 1. Double-click the Dr Solomon’s Anti-Virus Console icon in the Windows system tray to bring the Console window to the foreground (see Figure 4-42 on page 168). 2. Double-click the WinGuard task in the task list to display the Task Properties dialog box shown in Figure 4-46. Figure 4-46.
Using the WinGuard Scanner 174 Dr Solomon’s Anti-Virus
Using the Dr Solomon’s Anti-Virus application 5 5 What is the Dr Solomon’s Anti-Virus application? Dr Solomon’s desktop anti-virus products use two general methods to protect your system. The first method, background scanning, operates continuously, watching for viruses as you use your computer for everyday tasks. In the Dr Solomon’s Anti-Virus product, the VShield scanner performs this function. To learn more about the VShield scanner, see Chapter 4, “Using the WinGuard Scanner.
Using the Dr Solomon’s Anti-Virus application Why use the Dr Solomon’s Anti-Virus application? Maintaining a secure computing environment means scanning for viruses regularly. Depending on the degree to which you swap floppy disks with other users, share files over your local area network, or interact with other computers via the Internet, scanning “regularly” could mean scanning as little as once a month, or as often as several times a day.
Using the Dr Solomon’s Anti-Virus application If you connect to the Internet frequently or download files often, you might want to schedule regular scan operations that sweep your system at set intervals, so that you don't have to remember to start the Dr Solomon’s Anti-Virus application. The Dr Solomon’s Anti-Virus Console provides a very flexible set of options for this purpose. To learn more about scheduling Dr Solomon’s Anti-Virus application tasks, see “Creating new tasks” on page 219.
Using the Dr Solomon’s Anti-Virus application From here, you can: • Start scanning immediately. Click Scan Now to have the application scan your system with the last configuration options you set, or with default options. • Switch between the Classic and Advanced interfaces. Use the Classic interface for quick, uncomplicated scan operations that use default or restricted settings. To switch to the Advanced interface from there, choose Advanced from the Tools menu.
Using the Dr Solomon’s Anti-Virus application • Protect your settings with a password. Choose Password Protect from the Tools menu to open a dialog box you can use to lock any Dr Solomon’s Anti-Virus application property page. Figure 5-3. Password protection dialog box Select each property page you want to protect, then click the Password button to the right to assign a password. • Open the online help file. Choose Help Topics from the Help menu to see a list of Dr Solomon’s Anti-Virus help topics.
Using the Dr Solomon’s Anti-Virus application You can: • Start one of the preset tasks in its default configuration. Select a task in the task list, then click in the Console toolbar. If the scan task is set to start automatically, the Dr Solomon’s Anti-Virus application window will open and the task will run immediately. If the task is not set to start automatically, the window will open, but you must click Scan Now to start the operation. • Create and schedule a new task of your own.
Using the Dr Solomon’s Anti-Virus application You can also open this window and load your settings by right-clicking the settings file, then choosing Start from the shortcut menu that appears. Ordinarily, you'll find your settings files in the Dr Solomon’s Anti-Virus program directory, but you can save your settings files anywhere on your hard disk. Dr Solomon’s Anti-Virus settings files have a .VSC extension. 2. Click Scan Now to start the scan operation with the settings you specified.
Using the Dr Solomon’s Anti-Virus application Method 4: Starting the application from the command line Follow these steps: 1. Click Start in the Windows taskbar, point to Programs, then choose MS-DOS Prompt if your computer runs Windows 95 or Windows 98. If your computer runs Windows NT Workstation v4.0 or Windows 2000 Professional, choose Command Prompt instead. Windows displays a command-prompt window.
Using the Dr Solomon’s Anti-Virus application Configuring the Dr Solomon’s Anti-Virus Classic interface For the Dr Solomon’s Anti-Virus application to protect your system, you must tell it: • what you want it to scan • what you want it to do if it finds a virus • how it should let you know when it finds a virus • whether you want it to keep track of its actions A series of property pages in the Dr Solomon’s Anti-Virus window controls the options for each task—click each tab to set up the application for yo
Using the Dr Solomon’s Anti-Virus application To modify these options, follow these steps: 1. Choose a volume or folder on your system or on your network that you want Dr Solomon’s Anti-Virus to examine for viruses. Type a path to the target volume or folder in the text box provided, or click Browse to open the Browse for Folder dialog box (Figure 5-7). Figure 5-7. Browse for Folder dialog box Click to expand the listing for an item shown in the dialog box. Click to collapse an item.
Using the Dr Solomon’s Anti-Virus application 3. Specify the types of files you want Dr Solomon’s Anti-Virus to examine. You can: • Scan compressed files. Select the Compressed files checkbox to have Dr Solomon’s Anti-Virus look for viruses in compressed files and file archives. Although it does give you better protection, scanning compressed files can lengthen a scan operation.
Using the Dr Solomon’s Anti-Virus application Follow these steps: 1. Click the Action tab in the Dr Solomon’s Anti-Virus Classic window to display the correct property page (Figure 5-8). Figure 5-8. Dr Solomon’s Anti-Virus Classic window - Action page 2. Choose a response from the When a virus is found list. The area immediately beneath the list will change to show you additional options for each response. Your choices are: • Prompt User for Action.
Using the Dr Solomon’s Anti-Virus application • Continue scanning. Use this option only if you plan to leave your computer unattended while the Dr Solomon’s Anti-Virus application checks for viruses. If you also activate the application’s feature (see “Choosing Report options” on page 200 for details), the program will record the names of any viruses it finds and the names of infected files so that you can delete them at your next opportunity. 3.
Using the Dr Solomon’s Anti-Virus application Figure 5-9. Dr Solomon’s Anti-Virus Classic window - Report page 2. Choose the types of alert methods you want the Dr Solomon’s Anti-Virus application to use when it finds a virus. You can have it: • Display a custom message. Select the Display message checkbox, then enter the message you want to appear in the text box provided. You can enter a message up to 225 characters in length.
Using the Dr Solomon’s Anti-Virus application To start a scan operation immediately with the options you’ve chosen, click Scan Now. To save your changes as default scan options, choose Save As Default from the File menu or click New Scan. To save your settings in a new file, choose Save Settings from the File menu, name your file in the dialog box that appears, then click Save.
Using the Dr Solomon’s Anti-Virus application For the Dr Solomon’s Anti-Virus application to protect your system, you must tell it: • what you want it to scan • what you want it to do if it finds a virus • how it should let you know when it finds a virus • whether you want it to keep track of its actions • which items you don't want it to scan for viruses A series of property pages in the Dr Solomon’s Anti-Virus window controls the options for each task—click each tab to set up the application for your tas
Using the Dr Solomon’s Anti-Virus application Figure 5-10. Dr Solomon’s Anti-Virus Advanced window - Detection page To modify these options and add others, follow these steps: 1. Choose which parts of your system or your network that you want Dr Solomon’s Anti-Virus to examine for viruses. You can: • Add scan targets. Click Add to open the Add Scan Item dialog box (Figure 5-11). Figure 5-11.
Using the Dr Solomon’s Anti-Virus application – All fixed disks. This tells the application to scan hard disks physically connected to your computer. – All network drives. This tells the application to scan all drives logically mapped via Windows Explorer to a drive letter on your computer. b. When you've chosen your target, click OK to close the dialog box.
Using the Dr Solomon’s Anti-Virus application To scan a particular disk or folder on your system, click the Select drive or folder to scan button, then: a. Type in the text box provided the drive letter or the path to the folder you want scanned, or click Browse to locate the scan target on your computer. NOTE: You may not use Universal Naming Convention (UNC) notation to specify a network disk as a scan target for scheduled tasks. Doing so will result in an “Invalid Path” error.
Using the Dr Solomon’s Anti-Virus application 2. Specify the types of files you want the Dr Solomon’s Anti-Virus application to examine. You can: • Scan compressed files. Select the Compressed files checkbox to have the Dr Solomon’s Anti-Virus application look for viruses in compressed files and file archives. Although it does give you better protection, scanning compressed files can lengthen a scan operation.
Using the Dr Solomon’s Anti-Virus application Heuristic scanning technology enables the Dr Solomon’s Anti-Virus application to recognize new viruses based on their resemblance to similar viruses that the module already knows. To do this, the application looks for certain “virus-like” characteristics in the files you’ve asked it to scan.
Using the Dr Solomon’s Anti-Virus application c. Click OK to save your settings and return to the VShield Properties dialog box. 4. Click the Action tab to choose additional Dr Solomon’s Anti-Virus application options. To start a scan operation immediately with just the options you’ve chosen, click Scan Now. To save your changes as default scan options, choose Save As Default from the File menu or click New Scan.
Using the Dr Solomon’s Anti-Virus application Each of the checkboxes you select in the Action page causes an option button to appear in an alert message that the application displays when it finds a virus. Selecting Delete file, here, for example, causes a Delete button to appear in the alert message. You can choose from these options: – Clean infection. This option tells the application to try to remove the virus code from the infected file.
Using the Dr Solomon’s Anti-Virus application • Continue scanning. Use this option only if you plan to leave your computer unattended while the application checks for viruses. If you also activate the reporting feature, the application will record the names of any viruses it finds and the names of infected files so that you can delete them at your next opportunity. 3. Click the Alert tab to choose additional Dr Solomon’s Anti-Virus configuration options.
Using the Dr Solomon’s Anti-Virus application Alert Manager is a separate Dr Solomon’s software component that collects alert messages and uses a variety of methods to send them to recipients that you specify. To have the Dr Solomon’s Anti-Virus application send these alert messages successfully, you must also set up the Alert Manager Client Configuration utility. See “Using the Alert Manager Client Configuration utility” on page 306 for details.
Using the Dr Solomon’s Anti-Virus application Choosing Report options The Dr Solomon’s Anti-Virus application lists its current settings and summarizes all of the actions it takes during its scan operations in a log file called VSCLOG.TXT. You can have the application write its log to this file, or you can use any text editor to create a text file for the application to use. You can then open and print the log file for later review from within the application or from your text editor. The VSCLOG.
Using the Dr Solomon’s Anti-Virus application 3. To minimize the log file size, select the Limit size of log file to checkbox, then enter a value for the file size, in kilobytes, in the text box provided. If you do not select this checkbox, the log file can grow to as large a size as your disk space permits. Enter a value between 10KB and 999KB. By default, the application limits the file size to 100KB.
Using the Dr Solomon’s Anti-Virus application – How many infected files the application moved to a quarantine folder. – Your application settings. Clear the checkbox to leave this information out of the log file. • Date and time. Select this checkbox to have the log file record the date and time at which the software starts each scan operation. Clear this checkbox to leave this information out of the log file. • User name.
Using the Dr Solomon’s Anti-Virus application Each entry in the exclusion list displays the path to the item, notes whether the application will also exclude any nested folders within the target, and explains whether the application will exclude the item when it scans files, when it scans your hard disk boot sector, or both. By default, you can exclude up to 100 unique scan targets.
Using the Dr Solomon’s Anti-Virus application To exclude files or folders from scan operations, follow these steps: 1. Click the Exclusion tab in the Dr Solomon’s Anti-Virus Advanced window to display the correct property page (Figure 5-17). Figure 5-17. Dr Solomon’s Anti-Virus Advanced window - Exclusion page 2. Specify the items you want to exclude. You can • Add files, folders or volumes to the exclusion list. Click Add to open the Add Exclude Item dialog box (Figure 5-18). Figure 5-18.
Using the Dr Solomon’s Anti-Virus application b. Select the Include subfolders checkbox to tell the application to ignore files stored in any subfolders within the folder you specified in Step a. NOTE: Choosing Include subfolders causes the application to ignore only those files stored in the subfolders themselves. The application will still scan files stored at the root level of the folder you designate. To exclude the files at the folder root level, clear the Include subfolders checkbox. c.
Using the Dr Solomon’s Anti-Virus application To start a scan operation immediately with the options you’ve chosen, click Scan Now. To save your changes as default scan options, choose Save As Default from the File menu or click New Scan. To save your settings in a new file, choose Save Settings from the File menu, name your file in the dialog box that appears, then click Save.
Using the Dr Solomon’s Anti-Virus application Figure 5-20. Specify Password dialog box a. Enter a password in the first text box shown, then enter the same password again in the text box below to confirm your choice. b. Click OK to close the Specify Password dialog box. 4. Click OK to return to the Dr Solomon’s Anti-Virus Advanced window.
Using the Dr Solomon’s Anti-Virus application 208 Dr Solomon’s Anti-Virus
Creating and Configuring Scheduled Tasks 6 6 What does Dr Solomon’s Anti-Virus Console do? The Dr Solomon’s Anti-Virus Console exists primarily to run scan operations and other tasks on the dates and at the times you choose, or at intervals you set. You can use the Console to run a scan operation in your absence, when it causes the least disruption to your work, as part of a series of automated tasks, or in other ways that suit your needs.
Creating and Configuring Scheduled Tasks • Alternate between scan operations. Scheduled scanning operations give you the flexibility to choose different operations for different purposes or different times. If, for example, you want to use VShield software to scan your own system continuously and scan mapped network drives less frequently, you can schedule a task for this purpose. the Console comes with a default set of tasks already configured, but not yet scheduled.
Creating and Configuring Scheduled Tasks Figure 6-1. Dr Solomon’s Anti-Virus control panel - Components page 4. Select the Load on startup checkbox in the Dr Solomon’s Anti-Virus Console area in the Components page. 5. Click OK to close the control panel. When you next restart your computer, the Console will also start, but it will remain minimized as an icon in the Windows system tray. To bring the Console window to the foreground, double-click the icon (Figure 6-2). Figure 6-2.
Creating and Configuring Scheduled Tasks 2. Choose Dr Solomon’s Anti-Virus Console to make the Console window appear. Once you can display the Console window, you can also ensure that it will load automatically at startup by choosing Load at startup from the View menu. the Console window initially shows a list of default tasks that come with the Console, pre-configured and ready to run. A “task” is a set of instructions to run a particular program, in a certain configuration, at a certain time.
Creating and Configuring Scheduled Tasks • Configure the task. Select one of the tasks listed in the Console window, then click in the Console toolbar to display a property page for the Dr Solomon’s Anti-Virus component that will run the task. How this property page looks depends on which Dr Solomon’s Anti-Virus component you run. To learn how to choose settings for the Dr Solomon’s Anti-Virus application, see “Configuring Dr Solomon’s Anti-Virus application options” on page 228. • Copy a task.
Creating and Configuring Scheduled Tasks • Open the online help file. Choose Help Topics from the Help menu, or click in the Console toolbar to see a list of Dr Solomon’s Anti-Virus help topics. You can also right-click most dialog box buttons, lists, menus, and other items to reveal context-sensitive help topics. Choose the What's This? item that appears when you right-click inside a dialog box to see the help topic.
Creating and Configuring Scheduled Tasks • Quit Dr Solomon’s Anti-Virus Console. Choose Exit from the Task menu to quit the Console. If you have any tasks pending, you should minimize the Console rather than quit. To learn how to start the Console again, see “Starting the Dr Solomon’s Anti-Virus Console” on page 210.
Creating and Configuring Scheduled Tasks • Scan My Computer. This task runs a baseline scan operation on all hard disks and other drives connected to your computer, along with your RAM and hard disk or floppy disk boot sectors. You may not rename or delete this task, but you can modify its configuration it, schedule it, see statistics from its most recent scan operation, and protect its settings with a password.
Creating and Configuring Scheduled Tasks Working with the VShield task The VShield task appears in the Console window primarily so that you can manage its operation. You can enable and disable it directly from the Console window, or double-click the task to open the Task Properties dialog box (Figure 6-3). Figure 6-3. VShield scanner Task Properties dialog box In this dialog box, you can: • Enable or disable the task. Click the Disable button at the bottom of the Task Properties dialog box.
Creating and Configuring Scheduled Tasks Working with the AutoUpgrade and AutoUpdate tasks The AutoUpgrade task allows you to download and install new program files for your Dr Solomon’s Anti-Virus according to a schedule you set. The AutoUpdate task allows you to download and install new virus definition (.DAT) files. You may not rename, delete, or create other copies of these tasks, but you can configure them, protect them with a password, or run them immediately from the Task Properties dialog box.
Creating and Configuring Scheduled Tasks You may enter a maximum of 20 characters of any type. Be sure to choose a password you will remember. c. Re-enter your password exactly as you typed it in the previous text box. d. Click OK to close the Specify Password dialog box. The Console will ask for the password you entered whenever anybody tries to open the Task Properties dialog box for this task. 3. Next, you can: • Run this task with its existing configuration options.
Creating and Configuring Scheduled Tasks The Console, however, allows you to create as many as 50 new tasks to suit your own needs. You can raise this limit by changing the number in the Dr Solomon’s Anti-Virus control panel. To learn how to do so, see “Understanding the Dr Solomon’s Anti-Virus control panel” on page 301. To create a new task, follow these steps: 1. Choose New Task from the Task menu in the Console window, or click in the Console toolbar.
Creating and Configuring Scheduled Tasks c. Re-enter your password exactly as you typed it in the previous text box. d. Select the Protect all options checkbox to protect all of the options you set for this task. Doing so locks all of the property pages for this task at once in the Security page in the Dr Solomon’s Anti-Virus Properties dialog box. Clearing this checkbox allows you to choose different security settings for each page in the Security property page.
Creating and Configuring Scheduled Tasks • Always Exit. Click this button to tell the Dr Solomon’s Anti-Virus application to always quit immediately after it completes this scan task. If you choose Hidden Mode in the Interface Type list, this is your only option. • Auto Exit. Click this button to tell the Dr Solomon’s Anti-Virus application to quit automatically if it has not detected any viruses during this scan task.
Creating and Configuring Scheduled Tasks – If you have configured the task to start automatically, it will run immediately. For this to happen, you must have previously selected the Start Automatically checkbox in the Dr Solomon’s Anti-Virus Properties dialog box. To see this checkbox, click Configure, immediately to the left, then locate the checkbox in the What to Scan area in the Detection property page.
Creating and Configuring Scheduled Tasks The Task Properties dialog box will appear (see Figure 6-5 on page 220). If you chose the VShield, AutoUpdate, or AutoUpgrade tasks in the Console task list, the Task Properties dialog box will look different from that shown in Figure 6-5. 2. Click the Schedule tab to display the correct property page (see Figure 6-6 on page 224).
Creating and Configuring Scheduled Tasks • Daily. This runs your task once at the time you specify on the days you indicate. Enter the time in the text box provided, then select the checkboxes in the Start At area for each day that you want the task to run. • At Startup. Select this checkbox to run your task once each time you start your computer and the Dr Solomon’s Anti-Virus Console. Specify in hours and minutes how long after startup you want the Console to wait before it runs your task.
Creating and Configuring Scheduled Tasks NOTE: To start your task, your computer must be on and the Dr Solomon’s Anti-Virus Console must be running. If your computer is off or if the Console is not running at the time your task should start, the task will start at the next scheduled time. You can minimize the Console so that appears only as an icon in the Windows taskbar.
Creating and Configuring Scheduled Tasks The status page will list the results of the last scan operation this task conducted, and the name of the last file it scanned. To see a short description of each of the items that appears in this page, right click a figure or label, then choose What's This? from the shortcut menu that appears, or click the ? button in the upper-right corner of the dialog box, then click the item you want described. These displays will not update in real time.
Creating and Configuring Scheduled Tasks Configuring Dr Solomon’s Anti-Virus application options To configure a Dr Solomon’s Anti-Virus scan task that will run at a time you designate, you must tell the application: • when you want it to run • what you want it to scan • what you want it to do if it finds a virus • how it should let you know when it finds a virus • whether you want it to keep track of its actions • which items you don't want it to scan for viruses • whether you want to protect the settings
Creating and Configuring Scheduled Tasks Figure 6-8. Dr Solomon’s Anti-Virus Properties dialog box - Detection page Choosing Detection options If you chose to configure a task you just created, the Dr Solomon’s Anti-Virus application initially assumes that you want to scan your C: drive and your computer’s memory, to look for boot sector viruses, and to restrict the files it scans only to those susceptible to virus infection.
Creating and Configuring Scheduled Tasks Figure 6-9. Add Scan Item dialog box To scan your entire computer or a subset of the drives on your system or your network, click the Select item to scan button, then: a. Choose a scan target from the list provided. Your choices are: – My Computer. This tells the application to scan all drives physically attached to your computer or logically mapped via Windows Explorer to a drive letter on your computer. – All removable media.
Creating and Configuring Scheduled Tasks b. Select the Include subfolders checkbox to have the Dr Solomon’s Anti-Virus application look for viruses in any folders inside your scan target. NOTE: Choosing Include subfolders causes the application to scan only those files stored in the subfolders themselves. The application will not scan files stored at the root level of the folder you designate. To scan those files, clear the Include subfolders checkbox. c. Click OK to close the dialog box.
Creating and Configuring Scheduled Tasks NOTE: Dr Solomon’s Software recommends that you choose this option for your first scan operation, or periodically thereafter, to ensure that your system is virus-free. You can then limit the scope of later scan operations. • Choose file types. Viruses cannot infect files that contain no executable code, whether script, macro, or binary code. You can, therefore, safely narrow the scope of your scan operations to those files most susceptible to virus infection.
Creating and Configuring Scheduled Tasks a. Select the Enable heuristics scanning checkbox. The remaining options in the dialog box activate. b. Select the types of heuristics scanning you want the Dr Solomon’s Anti-Virus application to use. Your choices are: – Enable macro heuristics scanning. Choose this option to have the application identify all Microsoft Word, Microsoft Excel, and other Microsoft Office files that contain embedded macros, then compare the macro code to its virus definitions database.
Creating and Configuring Scheduled Tasks If you do not select this checkbox, the Console will start Dr Solomon’s Anti-Virus, but the Dr Solomon’s Anti-Virus application will wait for you to click Scan Now to start scanning. Leaving the checkbox clear gives you a chance to cancel the scan operation if it will interfere with your work. 6. Click the Action tab to choose additional Dr Solomon’s Anti-Virus options.
Creating and Configuring Scheduled Tasks Figure 6-12. Dr Solomon’s Anti-Virus Properties dialog box - Action page 3. Choose a response from the When a virus is found list. The area immediately beneath the list will change to show you additional options for each response. Your choices are: • Prompt user for action.
Creating and Configuring Scheduled Tasks – Exclude file. This option tells the application to skip the file during later scan operations. This is the only option not selected by default. – Continue scan. This option tells the application to continue with its scan operation, but not take any other actions. If you have its reporting options enabled, the application records the incident in its log file. – Stop scan. This option tells the application to stop the scan operation immediately.
Creating and Configuring Scheduled Tasks NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply. Choosing Alert options Once you configure it with the response options you want, you can let the Dr Solomon’s Anti-Virus application look for and remove viruses from your system automatically, as it finds them, with almost no further intervention.
Creating and Configuring Scheduled Tasks Alert Manager is a separate Dr Solomon’s software component that collects alert messages and uses a variety of methods to send them to recipients that you specify. To have the Dr Solomon’s Anti-Virus application send these alert messages successfully, you must also set up the Alert Manager Client Configuration utility. See “Using the Alert Manager Client Configuration utility” on page 306 for details.
Creating and Configuring Scheduled Tasks Choosing Report options The Dr Solomon’s Anti-Virus application lists its current settings and summarizes all of the actions it takes during its scan operations in a log file called VSCLOG.TXT. You can have the application write its log to this file, or you can use any text editor to create a text file for the application to use. You can then open and print the log file for later review from within the application or from a text editor. The VSCLOG.
Creating and Configuring Scheduled Tasks 3. Select the Log to file checkbox. By default, the Dr Solomon’s Anti-Virus application writes log information to the file VSCLOG.TXT in the Dr Solomon’s Anti-Virus program directory. You can enter a different name in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network. You may use a different file, but the text file must already exist. The application will not create a new file. 4.
Creating and Configuring Scheduled Tasks – How many files the application examined. – How many infected files the application cleaned. – How many infected files the application deleted. – How many infected files the application moved to a quarantine folder. – Your application settings. Clear the checkbox to leave this information out of the log file. • Date and time. Select this checkbox to have the log file record the date and time at which the software starts each scan operation.
Creating and Configuring Scheduled Tasks Once you scan your system thoroughly, you can exclude the files and folders that do not change or that are not normally vulnerable to virus infection. You can also rely on the VShield scanner to provide you with protection between scheduled scan operations. Regular scan operations that examine all areas of your computer, however, provide you with the best virus defense.
Creating and Configuring Scheduled Tasks Figure 6-15. Dr Solomon’s Anti-Virus Properties dialog box Exclusion page 3. Specify the items you want to exclude. You can • Add files, folders or volumes to the exclusion list. Click Add to open the Add Exclude Item dialog box (Figure 6-16). Figure 6-16. Add Exclude Item dialog box Next, follow these substeps to add items to the list: a.
Creating and Configuring Scheduled Tasks b. Select the Include subfolders checkbox to tell the application to ignore files stored in any subfolders within the folder you specified in Step a. NOTE: Choosing Include subfolders causes the application to ignore only those files stored in the subfolders themselves. The application will still scan files stored at the root level of the folder you designate. To exclude the files at the folder root level, clear the Include subfolders checkbox. c.
Creating and Configuring Scheduled Tasks NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply. Choosing security options Dr Solomon’s Anti-Virus lets you set a password to protect the settings you choose in each property page from unauthorized changes. This feature is particularly useful for system administrators who need to keep users from tampering with their security measures by changing Dr Solomon’s Anti-Virus settings.
Creating and Configuring Scheduled Tasks Figure 6-17. Dr Solomon’s Anti-Virus Properties dialog box Security page 3. Select the settings you want to protect in the list shown. You may protect any or all Dr Solomon’s Anti-Virus property pages. Protected property pages display a locked padlock icon in the security list shown in Figure 6-17. To remove protection from a property page, click the locked padlock icon to unlock it . 4. Click Password to open the Specify Password dialog box (Figure 6-18).
Creating and Configuring Scheduled Tasks 6. Click a different tab to change any of your Dr Solomon’s Anti-Virus settings. To save your changes without closing the Dr Solomon’s Anti-Virus Properties dialog box, click Apply. To save your changes and return to the Console window, click OK. To return to the Console window without saving your changes, click Cancel. NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply.
Creating and Configuring Scheduled Tasks 248 Dr Solomon’s Anti-Virus
Updating and Upgrading Dr Solomon’s Anti-Virus 7 7 Developing an updating strategy Make no mistake about it: virus writers are electronic vandals who can destroy your data, cause system instability, and cost you time and money. The overwhelming majority of them are relatively inept programmers who rely on virus “kits,” or other pre-made tools, to introduce small variations in existing viruses or other malicious software.
Updating and Upgrading Dr Solomon’s Anti-Virus code from legitimate files. The remaining parts of the Dr Solomon’s Anti-Virus package help to feed files to the engine for processing, integrate with various parts of your computer’s operating system to intercept files as they execute or as you work with them, and provide an interface you can use to configure various scan settings. Update and upgrade methods Because new .
Updating and Upgrading Dr Solomon’s Anti-Virus • SuperDAT scan engine and .DAT file updates. Dr Solomon’s Software releases a weekly SuperDAT package of current .DAT file updates and the current Olympus scan engine, together with a Setup feature that makes updating and upgrading a snap. The SuperDAT utility minimizes the need for complex software deployments each time you receive upgrade components.
Updating and Upgrading Dr Solomon’s Anti-Virus Dr Solomon’s anti-virus software anticipates exactly this situation. It allows you to take advantage of capabilities built into the Dr Solomon’s scan engine to deploy a small, supplemental virus definition file in between .DAT file releases. This small EXTRA.DAT file holds the absolutely latest available virus signature data for viruses that AVERT researchers have identified as high-risk contaminants.
Updating and Upgrading Dr Solomon’s Anti-Virus By default, the AutoUpdate task included with Dr Solomon’s Anti-Virus Console comes configured to download the most recent .DAT file updates directly from the Network Associates FTP site. This configuration can make administration simple and straightforward for small networks or individual Dr Solomon’s Anti-Virus installations.
Updating and Upgrading Dr Solomon’s Anti-Virus Configuring the AutoUpdate Utility To configure the AutoUpdate utility so that it runs properly as a task within the Dr Solomon’s Anti-Virus console, you must tell it: • which update sites have the new files you want to download • which transfer method you want it to use for the download • whether you use a proxy server and, if so, what port you have assigned to it • whether you want it to back up your existing .
Updating and Upgrading Dr Solomon’s Anti-Virus Figure 7-1. Automatic Update dialog box - Update Sites page Here, the AutoUpdate utility lists the sites from which it will download new .DAT files. It also reports each site's current status as Enabled or Disabled. A site is enabled if you have selected the Enabled checkbox in the Automatic Update Properties dialog box. A site is disabled if you clear this checkbox.
Updating and Upgrading Dr Solomon’s Anti-Virus Figure 7-2. Automatic Update Properties dialog box Update Options page • Change definitions for an existing update site. Select a site shown in the update site list, then click Edit to open the Automatic Update Properties dialog box (Figure 7-2). Make the changes you want to make, then click OK to save them and return to this dialog box. To see descriptions and instructions for configuring the available options, see “Configuring update options” on page 258.
Updating and Upgrading Dr Solomon’s Anti-Virus If you have the Force Update option selected, AutoUpdate will download any .DAT files it finds on the first site to which it can connect successfully. See “Configuring advanced update options” on page 260 for more details. 4. Click the Log Activity tab to display the next property page (Figure 7-3). Figure 7-3. Automatic Update dialog box - Log Activity page 5. Select the Log activity into the Activity Log File checkbox.
Updating and Upgrading Dr Solomon’s Anti-Virus To see the contents of the log file from Dr Solomon’s Anti-Virus Console, select the AutoUpdate task in the task list, then choose View Activity Log from the Task menu. 7. Click OK to save your changes and close the Automatic Update dialog box. Click Cancel to close the dialog box without saving your changes.
Updating and Upgrading Dr Solomon’s Anti-Virus The AutoUpdate utility will make a maximum of three connection attempts for the site during each scheduled update operation. When it does connect and download the new .DAT file package, the utility also extracts the files and installs them into the correct directory. 3. Specify which transfer method the utility must use to download new files. Your choices are: • Copy from a local network computer.
Updating and Upgrading Dr Solomon’s Anti-Virus The AutoUpdate utility uses its own FTP implementation to connect to the server, but the timeout period for the connection attempt will depend on your existing network protocol settings. To use a different FTP site, enter the URL for the site you want to use in the text box labeled Enter an FTP Computer Name and Directory. You must either connect to a site set for anonymous FTP login, or you must designate the user name and password for an account on the site.
Updating and Upgrading Dr Solomon’s Anti-Virus Figure 7-5. Automatic Update Properties dialog box Advanced Update Options page Next, follow these steps: 1. Tell the AutoUpdate utility what you want it to do before or as it performs an update. Your options are: • Backup the existing .DAT files. Select this checkbox to have the AutoUpdate utility rename existing Dr Solomon’s Anti-Virus .DAT files before it installs new files. To rename each file, the utility appends the extension .
Updating and Upgrading Dr Solomon’s Anti-Virus You might want to use this option if you download new .DAT files to a central server on your network and want individual client computers to download, extract and install the new files locally. • Force Update. Select this checkbox to tell the AutoUpdate utility to download and install whichever .DAT file package it finds on the target server, whether that package is more recent than your existing .DAT files or not. You might use this option to “refresh” .
Updating and Upgrading Dr Solomon’s Anti-Virus By contrast, the Retrieve the Update file but do not perform the update option saves the unextracted file, but does not install the new .DAT files. To tell the AutoUpdate utility where to save the .DAT file package, enter a path and folder name in the text box below this checkbox, or click Browse to locate a suitable folder. • Run a Program after a successful Update. Select this checkbox to tell the utility to start another program after it installs new .
Updating and Upgrading Dr Solomon’s Anti-Virus By default, the AutoUpgrade task included with Dr Solomon’s Anti-Virus Console does not come configured with any default upgrade site. Instead, Dr Solomon’s Software recommends that you use other mechanisms, such as the Enterprise SecureCast service, to receive new SuperDAT or program files, then place those files on a central server within your network.
Updating and Upgrading Dr Solomon’s Anti-Virus • whether you want it to reboot your system after an upgrade • whether you want it to keep track of its actions in a log file Property pages in the Automatic Upgrade Properties dialog box control the options for your upgrade task. You can click each tab in turn to configure this task. To display the Automatic Upgrade dialog box, follow these steps: 1.
Updating and Upgrading Dr Solomon’s Anti-Virus Figure 7-7. Automatic Upgrade dialog box - Upgrade Sites page Here, the AutoUpgrade utility lists the sites from which it will download new Dr Solomon’s Anti-Virus program files. It also reports each site’s current status as Enabled or Disabled. A site is enabled if you have selected the Enabled checkbox in the Automatic Upgrade Properties dialog box. A site is disabled if you clear this checkbox.
Updating and Upgrading Dr Solomon’s Anti-Virus 3. From this dialog box, you can: • Add a new site. Click Add to open the Automatic Upgrade Properties dialog box (Figure 7-2 on page 256). To learn how to specify options for your new site, see “Configuring upgrade options” on page 269. Figure 7-8. Automatic Upgrade Properties dialog box Upgrade Options page • Change definitions for an existing upgrade site.
Updating and Upgrading Dr Solomon’s Anti-Virus To use this function, you must have configured enough of the necessary options for the AutoUpgrade utility to locate the listed site and, if necessary, log on to it. See “Configuring upgrade options” on page 269 to learn how to specify the options you need.
Updating and Upgrading Dr Solomon’s Anti-Virus If you clear this checkbox, the log file can grow until disk space or file system limitations stop it. When the file reaches the maximum size you set, the AutoUpgrade utility first clears it, then starts the log again from where it left off. To see the contents of the log file from Dr Solomon’s Anti-Virus Console, select the AutoUpgrade task in the task list, then choose View Activity Log from the Task menu. 7.
Updating and Upgrading Dr Solomon’s Anti-Virus 2. Select the Enabled checkbox to approve this site for the AutoUpgrade utility’s use. Clearing this checkbox preserves the options you’ve chosen, but causes the utility to skip this site when it tries to download new .DAT files. The AutoUpgrade utility will make a maximum of three connection attempts for the site during each scheduled update operation.
Updating and Upgrading Dr Solomon’s Anti-Virus To use a custom account, clear the Use Logged In Account checkbox, then click UNC login information to enter a user name and password for an account that has access rights to the target server. • FTP from a remote network computer. Click this button to tell the AutoUpgrade utility to look for new files on an FTP site you designate. To use this option, the target server must have an FTP service enabled.
Updating and Upgrading Dr Solomon’s Anti-Virus Figure 7-11. Automatic Update Properties dialog box Advanced Update Options page Next, follow these steps: 1. Tell the AutoUpgrade utility what you want it to do before or as it performs an update. Your options are: • Retrieve the Upgrade files but do not perform the upgrade. Select this checkbox to have the utility download the archive that contains new program files, then save it in a location you specify instead of extracting it and installing it.
Updating and Upgrading Dr Solomon’s Anti-Virus In most cases, you will not need to restart in order for Dr Solomon’s Anti-Virus to use new program files, but some systems will require that you do so in order for the new files to activate. If you want to restart your system at a more convenient time, clear this checkbox. 3. To save your changes and return to the Automatic Upgrade dialog box, click OK. To close the dialog box without saving your changes, click Cancel.
Updating and Upgrading Dr Solomon’s Anti-Virus 3. If you want to, create and copy a SETUP.ISS file into the directory from which you tell AutoUpgrade to download new files. SETUP.ISS is a simple text file that governs how the AutoUpgrade utility upgrades your software. You can use any standard text editor to create and save this file. To specify configuration options in your SETUP.ISS file, use the example shown below to learn which options you may use.
Updating and Upgrading Dr Solomon’s Anti-Virus When you have placed the PKGDESC.INI file, the SETUP.EXE file, and any SETUP.ISS file you want to use on a central server, configure the AutoUpgrade utility copies on your workstation computers to download new files from the share you created on that central server. The AutoUpgrade utilities will download and install the new files from this package.
Updating and Upgrading Dr Solomon’s Anti-Virus For Dr Solomon’s Anti-Virus v8.5 and later releases, copy any EXTRA.DAT files you download to this directory: C:\Program Files\Common Files\Network Associates\Dr Solomon’s Anti-Virus Engine \4.0.
Using Specialized Scanning Tools 8 8 Scanning Microsoft Exchange and Outlook mail Dr Solomon’s Anti-Virus provides you with two complementary methods to protect your Microsoft Exchange or Outlook e-mail system: • The VShield scanner includes an E-Mail Scan module that runs continuous background scan operations on e-mail as it arrives on your server. • The E-Mail Scan extension allows you to scan your mailbox on the Exchange server at your own initiative, and at times convenient for you.
Using Specialized Scanning Tools Good anti-virus security measures incorporate complete, regular scan operations on your mailbox because: • Good security is redundant security. The VShield E-Mail Scan module looks for virus code as your e-mail arrives on your server, or as executable attachments run after they’ve downloaded to your system.
Using Specialized Scanning Tools By default, the E-Mail Scan extension examines all of the mail messages stored in your mailbox on the Exchange mail server, looking for messages and attachments susceptible to virus infection. If you have a large number of messages stored there that you have not yet downloaded, this scan operation can take a long time. To pause the operation, click resume the operation, click . To stop it altogether, click . To . Figure 8-1.
Using Specialized Scanning Tools A series of property pages in the E-Mail Scan Properties dialog box controls the options for each scan operation you run. You can click each tab in turn to choose options for the extension to use to scan your e-mail. To display this dialog box, follow these steps: 1. Start your Microsoft Exchange or Outlook client and log in to your e-mail server.
Using Specialized Scanning Tools Choosing Detection options When you first open the E-Mail Scan Properties dialog box to configure a scan operation, the E-Mail Scan extension assumes that you want it to scan all of the messages in your Inbox, to scan all message file attachments, to scan compressed files, and to scan only those files susceptible to virus infection.
Using Specialized Scanning Tools 2. To restrict this scan operation so that it examines only unread messages, select the Scan unread messages only checkbox. Depending on which option you select in Step 1, this means that the extension will scan all unread messages in your mailbox or in accessible public folders, or all unread messages within the range you've selected. 3. Specify the file types you want the extension to examine. You can: • Scan compressed files.
Using Specialized Scanning Tools Figure 8-3. Advanced Scan Settings dialog box Heuristic scanning technology enables the E-Mail Scan extension to recognize new viruses based on their resemblance to similar viruses that the module already knows. To do this, the extension looks for certain “virus-like” characteristics in the files you’ve asked it to scan.
Using Specialized Scanning Tools – Enable macro and program file heuristics scanning. Choose this option to have the extension use both types of heuristics scanning. Dr Solomon’s Software recommends that you use this option for complete anti-virus protection. NOTE: The extension will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box. If you choose to scan All files, it will use heuristic scanning for all file types. c.
Using Specialized Scanning Tools Figure 8-4. E-Mail Scan Properties dialog box - Action page 2. Choose a response from the When a virus is found list. The area immediately beneath the list will change to show you additional options for each response.
Using Specialized Scanning Tools Your choices are: • Prompt for user action. Choose this response if you expect to be at your computer when the E-Mail Scan extension examines your mailbox—the program will display an alert message when it finds a virus and offer you a range of possible responses. Each of the checkboxes you select in the Action page causes an option button to appear in an alert message that the extension displays when it finds a virus.
Using Specialized Scanning Tools • Clean infected files automatically. Choose this response to tell the extension to remove the virus code from the infected attachment as soon as it finds it. If the extension cannot remove the virus, it will note the incident in its log file. • Delete infected files automatically. Choose this option to have the extension delete every infected e-mail attachment it finds immediately.
Using Specialized Scanning Tools Follow these steps: 1. Click the Alert tab in the E-Mail Scan Properties dialog box to display the correct property page (Figure 8-5). Figure 8-5. E-Mail Scan Properties dialog box - Alert page 2. Select the Notify Alert Manager checkbox to have the E-Mail Scan extension send alert messages to Alert Manager for distribution.
Using Specialized Scanning Tools If you prefer not to send a reply, you can simply have the extension send an e-mail notification, perhaps to a system administrator, whenever it detects a virus. Sending reply messages can aid your ability to track virus sources and pinpoint where infectious agents enter your network; copies of these messages sent to system administrators can help them track how infections spread.
Using Specialized Scanning Tools c. Enter a subject for the message that conveys its urgency, then add any comments you want to make in the body of the message, below a standard infection notice that the extension itself will supply. You may add up to 1024 characters of text. d. Click OK to save the message. Whenever it detects a virus, the extension will send a copy of this message to each person who sends you e-mail with an infected attachment.
Using Specialized Scanning Tools 7. Click the Report tab to choose additional E-Mail Scan extension options. To save your changes without closing the E-Mail Scan Properties dialog box, click Apply. To save your changes and close the dialog box, click OK. To close the dialog box without saving your changes, click Cancel. NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply.
Using Specialized Scanning Tools 2. Select the Log to file checkbox. By default, the E-Mail Scan extension writes log information to the file MAILSCAN.TXT in the Dr Solomon’s Anti-Virus program directory. You can enter a different name in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network. You may use a different file, but the text file must already exist. The extension will not create a new file.
Using Specialized Scanning Tools • Infected file deletion. Select this checkbox to have the log file record how many viruses the extension deletes during each scan operation. Clear this checkbox to leave this information out of the log file. • Infected file move. Select this checkbox to have the log file record how many viruses the extension moves to a quarantine folder during each scan operation. Clear this checkbox to leave this information out of the log file. • Session settings.
Using Specialized Scanning Tools Scanning cc:Mail Dr Solomon’s Anti-Virus includes native support for Microsoft Exchange and Outlook clients, and for Lotus cc:Mail v6.0, v7.0, and v8.0. The cc:Mail clients use a proprietary e-mail system that the E-Mail Scan extension does not support directly.
Using Specialized Scanning Tools Provided that you have configured and enabled it, the utility will start whenever your computer's screen saver starts, and it will stop whenever you move your mouse, press a key on your keyboard, or take any other action that interrupts your screen saver. To configure ScreenScan, follow these steps: 1. Click Start in the Windows taskbar, point to Settings, then choose Control Panel. 2.
Using Specialized Scanning Tools Figure 8-8. The Add Scan Item dialog box Next, choose the scan target from the list provided. Your choices are: – All local drives. This tells the utility to scan all drives physically attached to your computer, including removable media drives. – Drive or folder. This tells the utility to scan particular files or folders on your system.
Using Specialized Scanning Tools 5. Specify the types of files you want the ScreenScan utility to examine. You can • Scan compressed files. Select the Compressed files checkbox to have the utility look for viruses in compressed files or file archives. To see a list of the types of files and archives that the application scans, see “Current list of compressed files scanned” on page 318. • Scan subfolders within the designated target.
Using Specialized Scanning Tools Figure 8-10. Advanced Scan Settings dialog box The presence of a sufficient number of these characteristics in a file leads the utility to identify the file as potentially infected with a new or previously unidentified virus. Because the utility looks simultaneously for file characteristics that rule out the possibility of virus infection, it will rarely give you a false indication of a virus infection.
Using Specialized Scanning Tools – Enable macro and program file heuristics scanning. Choose this option to have the utility use both types of heuristics scanning. Dr Solomon’s Software recommends that you use this option for complete anti-virus protection. NOTE: The utility will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box. If you choose to scan All files, it will use heuristic scanning for all file types. 7.
Using Specialized Scanning Tools Slide the control toward Low to give the other background tasks higher priority than you do to the ScreenScan utility. This causes the ScreenScan utility to run more slowly. • Tell the utility to log its actions. Select the Enable logging of ScreenScan activities to file checkbox to have the ScreenScan utility summarize the actions it took as it ran in the file SCREENSCAN ACTIVITY LOG.TXT.
9 Using Dr Solomon’s Anti-Virus Utilities 9 Understanding the Dr Solomon’s Anti-Virus control panel The Dr Solomon’s Anti-Virus control panel serves as the graphical front end for the Dr Solomon’s Anti-Virus management service, which initiates and controls all top-level component processes, including the Dr Solomon’s Anti-Virus application, the Console, and the VShield scanner.
Using Dr Solomon’s Anti-Virus Utilities To open the control panel, follow these steps: 1. Click Start in the Windows taskbar, point to Settings, then choose Control Panel. 2. Locate and double-click the Dr Solomon’s Anti-Virus control panel icon to open the control panel itself (see Figure 9-1 on page 302). Figure 9-1.
Using Dr Solomon’s Anti-Virus Utilities 3. Select the Load on startup checkbox in the Dr Solomon’s Anti-Virus Service area to start the Dr Solomon’s Anti-Virus management service (AVSYNMGR.EXE) as soon as you start your computer. The management service oversees all communications between Dr Solomon’s Anti-Virus program components, determines which components must load to accomplish program tasks, and allows you to start or stop all program components at once.
Using Dr Solomon’s Anti-Virus Utilities NOTE: Dr Solomon’s Software recommends that you leave this checkbox selected. The VShield scanner is your best continuous defense against virus infections. 6. Click or enter a figure in the Exclude Items text box to specify how many items can appear in the VShield System Scan module's exclusion list.
Using Dr Solomon’s Anti-Virus Utilities NOTE: The Dr Solomon’s Anti-Virus management service must restart itself and all active Dr Solomon’s Anti-Virus components in order to implement any changes you make.
Using Dr Solomon’s Anti-Virus Utilities Using the Alert Manager Client Configuration utility All Dr Solomon’s anti-virus software includes wide range of methods to alert you when it has detected a virus or other malicious software.
Using Dr Solomon’s Anti-Virus Utilities Dr Solomon’s Anti-Virus as an Alert Manager client Dr Solomon’s Anti-Virus works as a client program with respect to NetShield software and an Alert Manager server. It can send alert “events” whenever it detects a virus or malicious software to any Alert Manager server you specify.
Using Dr Solomon’s Anti-Virus Utilities This tells each Dr Solomon’s Anti-Virus component to send an alert event to the Alert Manager client utility each time it detects a virus or malicious object. The client utility, in turn, passes the alert message to the Alert Manager server you designate. If you do not set your software to generate alert messages in the first place, the client utility will have nothing to pass to the Alert Manager server for distribution.
Using Dr Solomon’s Anti-Virus Utilities 3. Select the alerting method you want to use. Your choices are: • Enable Alert Manager alerting. Click this button to send alert events to an Alert Manager server somewhere on your network. Choosing this option prevents you from sending alert events to a Centralized Alerting directory. To choose the destination server, click Configure to open the Select Alert Manager Server dialog box (Figure 9-4). Figure 9-4.
Using Dr Solomon’s Anti-Virus Utilities When you've chosen a destination for your alert messages, click OK to close the dialog box. • Enable Centralized alerting. Click this button to have Dr Solomon’s Anti-Virus components send alert messages to a Centralized Alerting directory somewhere on your network. Choosing this option prevents you from sending alert events to an Alert Manager server.
Using Dr Solomon’s Anti-Virus Utilities • Additionally Enable DMI Alerts. Select this checkbox to supplement either of the other alerting methods. Next, click Configure to open the DMI Configuration dialog box, where you can enter the identifying number that your Desktop Management Interface (DMI) client application assigned to your Dr Solomon’s Anti-Virus when you installed it (Figure 9-6). Figure 9-6.
Using Dr Solomon’s Anti-Virus Utilities 312 Dr Solomon’s Anti-Virus
Default Vulnerable and Compressed File Extensions A A Adding file name extensions for scanning Because viruses ordinarily cannot infect files that contain no executable code, Dr Solomon’s Anti-Virus initially looks for viruses only in files that are susceptible to infection. The software uses a list of file name extensions to keep track of vulnerable files. This list appears in the Program Extensions dialog box, and is something you can edit to suit your own needs.
Default Vulnerable and Compressed File Extensions • Select one of the extensions shown, then click Remove to delete it from the list. • Click Default to restore the original extension entries. This removes any extensions you have added to the list. 4. When you have finished changing the list, click OK to save your changes and close the dialog box. Click Cancel to close the dialog box without saving your changes.
Default Vulnerable and Compressed File Extensions Table 9-1. Vulnerable file name extensions Extension File Type File Description .COM Program Command/binary image files. These common files run as infectable executable programs. DOS and Windows system files frequently make use of this extension. .CSC Script/macro Corel script files. Script files can include viruses or generate macro viruses. .DL? Program Dynamic Link Library file; C++ dialog script files.
Default Vulnerable and Compressed File Extensions Table 9-1. Vulnerable file name extensions 316 Extension File Type File Description .MD? Macro Microsoft Access database, add-in, and related files. These files can contain infectable Visual Basic for Applications macros. .MPP Macro Microsoft Project files. These files can contain infectable Visual Basic for Applications macros. .MPT Macro Microsoft Project template files. These files can contain infectable Visual Basic for Applications macros.
Default Vulnerable and Compressed File Extensions Table 9-1. Vulnerable file name extensions Extension File Type File Description .SYS Program DOS or Windows system files and device drivers. These executable files frequently start along with or as part of program execution. .TAR Archive UNIX tape archive files. .VBS Script Visual Basic script files and VBScript files. VBScript is an implementation of the Microsoft Visual Basic programming language.
Default Vulnerable and Compressed File Extensions Current list of compressed files scanned The Dr Solomon’s Anti-Virus application and the WinGuard scanner look for viruses in a range of compressed and archived file formats. Each component uses slightly different technologies for this purpose, however, and therefore treats each file type differently. For the purpose of this discussion, a “compressed” file means a single file.
Default Vulnerable and Compressed File Extensions Both Dr Solomon’s Anti-Virus components include built-in support for a number of compressed and archived file formats. The table below lists each format and describes how each component scans it when you select the Compressed Files checkbox. You may not edit or add items to this list. Table 9-1. How Dr Solomon’s Anti-Virus treats each file type Dr Solomon’s Anti-Virus application support? WinGuard scanner support? Format Description .
Default Vulnerable and Compressed File Extensions Table 9-1. How Dr Solomon’s Anti-Virus treats each file type Dr Solomon’s Anti-Virus application support? WinGuard scanner support? Format Description .ICE ICE compressed file • Scans compressed file if listed in Program Extensions dialog box • Scans compressed file if listed in Program Extensions dialog box .
Network Associates Support Services B B Adding value to your Dr Solomon’s product Choosing Dr Solomon’s anti-virus, Sniffer Technologies network management, and PGP security software helps to ensure that the critical technology you rely on functions smoothly and effectively.
Network Associates Support Services If you purchased a perpetual license for your Network Associates product, you can purchase a PrimeSupport KnowledgeCenter plan for an annual fee. To receive your KnowledgeCenter password or to register your PrimeSupport agreement with Network Associates, visit: http://www.nai.com/asp_set/support/introduction/default.asp Your completed form will go to the Network Associates Customer Service Center.
Network Associates Support Services The PrimeSupport Priority plan The PrimeSupport Priority plan gives you round-the-clock telephone access to essential product assistance from experienced Network Associates technical support staff members. You can purchase the PrimeSupport Priority plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.
Network Associates Support Services By calling in advance, your PrimeSupport Enterprise representative can help to prevent problems before they occur. If, however, an emergency arises, the PrimeSupport Enterprise plan gives you a committed response time that assures you that help is on the way. You may purchase the PrimeSupport Enterprise plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.
Network Associates Support Services Table B-1. Corporate PrimeSupport Plans at a Glance Plan Feature Knowledge Center Connect Priority Enterprise Technical support via website Yes Yes Yes Yes Software updates Yes Yes Yes Yes Technical support via telephone — Monday–Friday Monday–Friday, after hours emergency access Monday–Friday, after hours emergency access North America: 8 a.m.–8 p.m. CT North America: 8 a.m.–8 p.m. CT North America: 8 a.m.–8 p.m.
Network Associates Support Services PrimeSupport options for home users If you purchased your Network Associates product through a retail vendor or from the Network Associates website, you also receive support services as part of your purchase. The specific level of support you receive depends on which product you purchased.
Network Associates Support Services If you need additional support, Network Associates offers a variety of other support plans that you can purchase either with your Network Associates product or after your complimentary 30-day support period expires. These include: NOTE: The support plans described here are available only in North America—contact your regional sales representative to learn about local support options. • Small Office/Home Office Annual Plan.
Network Associates Support Services How to reach international home user support The following table lists telephone numbers for technical support in several international locations. The specific costs, availability of service, office hours and plan details might vary from location to location. Consult your sales representative or a regional Network Associates office for details.
Network Associates Support Services Network Associates consulting and training The Network Associates Total Service Solutions program provides you with expert consulting and comprehensive education that can help you maximize the security and performance of your network investments. The Total Service Solutions program includes the Network Associates Professional Consulting arm and the Total Education Services program.
Network Associates Support Services Network consulting Network Associates consultants provide expertise in protocol analysis and offer a vendor-independent perspective to recommend unbiased solutions for troubleshooting and optimizing your network. Consultants can also bring their broad understanding of network management best practices and industry relationships to speed problem escalation and resolution through vendor support.
Using the SecureCast Service to Get New Data Files C C Introducing the SecureCast service The Network Associates SecureCast service provides a convenient method you can use to receive the latest virus definition (.DAT) file updates automatically, as they become available, without your having to download them.
Using the SecureCast Service to Get New Data Files Why should I update my data files? Your software relies on information in its virus definition files (.DAT) files to identify viruses. More than 200 new viruses appear each month, however, and older .DAT files might not recognize them. To meet this challenge, Dr Solomon’s Software releases new .DAT files each week. You are entitled to these free data file updates for use with your version of the software. If you do not use current .
Using the SecureCast Service to Get New Data Files Installing the BackWeb client and SecureCast service Setting up SecureCast service and the BackWeb client is a two-phase process: 1. Download and install the BackWeb client 2. Register to receive SecureCast service InfoPaks To get started with the SecureCast service, review the system requirements shown below, then follow the steps outlined in each section.
Using the SecureCast Service to Get New Data Files Figure C-1. BackWeb client welcome panel 3. Read the instructions and warnings on this panel, then click Next> to continue. 4. The BackWeb license agreement appears (Figure C-2). Figure C-2. BackWeb Software License Agreement panel 5. Click Yes to continue. 6. The Choose Destination Location panel appears (Figure C-3 on page 335).
Using the SecureCast Service to Get New Data Files Figure C-3. Choose Destination Location panel 7. Enter a new location for Setup to install the client software, if you wish, or click Browse to locate a suitable folder. Click Next> to continue. Setup will begin to copy BackWeb program files to your computer. As it does so, it displays its progress. When it has finished, Setup displays the Connection Type panel (Figure C-4). Figure C-4.
Using the SecureCast Service to Get New Data Files 8. Specify the type of connection your computer has to the Internet. Your choices are: • Direct. Choose this option if you connect to the Internet through a local-area network, a high-bandwidth connection such as a cable modem or digital subscriber line (DSL) connection. Continue with Step 9. • Modem. Choose this option if you dial up to connect to an Internet service provider, or into your corporate network. Skip to Step 13.
Using the SecureCast Service to Get New Data Files 10. If you chose HTTP via proxy as your connection method, the HTTP Proxy Setup panel appears (Figure C-6). Figure C-6. HTTP Proxy Setup panel 11. Enter the name of your proxy server in the Proxy text box, then enter the port the server uses for communication in the Port text box. When you have finished, click Next> to continue. The Proxy Authentication panel appears (Figure C-7 on page 337). Figure C-7. Proxy Authentication panel 12.
Using the SecureCast Service to Get New Data Files The Setup Complete panel appears (Figure C-8). Figure C-8. Setup Complete panel 13. To start immediately, leave both checkboxes selected in this panel, then click Finish to complete your installation. Phase 2: Register with the Enterprise SecureCast service After you install the BackWeb client and start it, the SecureCast service immediately opens the client application and sends its first InfoPak: the SecureCast registration forms (Figure C-9).
Using the SecureCast Service to Get New Data Files The SecureCast service alerts you that an InfoPak has arrived with the Flash message shown at the bottom right corner of Figure C-9. IMPORTANT: If you are a corporate user and have a high-speed Internet connection, the window may list Register Now as an already received InfoPak. Continue with Step 1. If you have a slower connection, or if there is unusually heavy traffic at the SecureCast service site or your site, the window might not list any InfoPaks.
Using the SecureCast Service to Get New Data Files 4. Double-click the BW Register icon in the window that opens next. A registration information form appears (Figure C-12). Figure C-12. SecureCast User Registration Information form 5. Enter your name, title and company contact information in the text boxes provided. Here you will also need to enter the grant number you received when you purchased your software, or that you received from Network Associates Customer Service.
Using the SecureCast Service to Get New Data Files Figure C-13. SecureCast Parent Company Information form 6. If your company is the subsidiary of another company, enter contact information for your parent company in the text boxes provided. When you have finished, click Next>. The Proxy Communication Configuration dialog box appears (Figure C-14). Figure C-14. SecureCast Proxy Communication Configuration 7.
Using the SecureCast Service to Get New Data Files Figure C-15. SecureCast Online Activity Status panel 9. Click Finish after a check mark appears in all the boxes. The setup process in complete. At that point, your web browser will connect to the Network Associates SecureCast service electronic customer care page. If you are a corporate user, the window resembles the one shown in Figure C-16: Figure C-16.
Using the SecureCast Service to Get New Data Files Troubleshooting the Enterprise SecureCast service Registration problems If you try to register during a busy time of day on the web, you may encounter a delay while the server tries to process your registration request. If you receive the error message “1105 Error” or “Database Error: Unable to connect to the data source,” this means that there is a database problem on the server. Try submitting the form again, or try to register later.
Using the SecureCast Service to Get New Data Files BackWeb client • For a comprehensive guide to BackWeb, including additional troubleshooting advice, see the online BackWeb User’s Manual: http://www.backweb.
Understanding iDAT Technology D D Understanding incremental .DAT files To function at peak efficiency, Dr Solomon’s Anti-Virus needs regular updates for its virus definition (.DAT) files. Without them, the software might not detect new viruses or respond effectively to remove threats from your system. Prior versions of the AutoUpdate utility required you to download and install the entire virus definition package each week.
Understanding iDAT Technology Product requirements To download and install iDAT parcels, you must have Dr Solomon’s Anti-Virus v4.5 or later anti-virus software along with the corresponding AutoUpdate utility, and you must have already upgraded your Olympus scan engine to v4.0.50 or later. Incremental .DAT files do not work with earlier product or engine versions. How does iDAT updating work? The AutoUpdate utility downloads two types of files when it connects to the update site you specified: • .
Understanding iDAT Technology 12=40554056.UPD For this example, suppose you have .DAT version 4053 installed on your computer and the current .DAT file release is version 4056. The AutoUpdate utility can look in the DELTA.INI file to learn that it needs to download the 10th, 11th, and 12th .UPD file releases to have all of the virus definitions that the current .DAT file release does.
Understanding iDAT Technology A typical file listing would be: 00_index.txt 40534054.UPD 40544055.UPD 40554056.UPD dat-4056.zip dat-4056.tar DELTA.INI README.TXT Best practices The following sections outline some suggestions for how to employ iDAT downloads in your updating strategy.
Understanding iDAT Technology 3. Install all of the .UPD files and the DELTA.INI file you downloaded to a central server on your network, then configure the AutoUpdate copies on your network computers to download and install the iDAT set. Do not mark these files read-only, as this could cause the target computer to report an error when it tries to delete old files later. The AutoUpdate utility will download each file it needs, in sequence, to bring the .DAT files installed on its host computer up to date.
Understanding iDAT Technology Q: What happens if my Internet or network connection goes down during an update? A: If the AutoUpdate utility downloaded one or more iDAT files before the connection loss, it will install them into your existing .DAT files and record its failure to download the remaining iDAT files in its activity log.
Understanding iDAT Technology A: Normally, Dr Solomon’s Software posts updated .DAT files on a weekly basis. You may, however, check more or less often as your network security needs require. Be aware that your risk of virus infection grows as the period between updates to the virus data files grows.
Understanding iDAT Technology 352 Dr Solomon’s Anti-Virus
Index A in Internet Filter module, 158 to 159 action options, choosing in System Scan module, 120 to 121 for VirusScan in Console, 234 to 237 in Download Scan module, 146 to 148 in E-mail Scan module, 133 to 135 in Internet Filter module, 157 to 158 in System Scan module, 117 to 120 in the E-Mail Scan program component, 284 to 287 in VirusScan Advanced, 196 to 198 in VirusScan Classic, 185 to 187 Active Virus Defense VirusScan as component of, 30 ActiveX controls in the E-Mail Scan program component, 2
Index using incremental .DAT (iDAT) files with, 345 AutoUpgrade advanced options for, configuring, 271 to 273 number of connection attempts made for update sites, 270 options for, configuring, 263 to 273 use of with SuperDAT utility, 273 to 275 as e-mail client supported in VShield, 98 choosing correct options for in configuration wizard, 106 in E-mail Scan Properties dialog box, 129 logging on to and scanning v6.0, v7.0 and v8.0 mailboxes, 294 CENTALRT.
Index of VirusScan Classic, 183 to 189 of VShield necessity to have running to start scan tasks, 226 in Download Scan module, 142 to 152 overview of, 212 to 214 in E-mail Scan module, 127 to 141 possible applications for, 209 in Internet Filter module, 152 to 161 purpose of, 209 in Security module, 161 to 164 report options for VirusScan, configuring from, 239 to 241 in System Scan module, 110 to 127 using wizard, 98, 103 to 108 configuration wizard Download Scan module options, choosing with, 10
Index Customer Service choosing in the E-Mail Scan program component, 281 to 284 contacting, xxii choosing in VirusScan Advanced, 190 to 196 D configuring for Download Scan module, 142 to 145 damage from viruses, xiii payloads, xv configuring for E-mail Scan module, 128 to 133 .
Index DMI alerts, use of with Alert Manager server, 311 E-Mail Scan program component, default responses when virus found, 82 to 84 document files, as agents for virus transmission, xviii Emergency .DAT files, location and use of, 252 double heuristics analysis, 32 Emergency Disk Download Scan module configuring, 142 to 152 creating on uninfected computer, 70 default response options for, 79 to 80 use of BOOTSCAN.
Index WEBFLTR.TXT, as VShield log, 160 to 161 F false detections, understanding, 74 file information, viewing, 84 to 86 File menu View Activity Log, 200, 241 file name extensions WEBINET.
Index infected files cleaning by yourself when VirusScan cannot, 71 L log file creating with text editor, 122 to 123, 139, 150, 160 to 161, 187 to 188, 200 to 201, 239 to 240, 291 to 292, 300 deleting recorded in log file, 123, 140, 151 information recorded in, 123, 140, 151, 201, 240, 292 moving, 119, 134, 147 recorded in log file, 123, 140, 151 limiting size of, 123, 140, 151, 161, 188, 201, 240, 257, 268, 292 removing viruses from, 69 to 84 use of quarantine folder to isolate, 119, 134, 147 MAILS
Index MAILSCAN.
Index Office, Microsoft, files as agents for virus transmission, xviii Detection, 190 to 196 Olympus scan engine Report, 200 to 202 Exclusion, 202 to 206 what it is, 249 Security, 206 to 207 online help VirusScan Classic opening from the Console, 214 Action, 185 to 187 opening from VirusScan Classic and VirusScan Advanced, 179 Report, 187 to 189 options Download Scan module, configuring, 142 to 152 Where & What, 183 to 185 origin of viruses, xiii to xx Outlook and Outlook Express E-mail Scan
Index corporate Properties at a glance, 325 KnowledgeCenter, 321 in Task menu, 212 property pages ordering, 324 PrimeSupport Connect, 322 PrimeSupport Enterprise, 323 PrimeSupport Prioity, 323 for home users Online Upgrades plan, 327 locking and unlocking, 164, 206, 246 proxy servers, working through to obtain updates and upgrades, 260, 271 Q Qualcomm Eudora and Eudora Pro as e-mail clients supported in VShield, 98 ordering, 328 Pay-Per-Minute plan, 327 Quarterly Disk/CD plan, 327 quarantine folder
Index VSCLOG.TXT as, 187 to 188, 200 to 201, 239 to 292 for System Scan module, 117 to 120 VSHLOG.TXT as, 122 to 123 for VirusScan Classic, 185 to 187 WEBEMAIL.TXT as, 139 for VirusScan in Console, 234 to 237 WEBFLTR.TXT as, 160 to 161 WEBINET.
Index defaults included with VirusScan Console, 215 starting, 213 automatically, 233 need for Console to be running, 226 definition of, 212 status, checking, 226 to 227 deleting, 213 stopping, 213 detection options targets for choosing for VirusScan in Console, 229 adding, 184, 191 to 194, 229 to 282, 295 to 297 configuring in VirusScan Advanced, 190 to 196 removing, 193, 231, 296 disabling, 213 entering schedule times for, 225 excluding items from, 241 exclusion options, configuring for VirusS
Index Security module configuring, 161 to 164 security options choosing for VirusScan Advanced, 206 to 207 choosing for VirusScan in Console, 245 to 247 Select, 213 session settings recorded in log file, 123, 140, 151 session summary recorded in log file, 123, 140, 151 settings VShield, choosing with configuration wizard, 98, 103 to 108 Setup in Task menu, 213 statistics displayed in VShield Status dialog box, 172 for scan task, 226 to 227 status checking for scan operations, 226 to 227 checking for VShie
Index hours of availability, 326 resources for SecureCast, 343 via electronic services, 326 system crashes, attributing to viruses, 69 system files, as agents for virus transmission, xvi system requirements choosing for VirusScan in Console, 229 to 234 configuring in VirusScan Advanced, 190 to 196 disabling and enabling, 213 entering schedule times for, 225 exclusion options, configuring for VirusScan, 41 for VirusScan Advanced, 202 to 206 SecureCast, 333 for VirusScan in Console, 241 to 245 System S
Index Where & What options, configuring, 183 to 185 for home users ordering, 328 task list via electronic services, 326 default tasks in, 212 Task menu testing your installation, 63 text View Activity Log, 258, 269 Delete, 213 editor, use of to create log file, 122 to 123, 139, 150, 160 to 161, 187 to 188, 200 to 201, 239 to 240, 291 to 292, 300 Disable, 213 messages, use of to transmit viruses, xx Task menu Enable, 213 Title Bar in VirusScan Console, hiding and displaying, 212 New Task, 212,
Index Universal Naming Convention (UNC) notation, use of to designate update and upgrade sites, 259, 270 .UPD files description and use of, 346 update and upgrade methods using with VirusScan software, 250 to 252 UPDATE UPGRADE ACTIVITY.
Index payload, xv choosing options for, 302 to 304 polymorphic, definition of, xvii opening, 301 to 302 programs similar to understanding, 301 Trojan horses, xv worms, xiv default responses to virus detection, 80 to 82 recognizing when computer problems do not result from, 73 description of program components, 33 to 37 removing detection options before installation, necessity of and steps for, 69 from infected files, 69 to 84 choosing in Console, 229 configuring in VirusScan Advanced, 190 to 1
Index Where & What, 183 to 185 report options choosing in Console, 239 to 241 configuring in VirusScan Advanced, 200 to 202 detection options for VirusScan, configuring from, 229 to 234 disabling and enabling tasks from, 213 necessity to have running to start scan tasks, 226 security options, choosing in Console, 245 to 247 overview of, 212 to 214 updating via AutoUpdate, 252 to 273 possible applications for, 209 upgrading via AutoUpgrade, 263 to 273 purpose of, 209 ways to use, 176 scheduling and
Index configuring, 127 to 141 default response options for, 78 to 79 Internet Filter module Where & What options choosing in VirusScan Classic, 183 to 185 why worry about viruses?, xiii to xiv configuring, 152 to 161 window elements, in VirusScan Console, 212 default response options for, 80 Wizard, button in VShield Properties dialog box, 104 Properties dialog box Download Scan module, 142 to 152 E-mail Scan module, 127 to 141 Word files, as agents for virus transmission, xviii Internet Filter mod
