User Guide

ManualsBrandsMcafee ManualsOtherVIRUSSCAN 4.5

101

102

103

104

105

106

107

108

109

110

User’s Guide 105

6Updating and Upgrading

VirusScan Software

Developing an updating strategy

Make no mistake about it: virus writers are electronic vandals who can destroy

your data, cause system instability, and cost you time and money. The

overwhelming majority of them are relatively inept programmers who rely on

virus “kits,” or other pre-made tools, to introduce small variations in existing

viruses or other malicious software. But some virus writers do introduce new

twists or unexpected attack strategies into their creations. To counter these

threats, McAfee Anti-Virus Emergency Response Team (AVERT) researchers

must release frequent updates to the virus definitions database and technical

enhancements or upgrades to the scan engine that VirusScan software uses.

Without updated files, VirusScan software might not recognize new forms of

malicious software or detect new virus strains when it encounters them.

What are .DAT files?

Virus definition, or .DAT, files contain up-to-date virus signatures and other

information that McAfee anti-virus products use to protect your computer

against the thousands of computer viruses in circulation. McAfee releases new

.DAT files weekly to provide protection against the approximately 500 new

viruses that appear each month.

With this VirusScan release, McAfee has introduced a new incremental .DAT,

or iDAT, technology that consists of small file collections that contain only the

virus definitions that have changed between weekly .DAT file releases—not

the entire .DAT file set. This development means that you can download .DAT

file updates much faster, and at a far lower cost in bandwidth, than ever

before. To learn more about the new technology, see Appendix F,

“Understanding iDAT Technology.”

What is the scan engine?

The McAfee scan engine is at the heart of McAfee anti-virus software. The

engine contains the program logic necessary to scan files at particular points,

process and pattern-match virus definitions with data it finds in your files,

decrypt and run virus code in an emulated environment, apply heuristic

techniques to recognize new viruses, and remove infectious code from

legitimate files. The remaining parts of the VirusScan package help to feed files

to the engine for processing, integrate with various parts of your computer’s

operating system to intercept files as they execute or as you work with them,

and provide an interface you can use to configure various scan settings.