Sophos Anti-Virus for Windows 95/98/Me Release Notes ---------------------------------------------------- January 2003 (3.65) www.sophos.com Contents -------- 1. New in this version 2. Important information for customers not using InterCheck 3. General notes 4. Additional information 5. Information from previous versions 6. Known problems 7. Compatibility issues 8. InterCheck notes 1. New in this version ---------------------- * A problem creating CIDs on non-English workstations has been resolved * Windows 95/98/Me CIDs are now created with data for all supported languages All Sophos Anti-Virus versions have been updated with new virus information. 2. Important information for customers not using InterCheck ----------------------------------------------------------- This version of Sophos Anti-Virus for Windows 95/98/Me does not correctly perform on-startup scans. This issue does not affect customers using the InterCheck on-access scanner. Sophos recommends customers to use the InterCheck on-access scanner. If you currently run Sophos Anti-Virus for Windows 95/98/Me as an on-demand scanner only, and wish to run an on-startup scan, you should install the alternative version available from http://www.sophos.com/downloads/products. Enter (or apply for) your customer ID, click the link for 'Sophos Anti-Virus for Windows 95/98/Me', and then download the 'NSV' version. Alternatively, contact Sophos technical support. 3. General notes ---------------- a) Archive types Archives are not scanned by default. To enable archive scanning, tick the 'Scan inside archives' box within Sophos Anti-Virus. Depending on the number of archives present, scanning time may be increased. Selecting archive scanning enables the scanning of ARJ, CMZ, GZIP, RAR, TAR, ZIP, LHA, UUE, LZH archives, self-extracting archives of these types, Zipmail files, and files compressed with MS Compress. Self-extracting archives are only scanned as archives if archive handling has been switched on for that archive type. Otherwise they will be scanned only as executables. If both archive scanning and Macintosh virus scanning are selected BinHex and MacBinary files will also be scanned. Unix ELF files are scanned either when their file extension is in the executables list, or if 'All files' is selected. The scanning of Microsoft Cabinet files is not enabled when archive file handling is enabled. It can be enabled individually. b) Extension list The following file extensions are scanned for by default in immediate and scheduled scans. ..., 386, 3GR, ADD, ASP, BAT, CHM, CMD, COM, CPL, DBX, DLL, DMD, DOC, DOT, DRV, EML, EXE, FLT, FON, FOT, HLP, HT?, HTA, HTML, I13, IFS, INI, JS, JSE, LNK, MOD, MPD, MPP, MPT, MSO, NWS, OCX, OV?, PDF, PDR, PIF, PL, POT, PPS, PPT, PRC, RTF, SCR, SH, SHB, SHS, SRC, SWF, SYS, VB?, VXD, WBK, XL?, 4. Additional information ------------------------- The following suggestions may require the use of the Registry Editor (REGEDT32.EXE). Microsoft have issued the following warning with respect to the Registry Editor: "Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows 95/98/Me to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk." a) Setup 'SETUP /UPDATE' has priority over workstation installations, i.e. 'SETUP /UPDATE' will not fail because a workstation is in the process of establishing the need to upgrade or is in the process of upgrading. Several command line qualifiers have been added to the setup program: -a non-interactive install -ni non-interactive setup -in invisible setup program -inl invisible loader b) Messaging sub-system Forcing the SMTP SMM to send its reports as MIME-encoded attachments is possible. To do this add the following value to the registry: Key: HLM\SOFTWARE\Sophos\Sweep95\SMMs\SMTP.smm Value Name: Mime Encode Type: REG_DWORD Data: 0x00000001 c) Improved interaction with files held in off-line storage By default, during immediate and scheduled scans, Sophos Anti-Virus will not retrieve files marked as being held in off-line storage for scanning. This default behaviour can be over-ridden by setting the following value in the registry. Key: HLM\Software\Sophos\ADVANCED\ Value Name: SCAN_FILES_IN_HSM Type: REG_DWORD Data: 0x00000001 d) Scanning during an update Sophos Anti-Virus for Windows 95/98/Me scans memory, boot sectors and system files during an update. If file copying is interrupted the process will resume from the last complete file copied. It will not start again from the beginning. e) Virus information When requesting information on viruses, users are directed towards the Sophos web site for the most accurate up to date information. 5. Information from previous versions ------------------------------------- October 2002 (3.62) * InterCheck monitor icon colour change indicates InterCheck inactivity The InterCheck Monitor arrow will now change from its usual red to grey to indicate that InterCheck is disabled. * Ability for Setup to remove unwanted shortcuts from the Start menu Sophos items that no longer exist on the computer but appear in the Start menu will now be removed. * SAVI DLL now runs on both Windows NT/2000/XP and Windows 95/98/Me SAV Iinterface (SAVI) developers will now be able to write products that can be used on Windows 95/98/Me to complement those already available on Windows NT/2000/XP. * New information pages There are new information pages available on this CD. You can view these pages from any computer with an internet browser installed. They include installing and updating advice, product information, documentation, and contact information. To view these pages, let the CD autorun or run 'LAUNCHCD.EXE' from the root of the CD. If Internet Explorer 4.0 or above is installed on your computer, the information pages are displayed in a special Sophos application that enables you to install or update directly from the information pages. With other browsers open 'index.htm' from the root of the CD. If you have any difficulties viewing the CD's information pages, email sophoscd@sophos.com. * INTERCHK.CFG In the absence of an existing INTERCHK.CFG file in the root of the Interchk share, creating a new Windows 95 CID will create INTERCHK.CFG in the W95inst folder. 6. Known problems ----------------- None. 7. Compatibility issues ----------------------- a) Bay Networks (Performance Technologies) Instant Internet A conflict between the version of the WinSock client installed by the Instant Internet application and the Sophos SMTP.SMM module can lead to the Sophos Anti-Virus service not starting or stopping correctly. As a work-around, add the following value to the registry. Key: HKEY_LOCAL_MACHINE\Software\Sophos\Sweep95\SMMS\SMTP\ Value Name: No Startup Check Type: REG_DWORD Data: 0x1 This work-around will prevent the SMTP module checking for the appropriate network transport protocols during startup. InterCheck Notes ---------------- Version 4.22 Contents -------- 1. New in this version 2. General notes 3. Information from previous versions 4. Additional information 5. Known problems 6. Compatibility issues 1. New in this version ---------------------- DOS SWEEP is now used during the initial scan. 2. General notes ---------------- a) Enabling archive scanning It is possible to configure InterCheck to search for viruses inside archives such as Zip or Tar. However, by default this facility has not been enabled, and infected files stored in archives will not be reported until they are extracted for use. The ability to scan inside archive files is disabled by default because it can take a long time to scan inside large archives and a user must wait until the scan is complete before they can continue with their work. However, in some circumstances it may still be desirable to enable scanning inside archives. This section tells you how to do so. The default action can be modified for the following archive formats: Zip, Arj, Rar, Gzip, Tar and Cmz. For example, to enable Zip file archive handling the following must be added to the INTERCHK.CFG file: [InterCheckGlobal] AddProgramExtension=ZIP [SweepVxDGlobal] VirusEngineSetting:Zip=1 For the other archive formats, each needs to be added as above with a separate AddProgramExtension entry for each different extension used and one VirusEngineSetting entry for the archive type. For example, to enable Tar and Zip file archive handling, where Zip files may have the alternative extension WZP, the following must be added to the INTERCHK.CFG file: [InterCheckGlobal] AddProgramExtension=ZIP AddProgramExtension=WZP AddProgramExtension=TAR [SweepVxDGlobal] VirusEngineSetting:Zip=1 VirusEngineSetting:Tar=1 b) Default program extension list Any file whose extension matches an entry in the following list will be considered by InterCheck to be a program and will be checked whenever it is accessed: ASP, BAT, CHM, CMD, COM, DBX, DLL, DOT, DRV, EML, EXE, HLP, HT?, INI, JS, JSE, LNK, MPP, MPT, MSO, NWS, OCX, OV?, PDF, PIF, PL, PRC, RTF, SH, SHB, SHS, SWF, SYS, VB?, VXD, WBK, XL? 3. Information from previous versions ------------------------------------- Version 4.20 a) Removal of Networked mode support InterCheck will only work with the Sweep95 VxD. It will ignore the SweepVxDLoad configuration file option. The communications directory can still be specified for messaging. b) Upgrade SWEEP check level changed to SYSTEM Previously a QUICK scan was performed for every update. Now with frequent upgrades required as virus identities (IDEs) are made available on a daily basis, the upgrade check level has been changed to SYSTEM to enable a quicker startup. c) Withdrawal of InterCheck for DOS/Windows 3.1x On-access scanning is no longer supported on DOS/Windows 3.1x in any mode. On-demand scanning of DOS/Windows 3.1x systems is still supported with DOS SWEEP. 4. Additional information ------------------------- a) Additional configuration options AddProgramExtension=ext This option adds ONE extension to the ProgramExtensions list, but leaves the existing list alone. Note that if this option precedes a ProgramExtensions= option, the single extension is discarded. To add "no extension" to the list, use a dot by itself. DriverIoChecking=YES|NO If set to NO, this will suppress interception of certain types of file I/O operations executed by other VxDs in the system. Use this option to avoid problems (such as lock-ups) that can occur when InterCheck intercepts these calls. One third-party product that definitely requires this switch set to NO is ZIPMagic (1.0 and 98) from Mijenix. The default is YES. DriveType=x:,type This option allows the user to override the system's assignment of drive types. It is primarily intended for use in the form DriveType=A:,FLOPPY which allows InterCheck to start up without a delay on systems which have no A: floppy drive. It can also be used where a PC boots up from a removable C: drive in order to force InterCheck to treat the removable drive as if it were a fixed hard disk. x: may be any drive letter from A: to Z: (or a: to z:) Type may be one of the following: for floppy and other removable drives: FLOPPY,REMOVABLE for non-removable drives: FIXED,HARD DISK,HARDDISK for mapped network drive letters: NETWORK,REMOTE for CD-ROM drives: CDROM,CD for RAM disks: RAMDISK when the drive doesn't exist: ABSENT,NONE NOTE: This option only affects the actions taken by InterCheck during startup. 5. Known problems ----------------- a) Exclude= does not work correctly on InterCheck InterCheck only allows the use of standard short "8.3" file names in the "Exclude" configuration option. This means that it is not possible to exclude files with long names (e.g. "longfilename.txt"). 6. Compatibility issues ----------------------- a) Windows 95 and USB support On Windows 95 (OSR2) machines where the "USB (Universal Serial Bus) supplement" has been installed, InterCheck may hang on startup displaying the message "Preparing to SWEEP". The problem is caused by an obsolete version of the USB supplement. Customers encountering this problem are advised to remove the USB supplement using the "Add/Remove programs" icon in the control panel. When USB support is required, the latest version of the USB supplement should then be installed. b) Borland C++ and Novell IntraNetWare client There is a problem when using Borland C++ 4.51 and the Novell IntraNetWare client version 3.10 together with InterCheck for Windows 95/98. When building large projects (20+ source files), files are left locked open and cannot be deleted. This problem does not occur when using version 3.02 of the Novell IntraNetWare client. c) Windows 95 Program Manager It is possible to configure Windows 95 to use a different shell instead of the normal Explorer. Windows 95 includes a version of the Windows 3.1x Program Manager which can be used as a shell. Sophos recommends against using Program Manager as a shell on a machine which runs InterCheck. d) Hewlett Packard scanners and OCR software If you experience problems such as system lock-ups or fatal exception errors when using OCR software to acquire text directly from a Hewlett Packard scanner while InterCheck is active, you should put the following line in INTERCHK.CFG: Exclude=HPSCAN This prevents InterCheck from attempting to open a device name that is associated with the scanner, and that causes fatal errors if it is opened other than by the application. e) Eudora When Eudora is configured by a command line option to use a network drive for its files, InterCheck causes it to be very slow. This is caused by InterCheck's file type detection trying to identify the kind of file being accessed. The main "culprit" file is eudora.ini. You can improve performance by adding: Exclude=eudora.ini to INTERCHK.CFG. f) Mijenix Corporation's ZIPMagic InterCheck 4.XX requires the use of the DriverIoChecking=NO configuration file option when used with either ZIPMagic 1.0 or ZIPMagic 98. g) AS/400 Client Access The InterCheck client cannot be used with AS/400 Client Access because the Sweep95 VxD is unable to open files stored on the AS/400. h) Other memory resident Anti-Virus products We do not recommend using InterCheck when other memory resident anti-virus are active. Attempting to run multiple anti-virus products in this manner will cause the system to run extremely slowly. In some cases the system may also become unstable. ----------------