Netware Super Library

home *** CD-ROM | disk | FTP | other *** search

/ Netware Super Library / Netware Super Library.iso / virus / nsh4_160 / netshld.doc < prev next >

Wrap

Text File | 1994-03-30 | 50.9 KB | 1,431 lines

NETSHIELD Version 1.6 for Novell NetWare v4.01 and NetWare for OS/2 V4.01 Copyright 1992, 1993 by McAfee Associates, Inc. Copyright 1994 by McAfee, Inc. Documentation by Aryeh Goretsky and Logical Arts McAfee Associates, Inc TEL (408) 988-3832 2710 Walsh Avenue, Suite 200 FAX (408) 970-9727 Santa Clara, California BBS (408) 988-4004 95051-0963 CompuServe GO MCAFEE USA Internet support@mcafee.com America Online MCAFEE TABLE OF CONTENTS Chapter 1: INTRODUCTION . . . . . . . . . . . . . . . 1 - How to use this manual . . . . . . . . . . . . . . 3 - What NETShield includes. . . . . . . . . . . . . . 4 - System Requirements. . . . . . . . . . . . . . . . 5 - License and Registration . . . . . . . . . . . . . 5 - Validating NETShield . . . . . . . . . . . . . . . 6 - Technical Support. . . . . . . . . . . . . . . . . 7 Chapter 2: INSTALLATION . . . . . . . . . . . . . . . 10 - Customizing NETShield. . . . . . . . . . . . . . . 11 Chapter 3: NETSHIELD'S MENUS. . . . . . . . . . . . . 12 - Available Options. . . . . . . . . . . . . . . . . 12 - Configuration Options. . . . . . . . . . . . . . . 13 - Report Options . . . . . . . . . . . . . . . . . . 22 - Updating Options . . . . . . . . . . . . . . . . . 23 Chapter 4: WHAT TO DO IF A VIRUS IS FOUND . . . . . . 24 NETSHIELD for NetWare v4.x Version 1.6 Page 1 Chapter 1: INTRODUCTION Welcome to NETShield, a powerful and advanced system designed to detect computer viruses on NetWare v4.01 and NetWare for OS/2 v4.01 servers. NETShield watches as network users, the most likely source of infected files, copy files to the network. NETShield is a NetWare Loadable Module (NLM). This allows it to integrate easily into your NetWare environment and function independently of any workstation, guaranteeing that your network is always protected. NETShield is Tested and Approved compatible as an NLM utility by Novell, Inc. for use with NetWare v4.01, and NetWare for OS/2 v4.01. It is important that you install and configure NETShield correctly for your particular network. As you set up NETShield, you'll complete the tasks necessary to maintain a virus-free network. Use this task list as a "roadmap" for applying the information in this reference to your network. Task 1: Installation You'll install NETShield on every server at your site. The NETShield NLM will be copied to your SYS:SYSTEM directory, and your server will be configured to load NETShield automatically whenever you restart it. See Chapter 2, Installation, for details. o If you use a bootable floppy diskette to start your server, make sure that the boot diskette is clean of any viruses. The documentation for VirusScan , McAfee Associates' virus scanning program for PC's, describes a procedure for creating a clean bootable diskette. Task 2: Configuration Set NETShield to scan all files transferred to the server, using the "On-Access" scanning settings. Also set it to run scans at regular intervals, using the "Periodic" scanning settings. Turn CRC, Cyclic Redundancy Checking, on if you have a stable file environment. CRC checking verifies that mathematic "check sums" stay consistent for files; if files are changed often, then an error in the check sums will be reported. See "Configuring NETShield" in Chapter 3, NETShield Menus, for details. Task 3: Scanning Once you've configured NETShield, it will automatically scan in the background. The NETShield NLM will be running as long as your NetWare server is running. NETSHIELD for NetWare v4.x Version 1.6 Page 2 Task 4: Reporting NETShield can inform you when a virus is found, both by broadcasting a network message to selected users and by recording the information in a log file. It can then move or delete the infected file. We recommend that you set up NETShield to log infections in a file, notify the network supervisor, and move infected files into a "quarantine" directory for later inspection. See "Reporting" in Chapter 3, NETShield Menus, for details. Task 5: Updating As new viruses are found, McAfee Associates will release new virus signature files for you to install. When you receive an update, or download one from the McAfee BBS, update one server and enable cross-server updating so that the new list is copied to the other servers over the network. Task 6: Virus elimination Once you've identified and isolated an infected file, eliminate the virus using other McAfee Associates' ViruScan, VShield and Clean-Up. VirusScan does periodic scanning of both standalone PC's and networks, VShield does continuous checking on PC's, and Clean-Up removes viruses from both standalone PC's and networks NETSHIELD for NetWare v4.x Version 1.6 Page 3 HOW TO USE THIS MANUAL This manual will help you get NETShield running quickly and properly. Chapter 1 describes the program and files on your NETShield diskette, system requirements, how to license, and how to get help. Chapter 2 describes how to install NETShield. Chapter 3 contains reference information laid out in a format that matches the NETShield menus. If you're having trouble navigating the menus, look for the guides at the start of each of these chapters. Chapter 4 tells you what to do if you find a virus. NOTATION In this manual, different conventions distinguish particular kinds of text. Convention Example Represents Curly braces {filename} Optional element; do not type braces { } Parenthesized options (Deactivate) Context-sensitive "toggled" options which switch from the current state to the alternate (indicated by the current menu item text). NETSHIELD for NetWare v4.x Version 1.6 Page 4 WHAT NETSHIELD INCLUDES The NETSHIELD distribution file includes the the NETShield NetWare Loadable Module, various informative text files, and the Validate program. When you download files from McAfee Associates, use Validate to ensure that the software you've downloaded is authentic. See "Validating NETShield," later in this chapter, for instructions. File Name Description NETSHLD.NLM NetWare Loadable Module for NetWare v4.x. VIR.DAT Virus signature file. VIR$CFG.DAT Default configuration file. README.1ST Quick start, version-specific, and validation information text file. VIRLIST.TXT List and characteristics of most viruses detected by NETShield VALIDATE.COM Validate program for DOS . VALIDATE.DOC Documentation text file for Validate. AGENTS.TXT List of McAfee authorized agents. COMPUSRV.NOT CompuServe membership text file LICENSE.DOC Licensing agreement text file. REGISTER.DOC License quotation request text file. NETSHIELD for NetWare v4.x Version 1.6 Page 5 SYSTEM REQUIREMENTS NETShield requires a Novell NetWare v4.01 or NetWare for OS/2 v4.01 file server with at least 718Kb of free server RAM. It should utilize no more than 10% of server CPU time. When running NETShield under 4.x during heavy file server utilization, if NETShield's Priority option is set to a lower value (increasing the priority given to NETShield), then some of the low priority threads will not be given a chance to execute. When the utilization drops the threads will execute. LICENSE AND REGISTRATION NETShield is distributed for evaluation purposes only by McAfee Associates for a trial period not to exceed five (5) days. At the end of the trial period, you are required to remove the NETShield software from your server. If you wish to use NETShield after the trial period, you must obtain a license from McAfee Associates. Licenses are available for internal use within businesses, organizations, government agencies and educational institutions and external use by repair centers and other service organizations. License fees are based on the number of servers present. For further information please refer to the enclosed LICENSE.DOC text file. NETSHIELD for NetWare v4.x Version 1.6 Page 6 VALIDATING NETSHIELD When you download a program from any source other than directly from McAfee Associates, it's important to verify that it is authentic, unaltered, and uninfected by a computer virus. McAfee Associates anti-virus software includes a program called Validate which helps you do this. When you receive a new version of NETShield, run Validate on all of the program files. Here's how to do this for NETShield: Start from the system prompt (C:\> ). 1. Change to the directory to which you've downloaded the files. For example, if you've stored the files in a directory named C:\DOWNLOAD: C:\>c: C:\>cd \download 2. Enter the following: C:\DOWNLOAD>validate netshld.nlm 3. Compare the results with the information in the README.1ST file. If the validation results match what's in the file, it is highly unlikely that the program has been modified. If the results you obtain from running Validate on your copy of NETShield differ from those described in the Release Notes, the file may have been damaged. Always obtain your copy of NETShield from a known source. The latest version of NETShield and validation data for NETSHLD.NLM and VIR.DAT can be obtained from McAfee Associates' bulletin board system at (408) 988-4004, from the McAfee Virus Help Forum on CompuServe (GO MCAFEE), via the Internet from the pub/antivirus directory of the mcafee.com site, or from America Online's McAfee Associates' Area (Keyword: McAfee). NETSHIELD for NetWare v4.x Version 1.6 Page 7 TECHNICAL SUPPORT For help in using NETShield, we invite you to contact McAfee Associates technical support. You can contact us: o Online 24 hours a day, through our bulletin board system, CompuServe, fax, or Internet (see "Online access to updates and technical support" below); or o By telephone at (408) 988-3832, Monday through Friday, 7:00 a.m. to 5:30 p.m. Pacific Standard Time. For fast and accurate help, please have the following information ready when you contact McAfee Associates: o Program name and version number. o Type and brand of computer, hard disk, installed adapter cards, and any peripherals. o Version of NetWare, along with any NLM's or device drivers in use. o Printouts of the AUTOEXEC.NCF and STARTUP.NCF files. o Printouts of your AUTOEXEC.BAT and CONFIG.SYS files from any workstation that you were using. o Printout of the NETShield Configuration Report. o A description of the exact problem you are having. Please be as specific as possible. If you can't be at the system console when you call, a printout of the screen would be helpful. If you are overseas, you can contact a McAfee Associates Authorized Agent. Agents are located in over 50 countries around the world and provide local sales and support for our software. Please refer to the AGENTS.TXT file for a complete list of McAfee Associates Agents. NETSHIELD for NetWare v4.x Version 1.6 Page 8 ONLINE ACCESS TO UPDATES AND TECHNICAL SUPPORT McAfee Associates updates the NETShield programs every 4-6 weeks or sooner, to add new virus detectors, new options, and fix reported bugs. To distribute these new versions, we run a multi- line bulletin board system, a forum on CompuServe, an Internet node, and an America Online area. McAfee Associates bulletin board system (BBS) Our multi-line BBS is accessible 24 hours a day, 365 days a year, except for scheduled downtime and maintenance. All lines run high-speed modems operating from 1,200 bps to 14,400 bps with line settings of 8 data bits, no parity, and one stop bit. McAfee Forum on CompuServe We sponsor the McAfee Virus Help Forum on CompuServe. To reach it, type GO MCAFEE at any CompuServe prompt. A free introductory membership is available; see the COMPUSRV.NOT text file for more information. Internet access The latest versions of McAfee Associates' anti-virus software are available by anonymous ftp (file transfer protocol) over the Internet from the mcafee.com site. If your domain resolver does not support names, use the IP# 192.187.128.1 instead. Enter "anonymous" as your user ID and your own email address as the password. Programs are located in the pub/antivirus directory. If you have questions, please send email to support@mcafee.com. You can also find McAfee Associates' anti-virus software at the SimTel archive site Oak.Oakland.EDU in the pub/msdos/virus directory and its associated mirror sites: o ARCHIE.AU (Australia). o FTP.FUNET.FI (Finland) o FTP.SWITCH.CH (Switzerland) o SRC.DOC.IC.AC (UK) o WUARCHIVE.WUSTL.EDU (US) America Online The America Online "keyword" for the McAfee area is MCAFEE. NETSHIELD for NetWare v4.x Version 1.6 Page 9 OTHER SOURCES OF INFORMATION The McAfee Associates BBS and Virus Help Forum on CompuServe are excellent sources of information on virus protection. Batch files and utilities to help you use NETShield software are often available, along with helpful advice. Independent publishers, colleges, training centers, and vendors also offer information and training about virus protection and computer security. We especially recommend the following books: o Ferbrache, David. A Pathology of Computer Viruses. London: Springer-Verlag, 1992. ISBN 0-387-19610-2. o Hoffman, Lance. J. Rogue Programs: Viruses, Worms, and Trojan Horses. Van Nostrand Reinhold, 1990. ISBN 0-442-00454-0 o Jacobson, Robert V. The PC Virus Control Handbook, 2nd Ed. San Francisco, Miller Freeman Publications, 1990. ISBN 0-87930-194-0. o ________, ________. Using McAfee Associates Software for Safe Computing. New York: International Security Technology, 1992. ISBN 0-9627374-1-0. NETSHIELD for NetWare v4.x Version 1.6 Page 10 Chapter 2: INSTALLATION Installing NETShield is a straightforward and simple process. To start, you will need to copy the NETShield NLM, virus signature, and NETShield configuration file (if any) to the SYS:\SYSTEM directory on your network server. You can change this, but remember that these files must be on a network drive if you want to run NETShield on your server(s). Next, you will modify the AUTOEXEC.NCF file to run NETSHIELD each time the server is booted. Here's how to do this for NETShield: Start from the system prompt (C:\>). 1. Change to the your network drive (F:\> in this example): C:\>f: F:\LOGIN>cd \system F:\SYSTEM> 2. Copy the required files to the network drive: F:\SYSTEM>copy c:\mcafee\netshld\netshld.nlm f:\system F:\SYSTEM>copy c:\mcafee\netshld\vir.dat f:\system 2a. If a NETShield configuration file is present, copy it to the network drive: F:\SYSTEM>copy c:\mcafee\netshld\vir$cfg.dat f:\system 3. Edit the AUTOEXEC.NCF file to add NETShield: F:\SYSTEM>edit autoexec.ncf 3a. Go to the beginning of the AUTOEXEC.NCF file and add: load netshld load 3b. Save the AUTOEXEC.NCF file. NETShield is now installed on your network server NETSHIELD for NetWare v4.x Version 1.6 Page 11 Customizing NETShield Once you've installed NETShield, you can customize the way it loads by editing the LOAD command in the AUTOEXEC.NCF file. The following options are valid: LOAD NETSHLD runs NETShield with the default settings and no configuration file. LOAD NETSHLD LOAD runs NETShield with the default configuration file, VIR$CFG.DAT, from the SYS:SYSTEM directory. LOAD NETSHLD LOAD = path and filename} runs NETShield with a user-specified configuration file from the directory you specify. The complete path and file name, including the volume name, must be specified when using a configuration file other than the default file. We recommend that when you install NETShield for the first time, you create a configuration file and save it. This way, NETShield will always be loaded with optimal virus detection for your environment. See "Configuring NETShield" in Chapter 3, NETShield Menus, for details. Unless otherwise specified, NETShield creates, loads, and saves configuration files and reports in the directory where the NETSHLD.NLM file is located. Once you are done installing and customizing NETShield, you can either restart your server to run NETShield or go to the system console and type the following and the system prompt to start NETShield: LOAD NETSHLD NETSHIELD for NetWare v4.x Version 1.6 Page 12 Chapter 3: NETSHIELD MENUS When you run NETShield and the program loads virus patterns, you'll see this menu. It is the highest level menu in the command hierarchy: _____NETSHIELD AVAILABLE OPTIONS_____________________________ (Do a scan immediately) Configuration options Report options Signature control Exit _____________________________________________________________ (Do a scan immediately) Activates NETShield virus checking of all selected volumes. To choose which volumes are scanned, select Configuration Options\What to Scan\Volumes to Scan. If you choose this item when it reads "(Terminate a Current Scan)" you will stop any currently running scan, whether it is immediate or periodic. Configuration options Lets you customize NETShield to meet your particular needs. Take some time to become familiar with the different menus available under this option. Report options Lets you customize how NETShield reports the results of its scanning. Set up NETShield to give you information where you need it when you need it. Signature control Lets you keep NETShield's virus detection current by loading updated external signature files, or "virus signatures." Use it to load new sets of virus signatures, add new virus strings, and toggle virus signature updating between servers. Exit Use this option to unload NETShield and return to the NetWare System Console. If you have set an "unload" password in the Password Access Control menu, you must enter it before NETShield will unload. For security reasons, NETShield will prompt you for this password if you attempt to unloaded it from the System Console command line. When a regular scan is being performed, either immediate or periodic, it will halt when NETShield unloads. NETSHIELD for NetWare v4.x Version 1.6 Page 13 Configuring NETShield Use the Configuration Options menu to set various parameters for NETShield's operation. Choose from the following items: _____CONFIGURATION OPTIONS___________________________________ On-access scanning options Period-scanning options Actions on virus detection What to scan Configuration file options Speed/Accuracy controls CRC controls Password access control Return to previous menu _____________________________________________________________ On-access scanning options Use the settings available from this option to select accesses to trap for scanning. Scan incoming access (to the server) to protect the server, scan outgoing access (from the server) to prevent reinfection of a workstation from a virus on the server. We recommend that you scan incoming access, but not outgoing. This protects the server but avoids running extra scans. You'll see this menu: _____TRAP ACCESS MENU________________________________________ Incoming and outgoing scans both incoming and outgoing accesses Outgoing Only scans only outgoing accesses Incoming Only scans only incoming accesses None turns off on-access scanning Return to Previous Menu Return to the Configuration Options Menu _____________________________________________________________ Period-scanning options Use the settings available from this option to schedule a scan to occur at a specific time. You'll see this menu: Activate (Deactivate) Choose this to schedule scans on a Daily, Weekly, or Monthly basis. When you choose a Daily scan, NETShield prompts you to enter the time to start scanning. Enter the time in 24-hour format, e.g., 1:00 p.m. becomes 1300 hours. NETSHIELD for NetWare v4.x Version 1.6 Page 14 Choose Deactivate to disable periodic scanning. If a periodic scan is running when Deactivate is selected, the scan will continue until finished. If you want to halt a periodic scan, select "Terminate a Current Scan" from the NETShield Available Options menu. o To optimize your network usage when scheduling a periodic scan, select a time for scans when server utilization is otherwise low. Priority to run with Choose this to set the amount of CPU time NETShield uses when performing a periodic scan. There are ten levels of priority available, from 1, the most CPU-intensive, to 10, the least CPU-intensive. When NETShield is run with a priority setting of 1, 40-50% CPU usage is added and approximately one file is scanned per second. When run with a priority of 10, 1-2% CPU usage is added and one file is scanned approximately every 10 seconds. The default priority is 5. Return to previous menu Return to the Configuration Options menu. Actions on virus detection Use the settings available from this option to set what NETShield does with an infected file and who should be notified upon detection of a virus. You'll see this menu: File actions Contact actions File Actions lets you set what NETShield will do when it finds an infected file. You'll see this menu: Delete infected file Deletes virus-infected files. Deleted files can be recovered using the NetWare Salvage command. Overwrite and delete Erases virus-infected files by deleting them and then writing random characters over the space they occupied. The infected files deleted in this manner can not be recovered. NETSHIELD for NetWare v4.x Version 1.6 Page 15 Move infected files Moves infected files to the directory specified using the Set Move-to Directory command, also on this menu (see below for details). Leave infected files alone Performs no action on infected files. Be careful with this; if you choose this setting, the only way you will be able to tell if an infected file is found is by looking at the scan logs. Set move-to directory Chooses a destination directory in which to put infected files. If no directory is specified then a subdirectory called \INFECTED is created in the system directory for this purpose. Return to previous menu Returns to the Actions on Virus Detection menu. Contact actions lets you set who is informed of infections. You'll see this menu: (Do not inform the user accessing the file) Use this setting if, for security purposes, you don't want users to know they have infected files. If you choose not to inform the user, be sure to identify someone else to be informed. Edit the list of users to be contacted Allows changes to the list of users to be contacted when an infected file is found. Do not display messages on Console Use this setting if you don't want virus messages to show up on the NetWare System Console. Return to previous menu Returns to the Actions on Virus Detection menu. NETSHIELD for NetWare v4.x Version 1.6 Page 16 What to scan Use the settings available from this option to set areas of servers, files and users to scan. You'll see this menu: _____WHAT TO SCAN____________________________________________ Volumes to scan Change scanned extensions Ignore Users Skip directories Non-CRC checked files Return to previous menu _____________________________________________________________ Selecting "Volumes to Scan" selects which volumes are scanned during immediate and periodic scanning. By default, all mounted volumes are scanned. On-access scanning will check all mounted volumes and is not affected by this option. See "On-access scanning options," earlier in this section, for details about setting up on-access scanning. To scan all files for viruses, including data files, remove any current filename extensions and set the on-access and regular scanning extensions to "*". This may impact server performance. For this reason, scanning all files is generally not recommended. Also, we do not recommend that you use the wild card extensions "*" or "???" for CRC-checking, since this will cause all files to be added to the CRC file list, including data files, batch files, bindery files and other frequently-changed files. Change scanned extensions Use the settings available from this option to set the file extensions to scan. Wild card extensions using "*" and "?" can be used for all extensions. Add and remove extensions in these options to customize your setup. Press [Ins] to insert a file extension, [Del] to remove them, and [Esc] to exit. When you choose it, the following choices will be available: Extensions to scan on access Allows changes to the list of file extensions checked during on-access scanning. The default extensions selected are .COM, .EXE, .OV?, and .SYS. NETSHIELD for NetWare v4.x Version 1.6 Page 17 Extensions to scan during regular scan Allows changes to the list of file extensions checked during periodic (scheduled) scanning. The default extensions selected are .COM, .EXE, .OV?, and .SYS. Extensions that will NOT be scanned Set a list of file extensions to exclude from both types of scanning. By default, this list is empty. Extensions that will be checked by CRC Allows changes to the list of file extensions to check for unknown viruses using CRC checking. The default extensions selected are .COM, .EXE, .OV?, and .SYS. Return to previous menu Return to the What to Scan menu. Ignore users Specify any users who should not be scanned for virus- infected files. o Use this option only to exclude accounts that run unattended processes, such as network backups. The process will continue in the event that the account tries to access an infected file. It only skips virus scanning during on-access scanning, when the specified users try to access the network. Skip directories Select which directories to exclude from virus scanning. o Use this option only for excluding directories which contain virus-infected files, such as a directory created into which NETShield moves virus-infected files. When inserting a directory to be skipped, enter the name of the file server, volume and directory in the following format: {file server}/{volume name}:/{directory}/ Note the placement of the forward slashes and colon. NETSHIELD for NetWare v4.x Version 1.6 Page 18 Non-CRC checked files Enter the paths for directories or files for which CRC checks should not be created. When you enter a directory to be skipped, be sure to enter the name of the volume and the subdirectory as well. When inserting a file name, enter the complete volume, subdirectory, and filename. Wild cards can not be used in file or directory names. Return to previous menu Return to the Configuration Options menu. Configuration file options Use the settings available from this option to load and save different configuration settings. When you choose it, the Save and Load Configurations menu will appear with the following choices: Load configuration file Load a configuration file for NETShield. NETShield looks in the SYS:SYSTEM directory by default. You will be prompted to enter a filename if you choose this option. Change the path and filename if you do not want to use the default. We recommend that you use the default path so that the configuration files are easy to locate if you have to investigate a problem. Save configuration file Save a configuration file for NETShield. If no configuration file was specified when NETShield was loaded, then the default path is used and the the filename is set to VIR$CFG.DAT. Pressing any key will clear the default and allow a new path and filename to be entered. NETSHIELD for NetWare v4.x Version 1.6 Page 19 Write configuration report Creates an ASCII text file containing NETShield's configuration options. NETShield defaults to a filename VIR$CFG.TXT in the same directory that the NETSHLD.NLM file is located in. Pressing any key will clear the default filename and allow a new path and filename to be entered. o The configuration report must be written to a network drive, and not to the local drive of a workstation. Print configuration report Send the configuration report to file server print queues. To choose from the list of available queues, press [Esc] when prompted for a queue name. Return to previous menu Display the current action and return to the Configuration Options menu. Speed/Accuracy controls The Speed/Accuracy controls pptimize NETShield for speed versus accuracy during scanning. When set to Full Scanning, NETShield will check a greater portion of files for viruses than when set to Fast Scanning. Using Fast Scanning may reduce NETSHield's accuracy, since files are scanned for fewer details of a virus infection. CRC controls Use the settings available from this option to set and configure CRC (Cyclic Redundancy Check) checking for unknown viruses. NETShield calculates a value based on structure of the file, and then recalculates the same value periodically to compare with the original. If the CRC has changed, it is likely that the file has been infected or otherwise modified. Because the CRC will change whenever a file is updated, we recommend using CRC checks only in stable environments where few program updates are performed. NETSHIELD for NetWare v4.x Version 1.6 Page 20 You'll see the following menu: No CRC check Disable checking for unknown viruses using CRC checks. This is the recommended setting. Fast CRC Perform a CRC check against the beginning of a file and other critical parts of a file. If no entry exists in the CRC data file, NETShield will create an entry for it. Full CRC check (SLOW!) Perform a CRC check against an entire file. If no entry exists in the CRC data file, NETShield will create an entry for it. Set filename to store CRC's in Change the name or location of the file where CRC data is stored. By default, it is set to VIR$CRC.DAT and stored in the same directory as the NETSHLD.NLM file. Extensions that will be checked by CRC Bring up the Extensions to Scan pop-up menu. To add an extension press [Ins], and to remove an extension, press [Del]. To exit, press [Esc]. Return to previous menu Display the current action and return to the Configuration Options menu without making any changes. o Using "*" or "???" as an extension is not recommended since this will cause all files to be added to the CRC data file, including data files, batch files, bindery files and other frequently-changed files. NETSHIELD for NetWare v4.x Version 1.6 Page 21 Password access control Use the settings available from this option so that NETShield prompts for a password before unloading. You can also set a toggle so that the same password will be required to make any changes to the NETShield configuration. You'll see this menu: Enter password Set a password for unloading NETShield. The password is not case-sensitive, can be up to forty (40) characters long, and can be any mix of alphanumeric and punctuation characters. o If a password is required, then it must be re-entered before the password can be changed or removed. Enable menu password (Disable menu password) Sets NETShield to require the NETShield unload password to make any changes to the NETShield configuration. Return to previous menu Returns to the Configuration Options menu. NETSHIELD for NetWare v4.x Version 1.6 Page 22 REPORT OPTIONS Use the Report Options menu to set up how NETShield log files are created and viewed. It contains the following options: _____REPORT OPTIONS__________________________________________ Set path for log file Enable logging (Disable logging) View log file Print log file Print and clear log Clear log Return to previous menu _____________________________________________________________ Selecting "Set path for log file" sets a destination directory where NETShield will store reports. The current log file is always displayed. If the log file has not been configured, the default filename will be VIR$LOG.DAT. Press any key to clear the filename and enter a new one. Selecting "Enable logging (Disable logging)" chooses whether to create a virus incident log when an infected file is found. Selecting "View log file" views the log files of virus incidents. Use the [Home] key to view the first entry in the log file, the [End] key to view the last entry, the [PgUp] and [PgDn] keys to view the log file one screen at a time, and [Esc] to exit. Selecting "Print log file" sends a log file to a file server print queue. Choose this to see a list of available print queues on the server. Use the cursor keys to select a print queue, [Enter] to accept, and [Esc] to abort. Selecting "Print and clear log file" sends a log file to a file server print queue. Choose this to see a list of available print queues on the server. After printing, the log file is erased. Use the cursor keys to select a print queue, [Enter] to accept, and [Esc] to abort. Selecting "Clear log" erases all events in the current log file. Selecting "Return to previous menu" returns to the NETShield Available Options menu. NETSHIELD for NetWare v4.x Version 1.6 Page 23 UPDATING OPTIONS Use the settings available from this option to update the virus signature file and to enter external virus signature search strings. You'll see this menu: _____SIGNATURE CONTROL_______________________________________ Update signature with new VIR.DAT Load external strings Disallow cross server updating (Allow cross server updating) Return to previous menu _____________________________________________________________ Selecting "Update signature with new VIR.DAT" loads a new signature file, or pattern, into memory. By default, the VIR.DAT file will be loaded from the same directory in which the NETSHLD.NLM file is located. To change this, press a key to erase the current filename and type in the new directory and filename for the pattern file. Selecting "Load external strings" reads in a supplemental virus signature string file created by the user. For more information, see the ViruScan documentation on creating an external virus signature string file. Selecting "Disallow cross server updating (Allow cross server updating)" toggles between enabling or disabling pattern updates between servers. Turning this option on allows NETShield to automatically update the VIR.DAT file on other servers running NETShield. Selecting "Return to previous menu" returns to the NETShield Available Options menu. NETSHIELD for NetWare v4.x Version 1.6 Page 24 Chapter 4: VIRUS IDENTIFICATION AND REMOVAL It is strongly recommended that you get experienced help in dealing with viruses if you are unfamiliar with anti- virus software and methods. This is especially true for "critical" viruses that infect files whenever they are accessed. Improper removal can result in damage to the data or the disk. If you require assistance with a computer virus incident, you can contact McAfee Associates for help by BBS, FAX, telephone, Internet, CompuServe, or America Online. There is no charge for technical support directly from McAfee Associates, but technical support through any of McAfee Associates' Authorized Agents may be billed at normal support rates. All of McAfee Associates' programs can be downloaded from our BBS, the mcafee.com site on the Internet, the McAfee Virus Help Forum on CompuServe, the McAfee area on America Online, or from any of the agents listed in the enclosed AGENTS.TXT text file.