home *** CD-ROM | disk | FTP | other *** search
-
- Sophos InterCheck Release Notes
- -------------------------------
-
- Version 4.02, 20 August 1998
-
-
- Contents
- --------
-
- 1. Installation and upgrade
- 2. Modifications from version 3.12
- 3. Known Problems
- 4. Compatibility issues
- 5. Acknowledgments
-
-
- 1. Installation and upgrade
- ---------------------------
-
- Version 4.02 of InterCheck requires:
-
- Sweep version 3.12 or above.
-
- Please consult the appropriate SWEEP manual for instructions on
- installing InterCheck.
-
-
- 2. Modifications from version 3.12
- ----------------------------------
-
- i. 'On-the-fly' disinfection
- ----------------------------
- This version of InterCheck supports 'on-the-fly' disinfection for
- stand-alone Windows and Windows 95 InterCheck clients. This option
- is disabled by default. It can be enabled using the following
- configuration file options IN THE SWEEP VXD SECTIONS (see below):
-
- DisinfectDocuments=YES|NO
-
- When this option is enabled the Sweep VxD will try to disinfect
- Word/Excel viruses.
-
- DisinfectDisks=YES|NO
-
- When this option is enabled the Sweep VxD will try to disinfect
- boot sector viruses.
-
- For example, to enable both forms of disinfection for all users
- running Windows 95, use the following in INTERCHK.CFG:
-
- [SweepVxDW95Global]
- DisinfectDocuments=YES
- DisinfectDisks=YES
-
- These configuration options are only valid in the Sweep VxD
- configuration sections of the InterCheck configuration file. The
- Sweep VxD section identifiers are described later.
-
- All documents reported as having been disinfected should be
- reviewed to ensure that the virus made no changes to the content.
-
- Disinfection of boot sector viruses is not supported for NEC
- PC-9800 series machines.
-
- ii. New user Interface for Windows 95/98 InterCheck clients
- -----------------------------------------------------------
- Windows 95/98 InterCheck clients have a new user interface. This
- is fully described in the manual supplement "New GUI for Windows
- 95/98 InterCheck" which is available in PDF format.
-
- iii. Novell IntraNetWare/Client32 support
- -----------------------------------------
- InterCheck is now fully compatible with the Novell IntraNetWare
- client and the Novell NetWare Client32 network drivers for DOS,
- Windows and Windows 95.
-
- iv. Support for the NEC PC-9800 series computers
- ------------------------------------------------
- The InterCheck for Windows 95/98 client has been modified to
- operate correctly on NEC PC-9800 series computers. However, not
- all the standard InterCheck functions are available; requesting
- authorisation messages are not displayed in full screen DOS boxes
- and InterCheck does not prevent a restart when an infected
- floppy disk has been left in the floppy drive.
-
- Disinfection of boot sector viruses is not supported for NEC
- PC-9800 series machines.
-
- v. Automatic installation
- -------------------------
- The iclogin program can now be used from a login script to
- automatically install the stand-alone Windows 95 InterCheck client
- on a workstation. This option is enabled using the '-9' command
- line option. For a description of how to use this feature please
- refer to the description of the iclogin '-a' option in the
- appropriate SWEEP manual. The '-a' option automatically installs
- the stand-alone Windows 3.x InterCheck client on a workstation.
-
- vi. Removing the networked Windows 95 InterCheck client
- -------------------------------------------------------
- The networked Windows 95 InterCheck client installs an additional
- VxD (icstatic.vxd) on the workstation the first time the client is
- activated. Simply removing the central InterCheck installation
- from the server will not remove the locally installed VxD. The
- following command must be used to remove the VxD from the
- workstation:
-
- ICLOAD95 -remove
-
- Note: The VxD must be loaded very early in the computerÆs boot
- sequence to ensure that the InterCheck client can correctly
- intercept all file activity. Therefore it cannot be started from
- the network.
-
- vii. Sweep VxD configuration file sections
- ------------------------------------------
- The following section headers may be used in the InterCheck
- configuration file to pass information to the SWEEP VxD.
-
- [SweepVxDGlobal]
- [SweepVxDDOSGlobal]
- [SweepVxDW95Global]
-
- [SweepVxDWorkStation]
- [SweepVxDDOSWorkStation]
- [SweepVxDW95WorkStation]
-
- The distinctions between global and workstation specific sections,
- and between general, DOS specific, and Windows 95 specific
- sections are the same as for the InterCheck configuration section
- headers.
-
- viii. New configuration file options
- ------------------------------------
- The following new InterCheck configuration options have been
- introduced:
-
- AllowRestartLater=YES|NO (Windows 95 ONLY)
-
- The first time that the Windows 95 InterCheck client is used on a
- workstation the computer must be restarted before InterCheck can
- provide protection from viruses. By default the computer is
- automatically restarted after a short delay. However, if
- AllowRestartLater is YES, InterCheck allows the user to restart
- the computer at a later time.
-
- AltCommsDir=<Communication directory>
-
- This option is now supported by the Windows 95 InterCheck client.
- Please refer to the appropriate SWEEP manual for more information.
-
- CheckFloppyOnShutdown=YES|NO (Windows 95 ONLY)
-
- InterCheck normally checks the floppy disk in drive A: before
- allowing the computer to be shut down. This feature can be
- disabled by setting CheckFloppyOnShutDown to NO.
-
- PurgeChecksumsNow (Windows 95 ONLY )
-
- This option instructs the InterCheck loader to purge the checksums
- every time InterCheck is started. The option is designed to be
- used for a limited period after a virus incident in order to force
- InterCheck to re-sweep all files for viruses.
-
- RestartTimeout=<time in seconds, 0-120> (Windows 95 ONLY)
-
- The delay before the automatic restart, described above, is
- controlled by this option. The default value is 15 seconds. It
- can be set to zero for an immediate restart.
-
- UseProgramExtensionsForSweep=YES|NO
-
- This option influences what files will be swept as InterCheck
- starts. By default, InterCheck now allows SWEEP to decide what
- file extensions represent files that need to be checked for
- viruses. Setting UseProgramExtensionsForSweep to YES forces SWEEP
- to use the list of extensions defined by the ProgramExtensions
- configuration option. Please note that this represents a change in
- default behaviour.
-
-
- 3. Known Problems
- -----------------
-
- i. Spurious Disinfection Failure Reports
- ----------------------------------------
- InterCheck may, in some circumstances, incorrectly report that a
- boot sector virus could not be disinfected when in fact the virus
- had been successfully removed.
-
- Anyone encountering this problem should temporarily remove the
- floppy disk from the drive. When the disk is replaced and
- subsequently used, InterCheck will re-scan for viruses and
- correctly determine that the virus is no longer present.
-
- The problem only occurs when InterCheck is used with SWEEP
- version 3.13.
-
-
- 4. Compatibility Issues
- -----------------------
-
- i. Windows 95 and NFS Clients
- -----------------------------
- Using InterCheck with certain NFS Clients, including Solstice
- Network Client 3.1Plus from Sun, can cause a conflict between
- the networked InterCheck Client and a system component which
- will cause the computer to completely stop responding.
-
- Sophos strongly recommends that you use the stand-alone
- InterCheck Client if you are using an NFS client to access the
- InterCheck communications directory.
-
- ii. Windows 95 AS/400 Client Access
- -----------------------------------
- When used with Windows 95 AS/400 Client Access V3 R1 M2, the
- networked InterCheck client requires Service Pack level SF47544.
-
- With previous versions of the Client Access software, the Check
- Version utility (installed by default into the Startup group)
- would hang the PC with InterCheck present.
-
- The stand-alone InterCheck client cannot be used with AS/400
- Client Access because the Sweep95 VxD is unable to open files
- stored on the AS/400. The only solution at present is to use
- the networked InterCheck client.
-
- iii. QEMM version 6.02
- ----------------------
- InterCheck for DOS will cause the system to hang in response to
- CTL-ALT-DEL if it is loaded high using QEMM v6.02. However, the
- diskette in the A drive will be checked for viruses before the
- system hangs so that the integrity of InterCheck is not
- compromised. There are a number of possible solutions:
-
- a) Upgrade to QEMM version 7.
- b) Load InterCheck into low memory using the LoadLow=YES
- configuration option.
- c) Use the QEMM nr (norom) option. However this does not work with
- the stealth option.
-
- iv. 386Max version 6.01d
- ------------------------
- InterCheck for DOS cannot load high when version 6.01d of the
- 386Max memory manager has been installed. An error message "Memory
- allocation error" is displayed after InterCheck has run SWEEP.
- Use the LoadLow configuration option to load InterCheck into low
- memory. Alternatively upgrade to 386Max version 6.02 or above.
-
- v. NetWare 4.01
- ---------------
- The ICLOGIN program is not compatible with the version of the
- LOGIN program supplied as part of NetWare 4.01. In order to use
- the ICLOGIN program you must upgrade the Novell login program to
- version 4.08 or later. Version 4.08 of LOGIN.EXE can be obtained,
- by all registered users of NetWare 4.01, as part of the "Novell
- 4.01 Upgrade kit Vol.1 No.1".
-
- vi. MSD versions 2.10 and 2.11
- ------------------------------
- The Microsoft diagnostic program, MSD.EXE, supplied with Windows
- 3.11 and DOS 6.x, does not work correctly with InterCheck. Unless
- the Novell LSL driver has been loaded before installing
- InterCheck, the MSD program will crash while initially examining
- the system, with unpredictable results. The problem has been fixed
- in version 2.13 of the MSD program, supplied with Windows 95.
-
- vii. Other memory resident Anti-Virus products
- ----------------------------------------------
- We do not recommend using InterCheck when other memory resident
- anti-virus are active. Attempting to run multiple anti-virus
- products in this manner will cause the system to run extremely
- slowly. In some cases the system may also become unstable.
-
-
- 5. Acknowledgments
- ------------------
-
- This product uses the SPAWNO routines by Ralf Brown to minimise
- memory use while shelling to DOS and running other programs.
-
-
- ----------------
-
-
- Sophos Plc, The Pentagon, Abingdon, OX14 3YP, England
- Tel 01235 559933 o Fax 01235 559935
-
-
- Sophos Plc, 2, Place de la Defense, BP240,
- 92053 Paris la Defense, France
- Tel 01 46 92 24 42 o Fax 01 46 92 24 00
-
-
- Sophos GmbH, Am Hahnenbusch 21, D-55268 Nieder-Olm, Germany
- Tel 06136 91193 o Fax 06136 911940
-
-
- Sophos Inc, 18 Commerce Way, Woburn, MA 01801, USA
- Tel 781 932 0222 o Fax 781 932 0251
-
-
- Sales email sales@sophos.com
- Technical support email support@sophos.com
- Web http://www.sophos.com/
-