Release Notes for McAfee Virex 7.x Copyright (c) 2001-2004 Networks Associates Technology, Inc. All Rights Reserved Thank you for using Virex software. This file contains important information about the current virus definition (DAT) files. We recommend that you read the entire document. You must have a current PrimeSupport agreement in order to be entitled to download product updates and upgrades, including engine and DAT updates. By downloading any of the attached files, you acknowledge that you currently have a valid PrimeSupport agreement with Network Associates. _______________________________________________ IMPORTANT NOTES This software can only be used to update Virex 7.x This update package replaces older engine and DAT files within your Virex 7 installation. _______________________________________________ WHAT’S IN THIS FILE? What are DAT files? What’s in the package? Installation Testing your installation New viruses detected and removed Understanding virus names Contacting McAfee and Network Associates Copyright and Trademark Attributions Trademarks License Agreement _______________________________________________ WHAT ARE DAT FILES? Virus definition (DAT) files contain up-to-date virus signatures and other information that our anti-virus products use to protect your computer against the thousands of computer viruses in circulation. New DAT files are released regularly to provide protection against the hundreds of new viruses that appear each month. To ensure that your anti-virus software can protect your system or network against the latest virus threats, download and install the latest DAT files. _______________________________________________ WHAT’S IN THE PACKAGE? This package will update the scanning engine and virus definition files for Virex 7, which now protects against both Mac viruses and Windows PC viruses. _______________________________________________ INSTALLATION This UPDATE file includes a brief description of installing the product. For detailed steps, see the Product guide that is included with the product. Download the compressed Virex 7 update file to hard disk and copy it into a temporary directory off the root of your computer, or the desktop. Uncompress the file if required, and then double-click the update package. This will launch the Installer. Follow the prompts in the installer. (At the Authorization stage, click on "Click the lock to make changes" and enter your administrator password. This is the account created when the operating system was installed.) The installer overwrites the existing Engine and DAT files within the Virex installation. TESTING YOUR INSTALLATION You can test the operation of the software by running the EICAR Standard Antivirus Test file on any computer where you have installed the software. The EICAR Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus installations. To test your installation: Copy the following line into its own file, then save the file with the name EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* The file size will be 68 or 70 bytes. Start your anti-virus software and allow it to scan the directory that contains EICAR.COM. When your software scans this file, it will report finding the EICAR test file. Delete the file when you have finished testing your installation to avoid alarming unsuspecting users. IMPORTANT: Please note that this file is NOT A VIRUS. _______________________________________________ NEW VIRUSES DETECTED AND REMOVED Hundreds of new viruses and variants appear each month. Those which are detected and cleaned by AVERT's generic methods are added to the total virus count listed but they are not listed separately here. McAfee software removes a virus either by deleting the infecting virus code from files or by deleting the file from your computer. _______________________________________________ UNDERSTANDING VIRUS NAMES McAfee anti-virus software typically follows industry-wide naming conventions to identify the viruses that it detects and cleans. Occasionally, some virus names deviate from strict industry standards. The first virus with a given set of characteristics that mark it as a distinctly new entity receives a "family" name. Virus researchers draw the family name from some identifying quirk in the virus, such as a text string, or a payload effect. A family name can also include a numeric string that designates the byte size of the virus. Researchers use this name as a convenient shorthand to distinguish among very closely allied virus variants. Names for variants within a virus family consist of the family name and a suffix - .A, for example. The suffix designations continue in alphabetical order until they reach .Z. At that point, they begin again with .AA and continue until they reach .AZ. Still later variants receive the suffix .BA through .BZ, and so forth, until the suffix designations reach .ZZ. If yet another variant appears after that, it would get the suffix .AAA. As new virus strains appeared, industry naming conventions evolved to include more information. Some names, for instance, include parts that identify the platform on which the virus can run. Macro viruses, the most prevalent of the virus types, can have a complex names that consists of a number of parts. Among anti-virus vendors, virus names can include a prefix, an infix and a suffix. PREFIX The prefix designates the type of file that the virus infects or the platform on which it can run. Viruses that infect DOS executables do not receive a prefix. McAfee virus names can include these prefixes: A97M/ Macro virus. Infects Microsoft Access 97 files APM/ Macro virus or Trojan horse program. Infects Ami Pro document and template files BV/ Batch-file virus or Trojan horse program. These viruses usually run as batch or script files that affect a particular program that interprets the script or batch commands they include. They are very portable and can affect nearly any platform that can run batch or script files. The files themselves often have a .BAT extension. CSC/ Corel Script virus or Trojan horse program. Infects Corel Draw document files, template files, and scripts. HLL/ File-infector virus written in a high-level programming language HTML/ Script virus. Infects HTML files IRC/ Internet Relay Chat script virus. This virus type can use early versions of the mIRC client software to distribute a virus or payload JS/ JavaScript virus or Trojan horse program JV/ Java application or applet that functions as malicious software. JVS/ JavaScript virus or Trojan horse program O2KM/ Macro virus. Infects Microsoft Office 2000 files P98M/ Macro virus or Trojan horse program. Infects Microsoft Project documents and templates. PP97M/ Macro virus. Infects Microsoft PowerPoint 97 files V5M/ Macro or script virus, or Trojan horse program. Infects Visio VBA (Visual Basic for Applications) macros or scripts. VBS/ Script virus. Infects Visual Basic scripts W32/ File-infector or boot-sector virus. Runs in 32-bit Windows environments (Windows 95, Windows 98 or Windows NT) WIN/ File-infector virus. Runs in 16-bit and 32-bit Windows environments (Windows 3.1x, Windows 95, Windows 98, or Windows NT) W95/ File-infector virus. Runs in Windows 95 and Windows 98 Environments W97M/ Macro virus. Infects Microsoft Word 97 files WM/ Macro virus. Infects Microsoft Word 95 files X97F/ Macro virus. Infects Microsoft Excel 97 via Excel formulas X97M/ Macro virus. Infects Microsoft Excel 97 files XF/ Macro virus. Infects Microsoft Excel 95 or 97 via Excel formulas XM/ Macro virus. Infects Microsoft Excel 95 files INFIX These designations usually appear in the middle of a virus name. AVERT assigns these designations,which will differ from industry conventions. .CMP. Companion file. This designates a companion file that the virus adds to an existing executable file. McAfee software deletes the companion file to prevent later infections. .MP. Multi-partite virus. A McAfee designation. .OW. Overwriting. This identifies a virus that overwrites data in a file, thereby irreparably corrupting it. This file must be deleted. SUFFIX These designations usually appear as the last part of a virus name. A virus name can have more than one suffix. One might designate a variant, for example, while others give additional information. AVERT assigns many of these designations, which can differ from industry conventions. @MM Mass mailing distribution. This virus might use standard techniques to propagate itself, but will also, or in some cases primarily, use an e-mail system to spread. .A to .ZZZ Virus variant designation. .APP Appended viruses. This designates a virus that appends its code to the file it infects, but fails to provide for correct replication. McAfee software detects these files in order to prevent false virus identifications. .CAV Cavity virus. This designates a virus that copies itself into "cavities" (areas of all zeroes) in a program file. .CLI Client-side component of an Internet Trojan-horse program. .DAM Damaged file. This designates afile damaged or corrupted by aninfection .DR Dropper file. This file introduces the virus into the host program .GEN Generic detection. Native routines in McAfee software detect this virus without using specific code strings .GR Generic detection and removal. Native routines in McAfee software detect and remove this virus without using specific code strings .INTD "Intended" virus. This designates a virus that has most of the usual virus characteristics, but cannot replicate correctly. McAfee anti-virus software will detect it in order to prevent false identifications of active viruses .SFX Self-extracting installation utility for Trojan horse programs .SRC Viral source code. This ordinarily cannot replicate or infect files, but some virus droppers add this to files as part of the infection cycle. McAfee products routinely flag files with additional code of this sort for deletion .SVR Server-side component of an Internet Trojan-horse program. GENERIC DETECTIONS When a scanner reports W97M/Generic@MM or X97M/Generic@MM driver it means the engine (4070 or later only) has detected heuristically a highly suspicious VBA macro that is likely to be a mass-mailing virus. The cleaning for such viruses is also available but should be done with extra caution - users are advised to keep a copy of a file before cleaning and submit a sample to AVERT. _______________________________________________ DOCUMENTATION This product includes a documentation set that consists of manuals saved in Adobe Acrobat Portable Document (.PDF) and an online Help system). Electronic copies of all product manuals are included on the product CD, or ar available with a valid grant number on the McAfee download site: www.mcafeeb2b.com/naicommon/download/upgrade/login.asp A free copy of the latest version of Acrobat Reader comes with the product CD, or you can download any version from the Adobe web site: www.adobe.com/prodindex/acrobat/readstep.html This product includes the following documentation set: Product Guide. this guide introduces the product and tells you how to install it. It documents product features, provides detailed instructions for configuring the software, and includes information on deployment as well as recurring tasks and operating procedures. It also provides a roadmap for getting additional information or help. An Adobe acrobat .PDF version of this guide stored on the product CD. You can also download a copy in .PDF format from the mcAfee download site. Online Help system. Online Help, accessed from within the software application, gives you quick access to hints and tips about using your software. Help includes page-level context Help with links to more detailed and related information. Help also includes an overview of product features and step-by-step procedures for product features. A LICENSE Agreement. This outlines the terms under which you may use the product. Read it carefully. If you install the product, you agree to the license terms. This UPDATE file. _______________________________________________ CONTACTING MCAFEE SECURITY & NETWORK ASSOCIATES Technical Support Home Page http://www.networkassociates.com/us/support/ KnowledgeBase Search https://knowledgemap.nai.com/phpclient/homepage.aspx PrimeSupport Service Portal http://mysupport.nai.com Login credentials required. McAfee Security Beta Program Beta Web Site http://www.networkassociates.com/us/downloads/beta/ E-mail avbeta@nai.com Security Headquarters -- AVERT (Anti-Virus Emergency Response Team) Home Page http://www.networkassociates.com/us/security/home.asp Virus Information Library http://vil.nai.com Submit a Virus Sample ñ AVERT WebImmune https://www.webimmune.net/default.asp AVERT DAT Notification Service http://vil.nai.com/vil/join-DAT-list.asp Download Site Home Page http://www.networkassociates.com/us/downloads/ DAT File and Engine Updates http://www.networkassociates.com/us/downloads/updates/ ftp://ftp.nai.com/pub/antivirus/datfiles/4.x Product Upgrades https://secure.nai.com/us/forms/downloads/upgrades/login.asp Valid grant number required. Contact Network Associates Customer Service Training McAfee Security University http://www.networkassociates.com/us/services/education/mcafee/university.htm Network Associates Customer Service US, Canada, and Latin America toll-free: Phone: +1-888-VIRUS NO or +1-888-847-8766?Monday - Friday, 8 a.m. - 8 p.m., Central Time E-mail: services_corporate_division@nai.com Web: http://www.nai.com/us/index.asp?http://www.networkassociates.com/us/index.asp For additional information on contacting Network Associates and McAfee Security ñ including toll-free numbers for other geographic areas -- see the CONTACT file that accompanied your original product release. __________________________________________________________ COPYRIGHT, TRADEMARK ATTRIBUTIONS & PATENTS Copyright (C) 2003 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 5000 Headquarters Drive, Plano, Texas 75024, or call +1-972- 963-8000. TRADEMARKS Active Firewall, Active Security, Active Security (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and design, Appera, AVERT, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, ClickNet, CNX, CNX Certification Certified Network Expert and design, Covert, Design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomonís, Dr Solomonís label, E and Design, Entercept, Enterprise SecureCast, Enterprise SecureCast (in Katakana), ePolicy Orchestrator, Event Orchestrator (in Katakana), EZ SetUp, First Aid, ForceField, GMT, GroupShield, GroupShield (in Katakana), Guard Dog, HelpDesk, HelpDesk IQ, HomeGuard, Hunter, Impermia, InfiniStream, Intrusion Prevention Through Innovation, IntruShield, IntruVert Networks, LANGuru, LANGuru (in Katakana), M and design, Magic Solutions, Magic Solutions (in Katakana), Magic University, MagicSpy, MagicTree, McAfee, McAfee (in Katakana), McAfee and design, McAfee.com, MultiMedia Cloaking, NA Network Associates, Net Tools, Net Tools (in Katakana), NetAsyst, NetCrypto, NetOctopus, NetScan, NetShield, NetStalker, Network Associates, Network Performance Orchestrator, NetXray, NotesGuard, nPO, Nuts & Bolts, Oil Change, PC Medic, PCNotary, PortalShield, Powered by SpamAssassin, PrimeSupport, Recoverkey, Recoverkey ñ International, Registry Wizard, Remote Desktop, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, SecureSelect, SecurityShield, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul), SpamKiller, SpamAssassin, Stalker, SupportMagic, ThreatScan, TIS, TMEG, Total Network Security, Total Network Visibility, Total Network Visibility (in Katakana), Total Service Desk, Total Virus Defense, Trusted Mail, UnInstaller, VIDS, Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker, WebWall, What's The State Of Your IDS?, Whoís Watching Your Network, WinGauge, Your E-Business Defender, ZAC 2000, Zip Manager are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. Sniffer(R) brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO NETWORK ASSOCIATES, INC. OR THE PLACE OF PURCHASE FOR A FULL REFUND. Attributions This product includes or may include: - Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - Cryptographic software written by Eric Young and software written by Tim J. Hudson. - Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that Network Associates provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. - Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. - Software originally written by Robert Nordier, Copyright (C) 1996-7 Robert Nordier. All rights reserved. - Software written by Douglas W. Sauder. - Software developed by the Apache Software Foundation (http://www.apache.org/). - International Components for Unicode ("ICU") Copyright (C) 1995-2002 International Business Machines Corporation and others. All rights reserved. - Software developed by CrystalClear Software, Inc., Copyright (C) 2000 CrystalClear Software, Inc. - FEAD(R) Optimizer(R) technology, Copyright Netopsystems AG, Berlin, Germany. Outside In(R) Viewer Technology (C) 1992-2001 Stellent Chicago, Inc. and/or Outside In(R) HTML Export, (C) 2001 Stellent Chicago, Inc. Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000. Software copyrighted by Expat maintainers. Software copyrighted by The Regents of the University of California, (C) 1989. Software copyrighted by Gunnar Ritter. Software copyrighted by Sun Microsystems(C), Inc. Software copyrighted by Gisle Aas. All rights reserved, (C) 1995-2003. Software copyrighted by Michael A. Chase, (C) 1999-2000. Software copyrighted by Neil Winton, (C) 1995-1996. Software copyrighted by RSA Data Security, Inc., (C) 1990-1992. Software copyrighted by Sean M. Burke, (C) 1999, 2000. Software copyrighted by Martijn Koster, (C) 1995. Software copyrighted by Brad Appleton, (C) 1996-1999. Software copyrighted by Michael G. Schwern, (C) 2001. Software copyrighted by Graham Barr, (C) 1998. Software copyrighted by Larry Wall and Clark Cooper, (C) 1998-2000. Software copyrighted by Frodo Looijaard, (C) 1997.