Release Notes for McAfee VirusScan Command Line Version 4.24.0 (c) 1992-2003 Networks Associates Technology, Inc. All Rights Reserved =============================================== Product Release February 24, 2003 - DAT Version: 4244 - Engine Version: 4240 =============================================== Thank you for using VirusScan software. This file contains important information regarding this release. We strongly recommend that you read the entire document. This release of the VirusScan Command Line software functions ONLY with 4244 and later DATs. You CANNOT use this software with earlier DAT versions. The 16-bit scanner (SCAN86.EXE) included in this package remains at the 4140 release. The extra architecture available in the 32-bit engine (SCAN.EXE) is necessary to detect and clean newer viruses. This is not possible using a 16-bit architecture. _______________________________________________ WHAT'S IN THIS FILE - About the Software - New Features - System Requirements - Installation - Copying VirusScan Command Line Files to Your Hard Disk - Primary Program Files - Testing Your Installation - Removing the Software - Known Issues - Documentation - Contacting McAfee and Network Associates - Copyright and Trademark Attributions - Trademarks - License Agreement _______________________________________________ ABOUT THE SOFTWARE The VirusScan Command Line software consists of a main executable file, SCAN.EXE, and two modular files, SCANPM.EXE and SCAN86.EXE, which allow the software to adapt to the environment in which you run it. To start the VirusScan Command Line software, you need only run SCAN.EXE, together with any options you want to use to configure your scan. As it starts, SCAN.EXE examines your environment and then uses the appropriate files. _______________________________________________ NEW FEATURES The command-line scanner includes these enhancements and new features. - Additional virus detection and cleaning capabilities. - Enhanced denial-of-service protection. - Improved scanning performance for files in remote storage. Optimal scanning performance for Hierarchical Storage Management systems can now be configured, with two new options: /OCRS and /OCMAX. When scanned (using /DOHSM), files in HSM systems normally return to local storage. A new option, /NORECALL prevents this effect. For more information about the new options, see the Product Guide. - Improved scanning performance for large archive files. The scanning performance on large archive files can now be greatly improved by the use of a configurable 'archive file cache'. For more information about the /AFC option, see the Product Guide. - Optional scanning of protected files. The scanner normally examines files which the system protects from access, such as other users’ profiles and their recycle bins. A new option, /NOBKSEM restricts access to such files. For more information, see the Product Guide. - Support for text-based mailboxes A new option, /MAILBOX when used with the /MIME option enables scanning of text-based mailboxes such as PINE and Netscape. For more information about the /MAILBOX option, see the Product Guide. _______________________________________________ SYSTEM REQUIREMENTS The software runs on these operating systems: DOS 6.22 Windows 95/98 Windows ME Windows NT 4 Windows 2000 Windows XP _______________________________________________ INSTALLATION COPYING VIRUSSCAN COMMAND LINE FILES TO YOUR HARD DISK To copy the files to your hard disk: 1. Make a directory for the VirusScan software on your hard disk. 2. Copy the VirusScan Command Line files to that directory. 3. Use any DOS text editor to open your AUTOEXEC.BAT file, then add the directory you just created to the path statement in that file. To learn how to edit your AUTOEXEC.BAT file, consult your DOS documentation. PRIMARY PROGRAM FILES Files located in the installation directory: SCAN.EXE VirusScan Command-Line program for 32-bit environments SCANPM.EXE VirusScan Command Line program for protected-mode environments SCAN86.EXE VirusScan Command-Line program for 16-bit environments BOOTSCAN.EXE Scanner for boot disk MCTOOL.EXE Scanning support file MCSCAN32.DLL 32-bit scanning engine AVPARAM.DLL VirusScan support file RWABS16.DLL VirusScan 16-bit support file RWABS32.DLL VirusScan 32-bit support file SCAN.DAT Virus detection data NAMES.DAT Virus names definition data CLEAN.DAT Virus clean definition data EMSCAN.DAT Virus definition data for boot disk scanner EMNAMES.DAT Virus definition data for boot disk scanner EMCLEAN.DAT Virus definition data for boot disk scanner LICENSE.DAT License information for use by VirusScan Command Line MESSAGES.DAT Message contents file for use with VirusScan Command Line E4240WPG.PDF Product Guide README.TXT This document CONTACT.TXT List of contact addresses LICENSE.TXT License document SIGNLIC.TXT Third-party license information VALIDATE.EXE File checksum tool PACKING.LST List of file validation codes TESTING YOUR INSTALLATION You can test the operation of the software by running the EICAR Standard AntiVirus Test File on any computer where you have installed the software. The EICAR Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus installations. To test your installation: 1. Copy the following line into its own file, then save the file with the name EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* The file size will be 68 or 70 bytes. 2. Start your anti-virus software and allow it to scan the directory that contains EICAR.COM. When your software scans this file, it will report finding the EICAR test file. 3. Delete the file when you have finished testing your installation to avoid alarming unsuspecting users. IMPORTANT: Please note that this file is NOT A VIRUS. REMOVING THE SOFTWARE Change to the VirusScan Command Line program directory, then delete all VirusScan files from your hard disk. A list of files installed for the VirusScan Command Line software appears earlier in this file. _______________________________________________ KNOWN ISSUES 1. The anti-virus scanning engine includes Trojan horse file detection that allows it to shut down harmful Trojan horse processes and remove all traces of the harmful software from your computer. To enable support for this function on Windows NT systems, you must also have two separate dynamic link library (.DLL) files, PSAPI.DLL and VDMDBG.DLL, installed in the \WINNT\System32 folder on your system. VDMDBG.DLL should already be on your system, however on some NT 4.0 installations it is possible that PSAPI.DLL may not exist. If PSAPI.DLL is not in your \WINNT\System32 folder, you should obtain a copy from Microsoft. NOTE: The PSAPI.DLL should never be copied onto a system which already has PSAPI.DLL installed. 2. The /PLAD option enables the engine to reset the last-access date of files that reside on NetWare servers, so as not to disrupt the working of backup software. The /PLAD option does not work in some situations when using the 32-bit DLL, MCSCAN32.DLL under Windows 95/98, Windows NT and Windows 2000. When files on a NetWare 4.x server are scanned from a workstation using the /PLAD option, the file dates are sometimes not reset. This is due to a timing issue, which is being investigated. 3. Some mail clients (such as PINE, Netscape, Eudora, and Pegasus Mail) use a file structure similar to concatenated MIME as their mailbox format. Scanning these mailboxes with MIME detection enabled may produce unexpected errors (such as scanner reports files could not be opened). To avoid this, we recommend that either these files are excluded from scans, or the /MAILBOX switch is used in conjunction with /MIME. _______________________________________________ DOCUMENTATION This product includes a documentation set that consists of manuals saved in Adobe Acrobat Portable Document Format (.PDF) and an online Help system. Electronic copies of all product manuals are included on the product CD, or are available with a valid grant number on the McAfee download site: www.mcafeeb2b.com/naicommon/download/upgrade/login.asp A free copy of the latest version of Acrobat Reader comes with the product CD, or you can download any version from the Adobe web site: www.adobe.com/prodindex/acrobat/readstep.html This product includes the following documentation set: 1. Product Guide. This guide introduces the product, documents product features, provides detailed instructions for configuring the software, and includes information on deployment and recurring tasks and operating procedures. An Adobe Acrobat .PDF version of this guide is stored on the product CD. You can also download a copy in .PDF format from the McAfee download site. 2. Online Help system. Online Help, accessed from within the software application, briefly describes the common options. 3. A LICENSE Agreement. This outlines the terms under which you may use the product. Read it carefully. If you install the product, you agree to the license terms. 4. This README file. 5. A CONTACT file. This file provides a list of phone numbers, street addresses, web addresses, and fax numbers for Network Associates offices in the United States and around the world. It also includes contact information for services, such as technical support, customer service, onsite training, the beta program, and AVERT Anti-Virus Emergency Response Team. _______________________________________________ CONTACTING MCAFEE AND NETWORK ASSOCIATES Technical Support http://knowledge.nai.com McAfee Beta Program Beta Web Site www.mcafeeb2b.com/beta/ E-mail avbeta@nai.com AVERT Anti-Virus Emergency Response Team www.mcafeeb2b.com/naicommon/avert/default.asp Download Site www.mcafeeb2b.com/naicommon/download/ ftp://ftp.nai.com/pub/antivirus/datfiles/4.x DAT File Updates www.mcafeeb2b.com/naicommon/download/dats/find.asp Product Upgrades www.mcafeeb2b.com/naicommon/download/upgrade/login.asp Valid grant number required. Contact Network Associates Customer Service On-Site Training Information www.mcafeeb2b.com/services/mcafee-training/default.asp Network Associates Customer Service US, Canada, and Latin America toll-free: Phone: +1-888-VIRUS NO or +1-888-847-8766 Monday - Friday, 8 a.m. - 8 p.m., Central Time E-mail: services_corporate_division@nai.com Web: www.nai.com www.mcafeeb2b.com For additional information on contacting Network Associates and McAfee – including toll-free numbers for other geographic areas – see the CONTACT file. _______________________________________________ COPYRIGHT AND TRADEMARK ATTRIBUTIONS (c) 2003 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 3965 Freedom Circle, Santa Clara, California 95054, or call +1-972-308-9960. TRADEMARKS Active Firewall, Active Security, Active Security (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and design, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, CNX, CNX Certification Certified Network Expert and design, Design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomon’s, Dr Solomon’s label, Enterprise SecureCast, Enterprise SecureCast (in Katakana), Event Orchestrator, EZ SetUp, First Aid, ForceField, GMT, GroupShield, GroupShield (in Katakana), Guard Dog, HelpDesk, HomeGuard, Hunter, LANGuru, LANGuru (in Katakana), M and design, Magic Solutions, Magic Solutions (in Katakana), Magic University, MagicSpy, MagicTree, McAfee, McAfee (in Katakana), McAfee and design, McAfee.com, MultiMedia Cloaking, Net Tools, Net Tools (in Katakana), NetCrypto, NetScan, NetShield, NetStalker, Network Associates, NetXray, NotesGuard, Nuts & Bolts, Oil Change, PC Medic, PCNotary, PrimeSupport, Recoverkey, Recoverkey - International, Registry Wizard, ReportMagic, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul), Stalker, SupportMagic, TIS, TMEG, Total Network Security, Total Network Visibility, Total Network Visibility (in Katakana), Total Service Desk, Total Virus Defense, Trusted Mail, UnInstaller, Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker, WebWall, Who’s Watching Your Network, WinGauge, Your E-Business Defender, ZAC 2000, Zip Manager are registered trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. This product includes or may include software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) This product includes or may include cryptographic software written by Eric Young. (eay@cryptsoft.com) LICENSE AGREEMENT NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO NETWORK ASSOCIATES, INC. OR THE PLACE OF PURCHASE FOR A FULL REFUND.