Instructions for using EXTRA.DAT in Emergency Outbreak Mode
or supplemental detection and removal
Instructions for using the extra dat with NAI AV
Products.
GroupShield Notes 4.02 and 4.5.
1. At the
Domino Server Console unload the following task:
GSScan
GSDScan
GSTmgr
By
typing in the following: tell
gsscan quit
tell
gsdscan quit
tell
gstmgr quit
2. Copy the
extra.dat into the location where GroupShield is installed
The
default location is: C:\Program Files\Network Associates\Groupshield
3. Restart the GroupShield Tasks by typing
in the following order at the Server Console:
Load
gstmgr
Load
gsscan
Load
gsdscan
With
Groupshield Exchange 4.5, it is possible to stop viruses by keying off the subject line or attachment file name. Below are example instructions for blocking VBS/Loveletter.worm.a by using Groupshield's new
attachment blocking feature:
Load
Exchange Admin and double-click on the Groupshield Exchange object under the
Server.
On the
'On-Access' tab, select 'Specified attachments' from the 'Attachment blocking'
box and then click on 'Select...'
In the
'Name Based Options' box, click on 'Block Filenames' and then 'Change'
Click
on Add and enter the filename: 'LOVE-LETTER-FOR-YOU.TXT.vbs'. Click OK, OK
again and OK one more time to return to the Groupshield menu.
Groupshield
Exchange will now block the vbs attachment and so prevent further infections.
This will work without the extra.dat.
Ensure
that you are using the latest dat files available.
Place
the extra.dat in the \Program files\Network Associates\Groupshield
Exchange\i386 folder if Groupshield is running on an Intel machine
Place
the extra.dat in \Program files\Network Associates\Groupshield
Exchange\Alpha if Groupshield is running on an Alpha machine.
Stop
and restart the Groupshield Exchange service from the Control Panel.
Groupshield
Exchange will now detect this virus and so prevent further infections.
WebShield SMTP
If you use WebShield SMTP version 4.5 you can also use
content filtering and blocking to disable access to viruses. Below are instructions on how to filter based on VBS/Loveletter.worm.a :
In WebShield
SMTP, you have the possibility of content filtering and blocking. You can scan
on the subject header, which in the case of this virus is always identical ( 'I
love you')
Procedure in
WebShield SMTP 4.5 is as follows:
Open
configurations console - go to content filter and enable content
filtering. Add description: loveletter
and check subject line. Filter on
word/phrase, enter 'I love you' without the brackets and select block message
when found.
VirusScan NT 4.0.x
Open
the control panel
Double click services
STOP Network Associates McShield
Copy the EXTRA.DAT File in the following location
<drive>:\Program Files\Network Associates\VirusScan NT\
Alternatively search the computer for the following files:
Scan.Dat
Clean.Dat
Names.Dat
Copy the Extra.Dat into this location.
Start the McShield service again.
Copy the extra.dat file into the VirusScan installation folder and reboot
the computer.
Copy the extra.dat file into the following folder:
<drive>:\Program Files\Common Files\Network Associates\VirusScan
Engine\4.0.xx\
Alternatively search the computer for the following files:
Scan.Dat
Clean.Dat
Names.Dat
Copy the Extra.Dat into this location.
Open
the control panel
Double click services
STOP Network Associates McShield service
Copy the EXTRA.DAT File in the following location:
<drive>:\Program Files\Common Files\Network Associates\VirusScan
Engine\4.0.xx\
Alternatively search the computer for the following files:
Scan.Dat
Clean.Dat
Names.Dat
Copy the Extra.Dat into this location.
NetShield NT 4.0.x
Open
the control panel
Double click services
STOP Network Associates McShield
Copy the EXTRA.DAT File in the following location
<drive>:\Program Files\Network Associates\VirusScan NT\
Alternatively search the computer for the following files:
Scan.Dat
Clean.Dat
Names.Dat
Copy the Extra.Dat into this location.
Start the McShield service again.
Open
the control panel
Double click services
STOP Network Associates McShield service
Copy the EXTRA.DAT File in the following location:
<drive>:\Program Files\Common Files\Network Associates\VirusScan
Engine\4.0.xx\
Alternatively search the computer for the following files:
Scan.Dat
Clean.Dat
Names.Dat
Copy the Extra.Dat into this location.