What's New in McAfee VirusScan Command Line v3.0.0 (3000) for Windows NT Copyright 1994-1997 by McAfee, Inc. All Rights Reserved. Thank you for using McAfee's VirusScan Command Line for Windows NT. This What's New file contains important information regarding the current version of this product. It is highly recommended that you read the entire document. McAfee welcomes your comments and suggestions. Please use the information provided in this file to contact us. ___________________ WHAT'S IN THIS FILE - New Features - Known Issues - Installation - Documentation - Frequently Asked Questions - Contact McAfee ____________ NEW FEATURES 1. VirusScan command-line for Windows NT now provides the exceptional virus detection rates and fast scanning performance of the 3.0 engine series. VirusScan 3.0 offers users maximum defense against the newest threats to data. VirusScan 3.0 detects all virus types including Word and Excel macros, boot-sector infections, file, multi-partite, stealth, polymorphic and encrypted viruses. 2. VirusScan now supports centralized alerting and reporting to a remote NetWare or Windows NT server. Using NetShield for NetWare v2.3.3 or later or NetShield for Windows NT v2.5.3 or later, client alerts and reports can be redistributed or compiled at the central server location for ease of management. 3. New /CLEANDOCALL feature cleans all macros from infected Microsoft Word documents. * ENHANCEMENTS * 1. Significantly increased Master Boot Record and Boot Sector virus detection and removal. 2. New and improved polymorphic detection. 3. VirusScan now detects and removes the LAROUX Excel macro virus. 4. VirusScan supports Microsoft Office97. * NEW VIRUSES DETECTED * This DAT file (3000) detects and removes an additional 2000 viruses. The Macro viruses listed below are detected and removed with this DAT file. New Word Macro viruses detected and removed: ABC.A ALIEN (.A-.B) ALLIANCE.A ANTICONCEPT.A APPDER.A ATOM (.A-.H) BADBOY (.A-.B) BALU.A BANDUNG (.A-.J) BIRTHDAY.A BOOM.A BEURO.A CEEFOUR.A CHAOS.A CLOCK (.A-.D) COLORS (.A-.J) CONCEPT (.A-.N, .P, .S-.Z) COUNT10 (.A-.B) DANIEL (.A-.C) DARK.A DATE.A DIETZEL.A DIVINA (.A-.D) DMV (.A-.B) DOGGIE.A DZT.A EASY.A EPIDEMIC.A FORMATC TROJAN FRIDAY.A FRIENDLY.A FURY.A GANGSTERZ.A GOLDFISH.A HASSLE.A HELLGATE.A HELPER.A HOT.A HYBRID.A IMPOSTER (.A-.B) IRISH (.A-.C) ITALIAN.A JOHNNY (.A-.B) KILLDLL.A KILLPROT.A KOMPU.A LAROUX LOOK (.A-.C) LUNCH (.A-.B) MADDOG (.A-.B) MAGNUM.A MDMA (.A-.E, .G) MINIMAL (.A-.B) MVDK1 (Macro Virus Development Kits; .A-.B) NF.A NICEDAY (.A-.B) NIKI.A NIKITA.A NJ-CVK2 (Another Development Kit; .A-.B) NJ-DLK1A (.A-.D) NOMVIR (.A-.B) NOP (.A,.B,.D) NPAD (.A-.O) NUCLEAR (.A-.E) OLYMPIC (.A-.B) OUTLAW (.A-.C) PAPER.A PHANTOM.A PHARDERA (.A-.B) POLITE.A RAPI (.A-.H, .A1, .A2, .B1, .B2, ...) RATS (.A-.C) REFLEX.A SATANIC.A SAVER.A SHOWOFF (.A-.E) SMILEY (.A-.B) SPOOKY.A STRYX.A SWITCHES TROJAN TARGET.B TEDIOUS.A TELE.A THEATRE (.A-.C) TWISTER.A TWNO (.A-.F, .H) TWOLINES.A WAZZU (over 40) WEATHER (.A-.C) WIEDEROFFEN TROJAN XENIXOS (.A-.B) New Excel viruses detected: DELTA (.A-.B) DMV.A LAROUX (.A-.B) LEGEND.A ROBOCOP.A SOFA.A YOHIMBE.A ____________ KNOWN ISSUES 1. The new 3000 series DATs contained in VirusScan v3.0.0 are not backward compatible with previous VirusScan versions. The 3000 DATs should not be used with VirusScan v2.x products. 2. When VirusScan scans PAGEFILE.SYS, the system beeps and an Access Denied message is displayed. 3. VirusScan is not able to access the boot sectors and the Master Boot Record unless you have administrative rights. To scan the boot sectors and the Master Boot Record, log in as a user with administrative rights. You may need the DOS version of VirusScan if your system has a boot sector virus. ____________ INSTALLATION * PRIMARY PROGRAM FILES FOR VIRUSSCAN COMMAND LINE * Files located in the Install directory: ======================================= NTSCAN.EXE = VirusScan for Windows NT Command Line program README.1ST = McAfee information SCAN.DAT = Virus scan definition data NAMES.DAT = Virus names definition data CLEAN.DAT = Virus clean definition data SCAN.EXE = MS-DOS scan program VALIDATE.EXE = McAfee file validation program WHATSNEW.TXT = What's New document PACKING.LST = Packing list AGENTS.TXT = McAfee authorized agents * INSTALLING THE PRODUCT * To install, create a directory and copy the files to it. * TESTING YOUR INSTALLATION * The Eicar Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to come up with one standard by which customers can verify their anti-virus installations. To test your installation, copy the following line into its own file and name it EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* When done, you will have a 69- or 70-byte file. When VirusScan is applied to this file, Scan will report finding the EICAR-STANDARD-AV-TEST-FILE virus. It is important to know that THIS IS NOT A VIRUS. However, users often have the need to test that their installations function correctly. The anti-virus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need. Please delete the file when installation testing is completed so unsuspecting users are not unnecessarily alarmed. _____________ DOCUMENTATION For more information, refer to the DOS section of the VirusScan User's Guide, included on the CD-ROM versions of this program or available from McAfee's BBS and FTP site. This file is in Adobe Acrobat Portable Document Format (.PDF) and can be viewed using Adobe Acrobat Reader. This form of electronic documentation includes hypertext links and easy navigation to assist you in finding answers to questions about your McAfee product. Adobe Acrobat Reader is available on CD-ROM in the ACROREAD subdirectory. Adobe Acrobat Reader also can be downloaded from the World Wide Web at: http://www.adobe.com/Acrobat/readstep.html VirusScan documentation can be downloaded from McAfee's BBS or the World Wide Web at: http://www.McAfee.com or http://205.227.129.97 __________________________ FREQUENTLY ASKED QUESTIONS Regularly updated lists of frequently asked questions about McAfee products also are available on McAfee's BBS, website, and CompuServe and AOL forums. Q: How do I enable McAfee's Centralized Alerting and Reporting option? A: VirusScan now supports Centralized Alerting and Reporting to a remote NetWare or Windows NT server running NetShield for Windows NT v2.5.3 and higher or NetShield for NetWare v2.3.3 and higher. To set up this option on your VirusScan client, use the /ALERTPATH option, where the is the path to the remote NetWare volume or NT directory. From this directory, NetShield can broadcast or compile the alerts and reports according to its established configuration. NOTE: The client must have write access to this location and the directory must contain the NetShield-supplied CENTALRT.TXT file. The alert file sent to the server is an .alr text file. Upon receipt of the alert file, NetShield NT or NetShield for NetWare sends an alert message to an administrator and/or appropriate personnel. Q: What is VirusScan Command Line for Windows NT (NTSCAN)? A: VirusScan Command Line for Windows NT is a command line scanner that was ported from our DOS VirusScan product. It uses the same command line options as the DOS product. Q: Is this the only command line-based NT scanning product? A: Yes and no. VirusScan Command Line for Windows NT is the only command line program, but the SCAN32 program that is included with NetShield and the VirusScan for NT products will accomplish the same goal using a custom VirusScan Configuration (VSC) file instead of command line parameters. Because SCAN32 is not offered as a stand-alone product, we maintain VirusScan Command Line for Windows NT. Q: How do I use VirusScan Command Line for Windows NT? A: You use VirusScan Command Line for Windows NT similar to the way you use VirusScan for DOS or OS/2. While in NT, open a DOS command line session and run NTSCAN / / /. The product documentation contains information about the different command line parameters. Q: What if my DOS session is infected? How can I boot clean? A:#l If the file on your computer is file allocation table (FAT) based, boot with a DOS system disk, then scan all the files. A:#2 If your system is NT file system (NTFS) based, take these steps: a. If your command shell is not infected (CMD.EXE), then open a new DOS session. Run SCAN. Because all DOS sessions share the same file area but different protected memory locations, this is a clean boot. b. If the command shell is infected, take one of the following steps: (1) Use Control Panel to change your system command shell to COMMAND.COM, or (2) Use File Manager to copy a new uninfected copy of CMD.EXE to the machine and delete the infected copy. Q: Can I use the same data files to update VirusScan Command Line for Windows NT as I would use to update VirusScan for DOS? A: Yes. VirusScan for Windows NT and VirusScan for DOS use the same virus definition files for scanning. If you have Internet access, you can download updated McAfee data files from the McAfee Web Site, BBS, or other online resources. To download from the McAfee Web Site, follow these steps: 1. Go to the McAfee Web Site (http://www.mcafee.com or 205.227.129.97). 2. Select Update DAT File in the left hand column or frame. 3. Scroll down, and click Update Your DAT Files to update your virus definition files. 4. Data file updates are stored in a compressed form to reduce transmission time. Unzip the files into a temporary directory, then copy the files to the appropriate directory, replacing your old files. 5. Before performing any scans, shut down your computer, wait a few seconds, and turn it on again. If you need additional assistance with downloading, contact McAfee Download Support at (408) 988-3832. or http://205.227.129.97). ______________ CONTACT McAFEE * FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS * Contact McAfee's Customer Care department: 1. Call (408) 988-3832 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time 2. Fax: (408) 970-9727 24-hour, Group III Fax 3. Fax-back automated response system: (408) 988-3034 24-hour fax Send correspondence to any of the following McAfee locations: McAfee Corporate Headquarters 2710 Walsh Avenue Santa Clara, CA 95051-0963 McAfee East Coast Office Jerral Center West 766 Shrewsbury Avenue Tinton Falls, NJ 07724-3298 McAfee Central Office 4099 McEwen Suites 500 and 700 Dallas, TX 75244 McAfee Canada 139 Main Street Suite 201 Unionville, Ontario Canada L3R2G6 McAfee Europe B.V. Gatwickstraat 25 1043 DL Amsterdam The Netherlands McAfee (UK) Ltd. Hayley House, London Road Bracknell, Berkshire RG12 2TH United Kingdom McAfee France S.A. 50 rue de Londres 75008 Paris France McAfee Deutschland GmbH Industriestrasse 1 D-82110 Germering Germany Or, you can receive online assistance through any of the following resources: 1. Bulletin Board System: (408) 988-4004 24-hour US Robotics HST DS 2. Internet e-mail: support@mcafee.com 3. Internet FTP: ftp.mcafee.com or 205.227.129.134 4. World Wide Web: http://www.mcafee.com or http://205.227.129.97 5. America Online: keyword MCAFEE 6. CompuServe: GO MCAFEE 7. The Microsoft Network: GO MCAFEE Before contacting McAfee, please make note of the following information. When sending correspondence, please include the same details. - Program name and version number - Type and brand of your computer, hard drive, and any peripherals - Network cards installed - Relevant browsers and version number, where applicable - Problem - Specific scenario where problem occurs - Conditions required to reproduce problem - Statement of whether problem is reproducible on demand - Your contact information: voice, fax, and e-mail Other general feedback is also appreciated. * FOR ON-SITE TRAINING INFORMATION * Contact McAfee Customer Service at (800) 338-8754. * FOR PRODUCT UPGRADES * To make it easier for you to receive and use McAfee's products, we have established an Agents program to provide service, sales, and support for our products worldwide. For a listing of agents, see the file AGENTS.TXT, where applicable, or contact McAfee Customer Service for agents near you. * MCAFEE BETA SITE * Get pre-release software, including DAT files, through http://beta.mcafee.com/public/datafiles. You will have access to Public Beta and External Test Areas. Your feedback CAN make a difference.