     
     
     
     
     Copyright 1994 McAfee, Inc. All rights reserved
                     Using NetShield 2.0
                              
                              
                              
                        Confidential
                              
                              
                              
                              
                              
                 Draft 4 - December 22, 1994
                              
                              
                              
                              
                              
                              
                              
                              
                              
                              
                              
                              
                              
       Copyright 1994 McAfee, Inc. All rights reserved
                              
     
     
     Copyright c 1993, 1994 by McAfee, Inc. All rights
     reserved. No part of this publication may be
     reproduced, transmitted, transcribed, stored in a
     retrieval system, or translated into any language in
     any form by any means without the written permission of
     McAfee, Inc., 2710 Walsh Avenue, Santa Clara, CA 95051-
     0963.
     
     McAfee is a registered trademark of McAfee, Inc.
     VirusScan, VShield, and NetShield are trademarks of
     McAfee, Inc. All other products or services mentioned
     in this document are identified by the trademarks or
     service marks of their respective companies or
     organizations.
     
Table of Contents



CHAPTER 1 WELCOME TO NETSHIELD                             
NETSHIELD TASKS                                            
SYSTEM REQUIREMENTS                                        
HOW TO USE THIS MANUAL                                     
CHAPTER 2 INSTALLATION AND SETUP                           
INSTALLATION STEPS                                         
NETSHIELD FILES AFTER INSTALLATION                         
LOADING NETSHIELD                                          
 USING LOAD OPTIONS                                       
 CUSTOMIZING THE AUTOEXEC.NCF FILE                       
 VIEWING NETSHIELD'S OPENING SCREEN                      
EXITING NETSHIELD                                         
UPDATING NETSHIELD REGULARLY                              
CHAPTER 3 USING NETSHIELD                                   
IF YOU DETECT A VIRUS                                     
CONFIGURATION RECOMMENDATIONS                             
RUNNING AN IMMEDIATE SCAN                                 
 SELECTING VOLUMES TO SCAN                               
 RUNNING AN IMMEDIATE SCAN                               
 INTERRUPTING A SCAN IN PROGRESS                         
CONFIGURING THE SCANNING MODE                             
 USING ON ACCESS SCANNING                                
 USING PERIODIC SCANNING                                 
CONFIGURING VIRUS DETECTION                               
 SETTING THE INFECTED FILE ACTION                        
 SETTING THE USER CONTACT ACTION                         
CONFIGURING NETSHIELD NLM                                
 SETTING CONFIGURATION FILE OPTIONS                      
 CONFIGURING EXCLUDED DIRECTORIES                        
 SETTING THE DELAY FACTOR                                
 SETTING CRC CONFIGURATION OPTIONS                       
 SETTING THE UNLOAD PASSWORD                             
CONFIGURING VIRUS REPORTING                              
 SETTING UP THE LOG FILE                                 
 SELECTING LOG FILE REPORTS                              
CONFIGURING NETWORK MONITORING                           
 ENTERING A PASSWORD                                     
 EDITING THE NETWORK SECURITY CONFIGURATION              
 SETTING UP THE LOG FILE                                 
 SAVING THE CURRENT CONFIGURATION                        
 RESTORING A CONFIGURATION FROM A FILE                   
 ENABLING NETWORK SECURITY                               


Chapter 1 Welcome to NetShield
     
     Thank you for purchasing McAfee Associates' NetShield
     software, a powerful and advanced system designed to detect
     computer viruses on a NetWare server. NetShield watches as
     network users, the most likely source of infected files,
     copy files to the network.
     
     NetShield is a NetWare Loadable Module (NLM). This allows it
     to integrate easily into your NetWare environment and
     function independently of any workstation, guaranteeing that
     your network is always protected.
     
NetShield Tasks
     
     It is important that you install and configure NetShield
     correctly for your particular network. As you set up
     NetShield, you'll complete the tasks necessary to maintain a
     virus-free network. Use this task list as a "roadmap" for
     applying the information in this reference to your network.
     
     Task 1: Installation. You'll install NetShield on every
     server at your site. Run the installation application from a
     workstation on your network. The NetShield NLM will be
     copied to your SYS:SYSTEM directory, and your server will be
     configured to load NetShield automatically whenever you
     restart it. Refer to Chapter 2, "Installation and Setup,"
     for details.
     
      NOTE: If you use a bootable floppy diskette to start
      your server, make sure that the boot diskette is clean of
      any viruses. The documentation for VirusScan, a McAfee
      virus scanning product that can be used on a workstation,
      describes a procedure for creating a clean bootable
      diskette.
     
     Task 2: Configuration. Set NetShield to scan all files
     transferred to the server, using the "on-access" scanning
     settings. Also set it to run scans at regular intervals,
     using the "periodic" scanning settings. Turn CRC, Cyclic
     Redundancy Checking, on if you have a stable file
     environment. CRC checking verifies that numeric "check sums"
     stay consistent for files. If files are changed often, then
     an error in the check sums will be reported. Refer to
     "Configuration Recommendations" in Chapter 3, "Using
     NetShield," for details.
     
     Task 3: Scanning. Once you've configured NetShield, it will
     automatically scan in the background. The NetShield NLM will
     be running as long as your NetWare server is running.
     
     Task 4: Reporting. NetShield can inform you when a virus is
     found, both by broadcasting a network message to selected
     users and by recording the information in a log file. It can
     then move or delete the infected file. We recommend that you
     set up NetShield to log infections in a file, notify the
     network supervisor, and move infected files into a
     "quarantine" directory for later inspection. Refer to
     "Configuring Virus Reporting" in Chapter 3, "Using
     NetShield," for details.
     
     Task 5: Updating. As new viruses are found, McAfee
     Associates will release new virus signature files for you to
     install. When you receive an update, or download one from
     the McAfee BBS, update one server and enable cross-server
     updating so that the new list is copied to the other servers
     over the network.
     
     Task 6: Virus elimination. Once you've identified and
     isolated an infected file, eliminate the virus using other
     McAfee products such as VirusScan and VShield. Scan does
     periodic scanning of a single PC and removes viruses from a
     single PC, while VShield does on-access scanning of a single
     PC.
     
System Requirements
     
     The NetShield program requires a Novell NetWare 386 v3.11,
     3.12, SFT III 3.11 or 4.01 file server with at least 718Kb
     of free server RAM. It should utilize no more than 10% of
     server CPU time.
     
     NetShield is not compatible with version 3.10 of Novell
     NetWare386.
     
     You'll need a high-density 3.5-inch diskette drive to use
     the NetShield diskette in this package. Contact McAfee
     Associates for other media, or download the software from
     the McAfee bulletin board system. Refer to your Technical
     Support Information Card for instructions.
     
How to Use this Manual
     
     This manual will help you get NetShield running quickly and
     properly.
     
     o  Chapter 1, "Welcome to NetShield," describes the
        NetShield program, general tasks for using NetShield, and
        system requirements.
     
     o  Chapter 2, "Installation and Setup," describes how to
        install, load, and maintain your NetShield software.
     
     o  Chapter 3, "Using NetShield," contains reference
        information laid out in a format that matches the
        NetShield menus. If you need help navigating the menus,
        look for the guides at the start of each of these chapters.
     

Chapter 2 Installation and Setup

     
     [THIS CHAPTER WILL CHANGE WHEN THE INSTALLATION PROCEDURE IS
     FINALIZED.]
     
     The NetShield Install program is straightforward and simple
     to use. You run it from a workstation logged into your
     server. It copies the NetShield NLM files to the local drive
     of the workstation, then moves the required files to your
     server. Finally, it modifies the AUTOEXEC.NCF file to load
     NetShield upon server startup. This chapter describes these
     tasks in detail.
     
Installation Steps
     
     Be sure to run the Install program from a workstation that
     is connected to your network so that NetShield can copy the
     files onto your network drive. You must be logged in with
     create and delete rights to the target server volume.
     
     NOTE: If you are upgrading from an earlier version of
     NetShield, be sure to back up the files in your NetShield
     directory before proceeding.
     
     1.  Insert the NetShield program diskette in drive A.
     
     2.  Change to the A: drive by typing:
     
          C> a:
          
     3.  Start the Install program by typing:
     
          A> install
          
     4.  The Install program loads and prompts you to supply the
         following information:
     
       o  Where to store NetShield. The default is the
          C:\MCAFEE\NETSHLD directory. The NetShield NLM and a
          default configuration file, VIR$CFG.DAT, will be moved
          from there to the network during installation.
       
       o  Where to run NetShield. The default is the SYS:\SYSTEM
          directory on your server. You can change this, but
          remember that NetShield must reside on a network drive
          if you want it to load automatically whenever the
          server is started.
       
      NOTE: We recommend that you choose the default locations
      for files. Unless otherwise specified, NetShield creates,
      loads, and saves configuration files, log files, and
      reports in the directory where the NETSHLD.NLM file is
      located.
     
     The Install program may ask you for additional information.
     If at any time you wish to abandon installation, press
     ESCAPE and you will return to the DOS prompt.
     
     During installation, if the Install program finds any older
     NetShield files already installed, it will ask whether to
     update them.
     
NetShield Files After Installation

     The Install program automatically copies the NetShield NLM
     program file, data files, various informative text files,
     and the Validate program onto your network. Once you have
     installed NetShield, verify that the following files reside
     in the same directory as the NetShield NLM (the default
     location is SYS:\SYSTEM):
     
     NetShield Files
     
     (Required)
     NETSHLD.NLM  NetWare loadable module.
     SCAN.DAT     Virus string data file required by NetShield.
     NAMES.DAT    Virus name data file required by NetShield.
     
     (Optional)
     AGENTS.TXT   List of McAfee authorized agents.
     COMPUSER.TXT Explains how to obtain a CompuServe membership.
     FILENAME.TXT Explains McAfee BBS file name conventions.
     LICENSE.TXT  Explains how to license NetShield.
     PACKING.LST  List of all files, including validation information.
     README.1ST   Late-breaking information and new instructions
                  not contained in this manual.
     REGISTER.TXT Explains how to register NetShield for your use.
     
     If you install NetShield onto NetWare version 3.12, you must
     also install the following NetWare files (which are supplied
     on the installation diskette) in the same directory as the
     NetShield NLM:
     
     A3112.NLM  AFTER311.NLM CLIB.NLM
     MATHLIB.NLMMATHLIBC.NLM NWSNUT.NLM
     
Loading NetShield

     Now that you have installed NetShield, you can load it using
     various stored settings. You can use the default NetShield
     settings, the settings stored in the standard configuration
     file (VIR$CFG.DAT), or those stored in a custom
     configuration file. NetShield creates VIR$CFG.DAT
     automatically when you load the program for the first time.
     
Using Load Options

     Load NetShield using one of the following options:
     
     o  To run NetShield with the default settings and no
        configuration file, use this command:
     
          LOAD NETSHLD
          
     o  To run NetShield with the default configuration file,
        VIR$CFG.DAT, from the SYS:SYSTEM directory, use this command:
     
          LOAD NETSHLD DEFAULT_CONFIG
          
     o  To run NetShield with a user-specified configuration file
        from the directory you specify, use the following command:
     
          LOAD NETSHLD [path \ filename]
          
          If the configuration file does not reside in the same
      directory as NetShield, you must specify the complete
      path, including the volume name. You can enter these
      commands at the NetWare server console prompt or the
      remote login prompt. Alternatively, you can have them
      execute automatically in the AUTOEXEC.NCF file.
     
Customizing the AUTOEXEC.NCF File

     You can customize the way NetShield loads by editing the
     LOAD command in the AUTOEXEC.NCF file. To edit this file,
     use the NetWare LOAD INSTALL command (for more information,
     refer to your Novell documentation). If you change this
     file, restart your server to run NetShield.
     
Viewing NetShield's Opening Screen

     When you first load NetShield, you will see a screen similar
     to the following example:
     
       NetShield Version 2.0
     NetWare Loadable Module
     
     
             McAfee Associates NetShield Virus Protection For
     File Server
                                       SERVER1
                                 Mon Sep 19, 1994
     
     
                                NetShield Main Menu Options
     
                                Immediate Scan
                                Configure Scanning Mode
                                Configure Virus Detection
                                Configure NetShield NLM
                                Configure Virus Reporting
                                Configure Network Monitoring
     
     Press F10 To View Scanning Statistics
     
     The Main menu is the highest-level menu in the hierarchy.
     The NetShield menu system uses conventional NetWare keys for
     menu navigation. You highlight, select, and exit menus as
     you would any NetWare utility, such as SYSCON. For general
     instructions about navigating NetWare menus, refer to your
     Novell documentation.
     
     You can press F10 at any time to display the Status window,
     which shows the current status of many of the NetShield
     configuration settings. The following example shows the
     initial NetShield default settings.
     
       NetShield Version 2.0
     NetWare Loadable Module
     
     
        Volume Scanning:         DISABLED           NetShield
     Delay Factor:  3
        On Access Scanning:      DISABLED           CPU
     Utilization:   0 percent
        Periodic Scanning:       DISABLED           Detection
     Action: Ignore
        Logging:                 DISABLED
        CRC Checking:            DISABLED           Mon Sep 19
     15:01:45 1994
        User Alarms:             DISABLED
        Console Messages:        DISABLED
        Network Monitoring:      DISABLED       Access Time
     Remaining   0 Minutes
     
        Volume Scanning Statistics
         Scanning:
         Detected:
        Periodic Scanning Statistics
         Scanning:
         Detected:
        On Access Scanning Statistics
         Inbound:
         Detected:
         Outbound:
         Detected:
     
     Press F10 To View Menus
     
     Press F10 again to return to the current menu. For more
     information about the features listed in NetShield's Status
     window, refer to Chapter 3, "Using NetShield."
     
Exiting NetShield
     
     You can unload NetShield from server memory to free up
     server resources. Exiting NetShield halts any current scans
     in process.
     
     To exit NetShield, press ESCAPE from the Main menu.
     NetShield displays a confirmation prompt. Press Y to confirm
     that you want to exit NetShield.
     
     Exiting NetShield in this manner has the same effect as
     entering the following command at the NetWare server console
     prompt:
     
          unload netshld
          
     Either way, if NetShield is configured with an unload
     password, you must supply the password to exit. For more
     information, refer to "Setting the Unload Password" in
     Chapter 3, "Using NetShield."
     
Updating NetShield Regularly
     
     Unfortunately, new viruses (and variants of old ones) appear
     and circulate often in the personal computer community.
     Fortunately, McAfee updates the NetShield data files
     regularly, usually monthly, but sooner if many new viruses
     have appeared. Each new version may detect as many as 60-100
     new viruses or more, and may add new features. For
     instructions on downloading McAfee updates, refer to your
     Technical Support Information Card. To find out what is new
     in a downloaded release, review the accompanying README.1ST
     text file.
     

Chapter 3 Using NetShield

     Once you have installed and loaded NetShield, you can begin
     using it to protect your network from viral infection. This
     chapter describes each feature in detail and shows you how
     to use NetShield most effectively in your network
     environment.
     
     NetShield detects known viruses by searching the system for
     known characteristics (sequences of code) unique to each
     computer virus and reporting their presence if found. For
     viruses that encrypt or cipher their code so that every
     infection is different, NetShield uses detection algorithms
     that work by statistical analysis, heuristics, and code
     disassembly.
     
     NetShield can also check for new or unknown viruses by
     comparing files against previously recorded validation data.
     For more information, refer to "Setting CRC Validation" in
     this chapter. If a file has been modified, it will no longer
     match the validation data, and NetShield will report that
     the file may have become infected.
     
     NetShield can scan your system in the following ways:
     
     o  Immediate scanning performs a scan of your system, on
        demand, using current scan settings. For more information,
        refer to "Running an Immediate Scan" in this chapter.
     
     o  On Access scanning prevents infected files from being
        copied to or from server volumes. For more information,
        refer to "Using On Access Scanning" in this chapter.
     
     o  Periodic scanning schedules scanning for a specific day
        and time. For more information, refer to "Using Periodic
        Scanning" in this chapter.
     
     In each case, you can determine which network volumes
     NetShield scans. You can use any or all of these scanning
     methods in combination.
     
If You Detect a Virus

     We strongly recommend that you get experienced help in
     dealing with viruses if you are unfamiliar with anti-virus
     software and methods. This is especially true for "critical"
     viruses, because improper removal of these viruses can
     result in the loss of all data and use of the infected
     disks.
     
     If you are at all unsure about how to proceed once you have
     found a virus, contact McAfee for assistance. Refer to your
     Technical Support Information Card for instructions.
     
Configuration Recommendations

     We recommend that you customize NetShield with the settings
     that best fit the needs of your network environment, then
     save settings in a configuration file so that you can load
     them easily in the future. For more information, refer to
     "Setting Configuration File Options" in this chapter.
     
     If it finds or suspects a virus, NetShield can perform
     certain actions automatically, depending on how you have
     configured NetShield:
     
     o  NetShield can delete, overwrite, move, or ignore an
        infected file. For more information, refer to "Setting the
        Infected File Action" in this chapter. We recommend that
        you move infected files to a quarantine directory for
        later inspection.
     
     o  NetShield can notify selected users and the system
        console of a possible infection. For more information,
        refer to "Setting the User Contact Action" in this
        chapter. We recommend that you enable this feature so that
        system administrators are informed as soon as viruses are
        detected.
     
     o  NetShield can record the incident in a log file. For more
        information, refer to "Setting the Log File" in this
        chapter. You can view or print the contents of this log
        for future reference. We recommend that you enable this
        feature so that you can use the information to investigate
        any viral infections that arise.
     
     For network environments requiring strict security, consider
      using the following features:
     
     o  NetShield can require a password before it can be
        unloaded on the server. For more information, refer to
        "Setting the Unload Password" in this chapter.
     
     o  NetShield can prevent users from writing to selected
        network directories, such as system directories containing
        application executable files. For more information, refer
        to "Configuring Network Monitoring" in this chapter.
     
     To optimize server performance, consider adjusting the
     execution priority. For more information, refer to "Setting
     the Delay Factor" in this chapter.
     
Running an Immediate Scan

     NetShield can run a scan on-demand using immediate scanning.
     NetShield scans the server volumes you select.
     
     From the NetShield Main menu, choose Immediate Scan.
     NetShield displays the Immediate Scan menu  with the
     following options:
     
     o  Start Scan
     o  Stop Scan
     o  Edit Volume
     
     The rest of this section describes these options in detail.
     
Selecting volumes to scan

     Before you start checking for viruses on your network, you
     must first select one or more volumes to scan. You can
     modify the list of volumes that NetShield scans for viruses.
     
     From the NetShield Main menu, choose Immediate Scan | Edit
     Volume. NetShield displays a list of currently selected
     volumes.
     
     o  To add a volume to the list, press INSERT. NetShield
        displays a list of available volumes. Highlight the volume
        you want to add, then press ENTER (to select multiple
        volumes, highlight each one and press F5 to mark it, then
        press ENTER). NetShield adds the selected volume(s) to the
        list of volumes to scan.
     
     o  To remove a volume from the list of selected volumes,
        highlight it, then press DELETE. The selected volume is no
        longer displayed in the list of volumes to scan.
     
     Once you have selected the volumes you want to scan, you can
     begin scanning your system.
     
Running an Immediate Scan

     You can tell NetShield to start scanning immediately, based
     on your current scan settings.
     
     From the NetShield Main menu, choose Immediate Scan | Start
     Scan. NetShield starts scanning your system. To see scanning
     statistics, press F10: NetShield displays the name of each
     file it scans, as well as the name of the last virus found
     (if any).
     
     NOTE: If NetShield finds a virus, refer to "If you detect a
     virus" earlier in this chapter for more information.
     
Interrupting a Scan in Progress

     NetShield scans your system until all selected items
     (volumes, directories, files) have been checked for viruses.
     If necessary, however, you can interrupt an immediate scan
     in progress.
     
     From the NetShield Main menu, choose Immediate Scan | Stop
     Scan. NetShield displays a confirmation prompt.
     
     NOTE: When you interrupt scanning, you prevent NetShield
     from completely checking the selected volumes on your system
     for viruses. To ensure that your system is virus-free, you
     must run a complete, uninterrupted scan.
     
Configuring the Scanning Mode

     In addition to immediate scanning, NetShield provides the
     following scanning modes:
     
     o  On Access Scanning prevents infected files from being
        copied to or from server volumes.
     
     o  Periodic Scanning schedules scanning for a specific day
        and time.
     
     From the NetShield Main menu, choose Configure Scanning
     Mode. NetShield displays the Scanning Mode Configuration
     menu with the following options:
     
     o  On Access Scanning
     o  Periodic Scanning
     
     The rest of this section describes these scanning modes in
     detail.
     
Using On Access Scanning

     If On Access scanning is enabled, NetShield can protect your
     server against viruses by preventing infected files from
     being copied to or from server volumes. If a filemask is
     used in the copy operation (for example, *.EXE), NetShield
     prevents only infected files from being copied. Use on
     access scanning to prevent spreading viruses in the interim
     between regular scans.
     
     NOTE: If NetShield finds a virus, refer to "If you detect a
     virus" earlier in this chapter for more information.
     
     To use on access scanning, from the NetShield Main menu,
     choose Configure Scanning Mode | On Access Scanning.
     NetShield displays the On Access Scanning menu with the
     following options:
     
     o  Inbound Files Only
     o  Outbound Files Only
     o  Inbound and Outbound Files
     o  Disable On Access Scanning
     
     Select the option you want.
     
     Inbound Files Only
     
     Select this option to prevent copying infected files to the
     selected server volume. When a copy operation is attempted,
     NetShield checks the file on the target volume and, if
     infected, deletes, removes, or ignores the file according to
     the current action setting. For more information, refer to
     "Setting the Infected File Action" later in this chapter.
     
     We recommended this option for most environments because it
     protects the server but avoids running extra scans every
     time files are copied from the server volume.
     
     Outbound Files Only
     
     Select this option to prevent copying infected files from
     selected server volumes to other server or workstation
     volumes. When a copy operation is attempted, NetShield
     checks the file on the source volume and, if infected,
     deletes, removes, or ignores the file according to the
     current action setting. For more information, refer to
     "Setting the Infected File Action" later in this chapter.
     
     This option does not protect the server volume against
     infected files copied to it, and is recommended only in
     cases where the server volume is read-only and might contain
     infected files.
     
     Inbound and Outbound Files
     
     Select this option to prevent copying infected files to or
     from selected server volumes. This option combines the two
     previous options and offers the highest degree of protection
     for both servers and workstations. It may, however, result
     in extra scans if the server volume is highly unlikely to
     contain infected files.
     
     Viewing Statistics for On Access Scanning
     
     When you open the On Access Scanning menu, NetShield
     displays information similar to the following example:
     
                       NetShield On Access Virus Detection
     Summary
     
      Last Inbound File Scanned:
      Last Outbound File Scanned:
      Last Inbound Virus Detected:
      Last Outbound Virus Detected:
      Total Files Scanned: 360      Total Infected Files Found: 271
      Current On Access Scan Mode:   Both Inbound and Outbound Files
     
     Disabling On Access Scanning
     
     Select this option to disable on access scanning altogether
     or to interrupt an on access scan in progress. Thereafter,
     NetShield will not check files as they are copied to or from
     the server volume.
     
Using Periodic Scanning

     You can schedule NetShield to automatically scan server
     volumes at a future date and time. Thereafter, NetShield
     runs the scan at the scheduled time if the server is running
     and NetShield is loaded and running. In this way, you can
     scan your network unattended, during periods of low network
     traffic, and thereby ensure that scanning occurs on a
     regular basis. For each scheduled scan, you can specify when
     to scan, what to scan, and which scan options to use.
     
     NOTE: If NetShield finds a virus, refer to "If you detect a
     virus" earlier in this chapter for more information.
     
     From the NetShield Main menu, choose Configure Scanning Mode
     | Periodic Scanning. NetShield displays the Periodic
     Scanning menu with the following options:
     
     o  Scanning
       o  Day of Week
       o  Day of Month
       o  Time of Day
     o  Select Volumes to Scan
     o  Load Scan Settings from File
     o  Save Scan Settings to File
     
     Select the option you want.
     
     Selecting the Scanning Frequency
     
     You can schedule scanning on a daily, weekly, or monthly
     basis. For the best network performance, schedule scanning
     during periods of low network traffic, such as at 2:00 am or
     on weekends.
     
     To enable scanning, highlight Scanning <DISABLED> and press
     ENTER. NetShield displays the Select Scanning Frequency menu
     with the following options. Select the scanning frequency
     you want and enter the required information:
     
     o  Daily: Enter the time of day (0:01 to 23:59, in 24-hour
        format).
     
     o  Weekly: Enter the day of the week (Sunday to Saturday)
        and the time of day (0:01 to 23:59).
     
     o  Monthly: Enter the day of the month (1-31) and the time
        of day (0:01 to 23:59). If you enter 31, NetShield will
        scan on the last day of the month, even if it has fewer
        than 31 days.
     
     Thereafter, NetShield runs the scan at the scheduled date
     and time.
     
     Selecting Volumes for Periodic Scanning
     
     You can select the network volumes you want to scan in
     periodic scanning. These apply to the periodic scan only,
     and do not change the currently selected volumes for
     immediate or on access scanning. For more information, refer
     to "Selecting Volumes to Scan" earlier in this chapter.
     
     Highlight Select Volumes To Scan and press ENTER. NetShield
     displays a list of currently selected volumes.
     
     o  To add a volume to the list, press INSERT. NetShield
        displays a list of available volumes. Highlight the volume
        you want to add, then press ENTER (to select multiple
        volumes, highlight each one and press F5 to mark it, then
        press ENTER). NetShield adds the selected volume(s) to the
        list of volumes to scan.
     
     o  To remove a volume from the list, highlight it, press
        DELETE, then choose Yes when prompted to confirm deletion.
        NetShield removes the selected volume from the list of
        volumes to scan.
     
     NetShield will scan the selected volumes in subsequent
     scheduled scans, including any changes you have just made.
     
     Saving a Configuration File for Periodic Scanning
     
     You can store NetShield scan settings that apply only to the
     periodic scan in a special configuration file. By default,
     NetShield uses SYS:\SYSTEM\PER$CFG.DAT. We recommend that
     you use the default path so that configuration files are
     easy to locate.
     
     Configuration files for periodic scanning differ from
     configuration files created according to the instructions in
     "Setting Configuration File Options" later in this chapter.
     They contain only the scheduled scanning date and time, plus
     the volumes selected for periodic scanning.
     
     From the Periodic Scanning menu, highlight Save Scan
     Settings to File and press ENTER. NetShield prompts you to
     identify the configuration file you want to save. Type the
     volume, path, and name of the configuration file you want,
     then press ENTER. Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the configuration file you
         want to use.
     
     5.  Highlight the configuration file you want to use, then
         press ESCAPE. NetShield displays the volume, path, and
         filename you selected.
     
     6.  Press ENTER to accept this path and filename, or ESCAPE
         to abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, saves the configuration file you specified.
     
     Loading a Configuration File for Periodic Scanning
     
     You can load a periodic scanning configuration file created
     using the instructions in the previous section, "Saving a
     Configuration File for Periodic Scanning." By default,
     NetShield uses SYS:\SYSTEM\PER$CFG.DAT.
     
     From the Periodic Scanning menu, highlight Load Scan
     Settings from File and press ENTER. NetShield prompts you to
     identify the configuration file you want to load. Type the
     volume, path, and name of the configuration file you want,
     then press ENTER. Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or
         both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the configuration file you
         want to use.
     
     5.  Highlight the configuration file you want to use, then
         press ESCAPE. NetShield displays the volume, path, and
         filename you selected.
     
     6.  Press ENTER to accept this path and filename, or ESCAPE
         to abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, loads the configuration file you specified and
     uses it for subsequent scheduled scans.
     
     Disabling Periodic Scanning
     
     You can disable periodic scanning to halt a period scan in
     progress or to prevent future scheduled scans.
     
     To disable periodic scanning, highlight Scanning, then press
     ENTER. NetShield displays the Scanning Frequency list.
     Highlight <DISABLED>, then press ENTER.
     
Configuring Virus Detection

     You can configure NetShield to take certain actions
     automatically if it finds an infected file when scanning
     your network. NetShield can:
     
     o  Delete, remove, or ignore infected files.
     o  Notify selected users and generate a message to the
        NetWare system console that a virus has been found.
     
     To configure NetShield in this way, from the NetShield Main
     menu, choose Configure Virus Detection. NetShield displays
     the Virus Detect Configuration menu with the following
     options:
     
     o  Infected File Action
     o  User Contact Action
     
     The rest of this section describes these options in detail.
     
Setting the Infected File Action

     You can tell NetShield what to do with infected files found
     during a scan. NetShield can delete them to prevent further
     infection, move them to a quarantine directory for
     inspection or uploading to McAfee, or do nothing but report
     the infection in a log file.
     
     From the NetShield Main menu, choose Configure Virus
     Detection | Infected File Action. NetShield displays the
     Select Action from List menu with the following options:
     
     o  Delete Infected File
     o  Overwrite Infected File
     o  Move Infected File
     o  Ignore Infected file
     
     Select the action you want from the list.
     
     Deleting Infected Files
     
     Select this option to delete infected files found during a
     scan. If necessary, you can recover deleted files using the
     NetWare SALVAGE command. For more information, refer to your
     NetWare documentation.
     
     Due to the nature of anti-virus software, there is a
     possibility that NetShield may report a virus in a file that
     is not infected. Although such "false alarms" are rare, if
     it occurs during a scan, you can still recover the deleted
     file. You might also want to recover a deleted file to
     inspect it yourself or to upload it to McAfee for
     inspection.
     
     Overwriting Infected Files
     
     Select this option to delete infected files found during a
     scan so that they cannot be recovered except from backups.
     NetShield erases any infected files and writes random
     characters to the disk space formerly occupied by the
     infected file. As a result, this file is completely
     eradicated from your network and is not recoverable by you
     or other users, except from backups. This is the most secure
     option, but it can prevent you from recovering an infected
     file you might want to save for further inspection.
     
     Moving Infected Files
     
     Select this option to move infected files found during a
     scan to a different directory so that you can inspect them
     yourself and, if you want, upload them to McAfee for expert
     inspection. To avoid a situation in which users could
     inadvertently load an infected file and spread the virus,
     the directory you specify should be a "quarantine directory"
     to which only system administrators have access.
     
     To specify a directory, type the volume and path of the
     directory you want, then press ENTER. Alternatively, to find
     the directory:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you highlight the one you want to use for infected files.
     
     5.  Highlight the directory you want to use, then press
         ESCAPE. NetShield displays the volume, path, and filename
         you selected.
     
     6.  Press ENTER to select this directory.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, uses the directory you selected. If the
     directory you specify does not exist, NetShield creates it
     for you automatically.
     
     Ignoring Infected Files
     
     Select this option to ignore infected files found during a
     scan. NetShield leaves any infected files intact on your
     system, which could result in further viral infection. We
     therefore recommend that you check the log files for
     infected files immediately after scanning and, if found,
     take steps to protect your system.
     
Setting the User Contact Action

     You can configure NetShield to send a broadcast message to
     one or more users if infected files were found during a
     scan. That way, you and others can know immediately when
     viruses have been detected on your network. NetShield can
     also generate console messages to the NetWare server
     console.
     
     From the NetShield Main menu, choose Configure Virus
     Detection | User Contact Action. NetShield displays the User
     Contact Actions menu.
     
     o  Edit User Contact List
     o  Enable User Alarms
     o  Enable Console Messages
     
     Select the options you want.
     
     Editing the User Contact List
     
     You can have NetShield notify certain users if viruses have
     been found. To specify the users to notify, highlight Edit
     User Contact List and press ENTER. NetShield displays a list
     of users to notify.
     
     o  To add a users to the list, press INSERT. NetShield
        displays a list of available network users. Highlight the
        user you want to add, then press ENTER. NetShield adds the
        selected user to the list of users to notify.
     
     o  To remove a user from the list, highlight it, then press
        DELETE. NetShield deletes the selected user from the list
        of users to notify.
     
     NetShield will notify the users on this list if viruses are
     found in future scans, including any changes you have just
     made.
     
     Enabling User Alarms
     
     You can tell NetShield whether to inform selected users that
     infected files were found during a scan. You might want to
     disable this capability if, for security reasons, you do not
     want users to know that viruses have been found. However, if
     you disable this feature, be sure to inspect the log file
     immediately after each scan so that you know whether your
     network has been infected.
     
     To change the current setting, highlight Enable User Alarms,
     type Y (for Yes) or N (for No), then press ENTER
     
     Enabling Console Messages
     
     You can tell NetShield whether to display messages about
     infected files on the NetWare system console. This provides
     an alternative method for alerting system administrators and
     maintains an audit trail for further investigation into
     virus incidents. For more information about NetWare server
     console messages, refer to your NetWare documentation.
     
     To change the current setting, highlight Enable Console
     Messages, type Y (for Yes) or N (for No), then press ENTER
     
Configuring NetShield NLM

     You can configure NetShield to:
     
     o  Save and load configuration files containing frequently-
        used NetShield settings.
     o  Exclude directories from scanning.
     o  Regulate server performance by assigning CPU processing
        priority to NetShield.
     o  Perform CRC validation to detect new or unknown viruses.
     o  Protect NetShield from unauthorized unloading by
        assigning a password.
     
     From the NetShield Main menu, choose Configure NetShield
     NLM. NetShield displays the NetShield NLM Configuration menu
     with the following options:
     
     o  Configuration File Options
     o  Configure Excluded Directories
     o  NetShield Delay Factor
     o  CRC Configuration Options
     o  Password Configuration
     
     The rest of this section describes these options in detail.
     
Setting Configuration File Options

     You can store current NetShield configuration information in
     a disk file that you can later load as needed. You can also
     obtain a copy of the current configuration settings by
     printing a report or saving them to an ASCII text file.
     
     A NetShield configuration file stores configuration
     information in a proprietary binary format and contains
     settings information such as the selected volumes to scan,
     periodic scan settings, logging, CRC checking, and other
     NetShield settings (you can print a list of current
     settings). Passwords are encrypted.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | Configuration File Options. NetShield displays the
     Configuration File Management Options menu with the
     following options:
     
     o  Load Configuration Settings From File
     o  Save Configuration Settings To File
     o  Write Configuration Report To File
     o  Print Current Configuration Settings
     
     Select the options you want.
     
     Loading Configuration Settings from a File
     
     Select this option to load a configuration file from disk.
     NetShield prompts you to identify the configuration file you
     want to load. By default, NetShield uses
     SYS:\SYSTEM\VIR$CFG.DAT. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     Type the volume, path, and name of the configuration file
     you want, then press ENTER. Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the configuration file you
         want to use.
     
     5.  Highlight the configuration file you want to use, then
         press ESCAPE. NetShield displays the volume, path, and
         filename you selected.
     
     6.  Press ENTER to accept this filename, or ESCAPE to
         abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, loads the configuration file you specified and
     uses it for subsequent scans.
     
     Saving Configuration Settings to a File
     
     Select this option to save a configuration file to disk.
     NetShield prompts you to identify the name and path of the
     configuration file you want to save. By default, NetShield
     uses SYS:\SYSTEM\VIR$CFG.DAT. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     Type the volume, path, and name of the configuration file
     you want, then press ENTER. Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the configuration file you
         want to use.
     
     5.  Highlight the configuration file you want to use, then
         press ESCAPE. NetShield displays the volume, path, and
         filename you selected.
     
     6.  Press ENTER to accept this filename, or ESCAPE to
         abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, writes configuration information to the file you
     specified.
     
     Writing the Configuration Report to a File
     
     Select this option to save the configuration report in an
     ASCII text file. NetShield prompts you to identify the name
     and path of the report file you want to create. By default,
     NetShield uses SYS:\SYSTEM\VIR$CFG.RPT. We recommend that
     you use the default path so that report files are easy to
     locate.
     
     Type the volume, path, and name of the report file you want,
     then press ENTER. Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the configuration file you
         want to use.
     
     5.  Highlight the configuration file you want to use, then
         press ESCAPE. NetShield displays the volume, path, and
         filename you selected.
     
     6.  Press ENTER to accept this filename, or ESCAPE to
         abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, writes configuration information to the report
     file you specified. If the report file exists, NetShield
     overwrites it.
     
     Printing Current Configuration Settings
     
     Select this option to send a report of the current
     configuration settings to a network printer queue. NetShield
     displays a list of available print queues. Highlight the
     queue you want, then press ENTER to select it. NetShield
     sends the report to the queue you selected.
     
Configuring Excluded Directories

     You can exclude selected directories from scanning if you
     want to reduce scanning time and you are confident that such
     directories are unlikely to be infected by a virus. For
     example, because most viruses infect executable files, you
     might want to exclude directories that contain only data
     files.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | Configure Excluded Directories. NetShield displays the
     Configure Excluded Directories menu with the following
     options:
     
     o  Edit List of Excluded Directories
     o  Apply Exclusion List to All Scans
     
     The rest of this section describes these options in detail.
     
     Selecting Directories to Exclude
     
     Select this option to change the list of directories to
     exclude from scanning. To specify a directory to exclude,
     type the volume and path of the directory you want, then
     press ENTER. Alternatively, to find a directory:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you highlight the one you want to use for infected files.
     
     5.  Highlight the directory you want to use, then press
         ESCAPE. NetShield displays the volume, path, and filename
         you selected.
     
     6.  Press ENTER to select this directory.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, adds the selected directory to the list of
     excluded directories.
     
     To remove a directory from the list, highlight it, then
     press DELETE. NetShield deletes the selected directory from
     the list of directories to exclude.
     
     If the exclusion list is enabled (for more information,
     refer to the next section), NetShield will exclude
     directories from scanning using this list, including any
     changes you have just made.
     
     Applying the Exclusion List to All Scans
     
     Select this option to ignore, during scanning, the
     directories in the exclusion list. To change the current
     setting, highlight Apply Exclusion List to All Scans, press
     ENTER, then choose <ENABLED> or <DISABLED> from the prompt.
     
Setting the Delay Factor

     You can regulate server performance during scanning by
     controlling the amount of CPU time that NetShield uses to
     conduct the scan. The higher the delay, the more CPU time is
     devoted to carrying out the scan operation.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | NetShield Delay Factor. NetShield prompts you to enter a
     priority. The default delay factor is 3. Type a number
     between 1 and 100, inclusive, then press ENTER.
     
     o  If you choose a delay setting of 1, which is the most CPU-
        intensive, 40-50% CPU usage is added and approximately one
        file is scanned per second. We recommend using higher
        settings during periods of low network traffic.
     
     o  If you choose a delay setting of 100, which is the least
        CPU-intensive, 1-2% CPU usage is added and one file is
        scanned approximately every 10 seconds. We recommend using
        lower settings during periods of high network traffic.
     
     NetShield uses the delay factor you specified.
     
Setting CRC Configuration Options

     If your environment is highly vulnerable to viruses, or you
     require additional security against them, you can use
     NetShield's CRC (Cyclic Redundancy Check) checking option to
     detect infection by new and unknown viruses. NetShield can
     assign validation codes to files, then use those codes to
     detect file changes and warn that infection by an unknown
     virus may have occurred. NetShield stores validation
     information in an encrypted database file.
     
     The use of CRC validation codes requires an ongoing effort
     to store and maintain the codes. For example, if you install
     new programs or upgrade old ones, you should remove all the
     validation codes, then add them again to restore them. If
     you install new software, or upgrade your DOS or NetWare
     version, remember to update your recovery file.
     
     Because the validation codes will change whenever a file is
     updated, we recommend using CRC checks only in stable
     environments where few software updates are performed. In
     addition, consider excluding any directories containing data
     files that are frequently updated. To exclude directories
     from scanning, refer to "Configuring Excluded Directories"
     earlier in this chapter.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | CRC Configuration Options. NetShield displays the CRC
     Configuration Options menu with the following options.
     
     o  Add CRC Code To External File
     o  Verify CRC Code From External File
     o  Remove CRC Code From External File
     o  Edit External File Name
     
     Select the options you want.
     
     NOTE: You can enable only one of the options (Add, Verify,
     and Remove) at a time during a scan. If you enable one
     option, NetShield automatically disables any other enabled
     option.
     
     Adding CRC Code to an External File
     
     Select this option to tell NetShield to add CRC validation
     codes to the external database file during the next scan.
     Any previous validation codes should be removed from the
     selected database file before proceeding. We recommend
     disabling this option once the validation codes have been
     added.
     
     To change the current setting, highlight Add CRC Code To
     External File, press ENTER, then choose <ENABLED> or
     <DISABLED> from the prompt.
     
     Verifying CRC Code from an External File
     
     Once you have added CRC validation codes to the database,
     select this option to tell NetShield to check for validation
     codes in subsequent scans and, if files have changed, to
     warn that infection by an unknown virus may have occurred.
     
     To change the current setting, highlight Verify CRC Code
     From External File, press ENTER, then choose <ENABLED> or
     <DISABLED> from the prompt.
     
     Removing CRC Code from an External File
     
     Once you have added CRC validation codes to the database,
     select this option to tell NetShield to remove them during
     the next scan from the selected database file. You normally
     do this if you have added or upgraded software on your
     network and need to re-add validation codes.
     
     To change the current setting, highlight Remove CRC Code
     From External File, press ENTER, then choose <ENABLED> or
     <DISABLED> from the prompt.
     
     Selecting the Name of the External File
     
     By default, the database file used to store CRC validation
     codes is named VIR$CRC.DAT, which is stored in the same
     directory as the NETSHLD.NLM file. You can change the name
     and location of the database file as needed.
     
     Type the volume, path, and name of the validation database
     file you want, then press ENTER. Alternatively, to find the
     file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or
         both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the validation database file
         you want to use.
     
     5.  Highlight the database validation file you want to use,
         then press ESCAPE. NetShield displays the volume, path,
         and filename you selected.
     
     6.  Press ENTER to accept this filename, or ESCAPE to
         abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, uses the validation database file you specified.
     
Setting the Unload Password

     You can assign a password to NetShield to ensure that only
     authorized users can unload NetShield once it has been
     loaded. The password is not case-sensitive, can be up to 40
     characters long, and can be any mix of alphanumeric and
     punctuation characters. The default NLM password is:
     NETSHIELD. The password is encrypted.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | Password Configuration. NetShield displays the Password
     Configuration menu with the following options:
     
     o  Change Existing Password
     o  Password Enable Status
     
     The rest of this section describes these options in detail.
     
     Changing the Existing Password
     
     Select this option to add a change the unload password.
     Enter the current password, if any, then enter the new
     password (or leave it blank to remove the password). Be sure
     to write down your new password and store it in a secure
     location.
     
     Enabling the Unload Password
     
     Select this option to force users to enter the unload
     password before exiting NetShield. To change the current
     setting, highlight Password Enable Status, press ENTER, then
     choose <ENABLED> or <DISABLED> from the prompt.
     
Configuring Virus Reporting

     NetShield can keep a log of scans and infections found. You
     can view this log on screen, print it, or discard it. We
     recommend that you use NetShield's logging feature so that
     you have an audit trail to assist in your investigation of
     virus incidents.
     
     From the NetShield Main menu, choose Configure Virus
     Reporting. NetShield displays the Virus Reporting Options
     menu with the following options.
     
     o  Configure Log File Settings
     o  Select Log File Reports
     
     The rest of this section describes these options in detail.
     
Setting Up the Log File

     NetShield can record the results of scanning in a log file
     that you can later use for auditing your system and
     investigating problems. NetShield appends log information in
     the log file, including the date and time the scan was run
     and, if viruses are detected, an entry for each file
     suspected to contain a virus (name, location, and virus
     name).
     
     From the NetShield Main menu, choose Configure Virus
     Reporting | Configure Log File Settings. NetShield displays
     the Log File Configuration Options menu with the following
     options:
     
     o  Enter Log File Path
     o  Enable Logging To Log File
     
     Entering the Log File Path
     
     Select this option to specify the name and location of the
     log file. If the log file has not been configured, the
     default filename is VIR$LOG.DAT.
     
     Type the volume, path, and name of the log file you want,
     then press ENTER. Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the log file you want to use.
     
     5.  Highlight the log file you want to use, then press
         ESCAPE. NetShield displays the volume, path, and filename
         you selected.
     
     6.  Press ENTER to accept this filename, or ESCAPE to
         abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, uses the log file you specified. If the file
     does not exist, NetShield creates it automatically. If the
     file exists, NetShield prompts you to overwrite the file or
     append new information to it.
     
     Enabling Logging to a Log File
     
     We recommend that logging is enabled whenever you scan so
     that you have an audit trail of infections found. However,
     you can select this option to disable logging as well, if
     necessary.
     
     To change the current setting, highlight Enable Logging to a
     Log File, press ENTER, then choose <ENABLED> or <DISABLED>
     from the prompt.
     
Selecting Log File Reports

     If logging is enabled, NetShield can display, print, or
     discard the contents of the currently selected log file.
     
     From the NetShield Main menu, choose Configure Virus
     Reporting | Select Log File Reports. NetShield displays the
     Select Log File Reports menu with the following options:
     
     o  View Contents of Log File
     o  Print Contents of Log File
     
     Select the options you want.
     
     Viewing the Log
     
     Select this option to display the current log file and
     peruse its contents in a scrollable window.
     
     Use these keys to navigate the scrollable window:
     
     o  HOME to view the first entry in the log file.
     o  END to view the last entry in the log file.
     o  PGUP and PGDN to view the log file one screen at a time.
     o  ESCAPE to exit the scrollable window.
     
     Printing the Log
     
     Select this option to print the current log file for future
     reference. NetShield displays a list of available print
     queues. Highlight the queue you want, then press ENTER to
     select it. NetShield sends the log report to the queue you
     selected and displays a message verifying that the report
     was sent.
     
Configuring Network Monitoring

     For highly secure networks, NetShield can detect and log any
     attempts to write to read-only directories, such as
     directories containing application executables. This log
     provides additional information about possible sources of
     viral infection on your network.
     
     You can also suspend read-only protection for authorized
     users to make changes to monitored directories, such as
     installing or upgrading software. Password protection
     ensures centralized control over access to these
     directories.
     
     To use network monitoring, you configure NetShield by
     selecting the directories, file extensions, and users to
     monitor, then you activate network monitoring.
     
Entering a Password

     Network monitoring is password-protected to ensure that only
     authorized users have access. The default password is:
     
          login admin
          
     You should change this password when you run NetShield for
     the first time. For instructions, refer to "Changing the
     Network Security Password" later in this section.
     
     From the NetShield Main menu, choose Configure Network
     Monitoring. NetShield prompts you to enter a password. Type
     the password (which is not case-sensitive), then press
     ENTER. NetShield displays the Configure Network Security
     menu with the following options:
     
     o  Edit Network Security Configuration
     o  Set Path for Log File
     o  Save Current Configuration To A File
     o  Restore Current Configuration From A File
     o  Current Network Security Status
     
     The rest of this section describes these options in detail.
     
Editing the Network Security Configuration

     You can configure NetShield to:
     
     o  Monitor disk write attempts for files with specific extensions.
     o  Monitor specific directories for write attempts.
     o  Exclude files from monitoring
     o  Monitor selected administrators for write attempts.
     o  Permit only selected users to write to monitored directories.
     
     You can also save and load configuration settings in a file.
     For more information, refer to "Saving the Current
     Configuration" and "Loading a Configuration" later in this
     chapter.
     
     From the NetShield Main menu, choose Configure Network
     Monitoring | Edit Network Security Configuration. NetShield
     displays the Network Security Configuration Options menu
     with the following options:
     
     o  Create File and Extension Master List
     o  Select Entries To Monitor From Master List
     o  Select Files to be Excluded from Monitoring
     o  Select Directories To Monitor for All Users
     o  Change Monitored Users
     o  Change Temporary Authorization
     o  Change Network Security Password
     
     Select the options you want.
     
     Creating a Master List of Files and File Extensions
     
     Select this option to manage the master list of files and
     file extensions to monitor. For example, you might want
     NetShield to monitor all executable files by adding the COM,
     EXE, SYS, BIN, OVL, or DLL extensions to the list. You will
     use this master list in the next section, "Selecting Entries
     to Monitor."
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Create File and Extension
     Master List. NetShield displays the current master list.
     
     o  To add an extension to the list, press INSERT, type a
        period (required) and a new extension (up to 3 letters),
        then press ENTER. NetShield adds the new extension to the
        master list. If you want NetShield to monitor this
        extension, however, you must add it to another list. For
        more information, refer to the next section "Selecting
        Entries to Monitor."
     
     o  To add a file to the list, press INSERT, type the full
        file name (name, period, and extension), then press ENTER.
        NetShield adds the new file to the master list. If you
        want NetShield to monitor this file, however, you must add
        it to another list. For more information, refer to the
        next section "Selecting Entries to Monitor."
     
     o  To remove a file or files extension from the list,
        highlight it, then press DELETE. NetShield deletes the
        selected entry.
     
     Once you have selected the extensions you want for the
     master list, you must then select the extensions you want
     NetShield to monitor while scanning.
     
     Selecting Entries to Monitor
     
     From the master list of files and file extensions, you can
     select the list of entries that NetShield will monitor for
     unauthorized write attempts. At a minimum, consider
     specifying standard executable file extensions (EXE, COM,
     SYS, BIN, OVL, and DLL). When a file is copied to a
     monitored directory, NetShield determines whether the copied
     file or its extension exists in the list of monitored
     entries and, if so, NetShield creates a entry in the log
     file.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Select Entries To Monitor
     From Master List. NetShield displays the current list of
     monitored files and file extensions.
     
     o  To add an entry to the list, press INSERT. NetShield
        displays the master list of available files and file
        extensions. Highlight the entry you want, then press
        ENTER. NetShield adds the new entry to the list of entries
        to monitor.
     
     o  To remove an entry from the list, highlight it, then
        press DELETE. NetShield deletes the selected entry from
        the list of entries to monitor. However, deleting it from
        this list does not remove it from the master list.
     
     NetShield will monitor files with the selected name or
     extension in the list, including any changes you have just
     made.
     
     Selecting Files to be Excluded from Monitoring
     
     You can exclude certain files and file extensions from
     monitoring, such as a backup file that is frequently
     updated.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Select Files To Be Excluded
     From Monitoring. NetShield displays the current list of
     excluded files.
     
     To specify a file or file extension to exclude from
     monitoring, type its name, path, and extension, then press
     ENTER. Alternatively, to find a file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you highlight the one you want to exclude.
     
     5.  Highlight the file you want to exclude, then press
         ESCAPE. NetShield displays the volume, path, and filename
         you selected.
     
     6.  Press ENTER to select this directory.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, adds the selected directory to the list of
     directories to monitor.
     
     To remove a directory from the list, highlight it, then
     press DELETE. NetShield deletes the selected directory from
     the list of directories to monitor.
     
     NetShield will exclude from monitoring the files and file
     extensions you selected.
     
     Selecting Directories to Monitor for All Users
     
     You can select the directories that NetShield will protect
     and monitor for unauthorized write attempts. For example,
     you might want to monitor directories that contain
     application executables.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Select Directories To
     Monitor for All Users. NetShield displays the current list
     of monitored directories.
     
     To specify a directory to exclude, type the volume and path
     of the directory you want, then press ENTER. Alternatively,
     to find a directory:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you highlight the one you want to use for infected files.
     
     5.  Highlight the directory you want to use, then press
         ESCAPE. NetShield displays the volume, path, and filename
         you selected.
     
     6.  Press ENTER to select this directory.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, adds the selected directory to the list of
     directories to monitor.
     
     To remove a directory from the list, highlight it, then
     press DELETE. NetShield deletes the selected directory from
     the list of directories to monitor.
     
     NetShield will monitor directories using this list,
     including any changes you have just made.
     
     Changing Monitored Administrators
     
     You can select the administrators that NetShield will
     monitor for write attempts to monitored directories. From
     the Configure Network Security menu, choose Edit Network
     Security Configuration | Change Monitored Users.
     
     NetShield displays the list of currently monitored
     administrators.
     
     o  To add an administrator to the list, press INSERT.
        NetShield displays a list of available users, as shown in
        the following example:
     
          <SystemAdministrators>
          {UsersNotInAnyGroups}
          [EVERYONE]
          [WORDPROCESSING]
          
        Highlight a group, then press ENTER. NetShield displays a
        list of users for that group. Highlight a user you want to
        authorize, then press ENTER. NetShield adds the selected
        user to the list of authorized administrators.
     
     o  To remove a user from the list, highlight it, then press
        DELETE. NetShield deletes the selected user name from the
        list of monitored administrators.
     
     NetShield will monitor only users and groups in this list,
     including any changes you have just made.
     
     Authorizing Temporary Access to Monitored Directories
     
     You can suspend, for a brief time, read-only protection on
     monitored directories so that authorized users can make
     changes. For example, you might want to allow one or more
     administrators to install or upgrade software in a monitored
     directory.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Temporary
     Authorization. NetShield displays the Change Temporary
     Authorization menu with the following options:
     
     o  Change Temporary Authorization List
     o  Enable Administrative Access
     
     Select the options you want.
     
     Specifying Temporary Authorized Administrators
     
     Select this option to allow certain administrators to write
     to monitored directories during temporary authorization. You
     select from the list of monitored administrators. For more
     information, refer to the previous section, "Changing
     Monitored Administrators."
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Temporary
     Authorization | Change Temporary Authorization List.
     NetShield displays the list of currently monitored
     administrators.
     
     o  To add a monitored administrator to the temporary
      authorization list, press INSERT. NetShield displays a
      list of monitored administrators. Highlight a user, then
      press ENTER. NetShield adds the selected user to the list
      of temporarily authorized administrators.
     
     o  To remove a user from the list, highlight it, then press
        DELETE. NetShield deletes the selected user name from the
        list of temporarily authorized administrators.
     
     NetShield will permit access to protected directories only
     to users in this list, including any changes you have just
     made.
     
     Enabling Administrative Access
     
     Select this option to allow authorized administrators to
     write to a protected directory while network monitoring is
     enabled. You might want to do this, for example, to install
     or upgrade software stored in a monitored directory.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Temporary
     Authorization | Enable Administrative Access. NetShield
     prompts you to enter the number of minutes you want to
     enable access.
     
     o  To enable access, type a number between 1 and 180,
        inclusive, then press ENTER. NetShield displays the time
        remaining for authorized administrators to update
        monitored directories.
     
        NOTE: If the administrative access time runs out while
        changes are being made to monitored directories, NetShield
        completes the current write operation, if any, then
        prevents additional changes.
     
     o  To disable access, enter 0, the default access time.
     
     Changing the Network Security Password
     
     You can assign a password to NetShield to ensure that only
     authorized users can access network monitoring. The password
     is not case-sensitive, can be up to forty (40) characters
     long, and can be any mix of alphanumeric and punctuation
     characters. The password is encrypted.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Network Security
     Password. Enter the current password, if any, then enter the
     new password. Be sure to write down your new password and
     store it in a secure location.
     
Setting Up the Log File

     NetShield can record the results of network monitoring in a
     log file that you can later use for auditing your system and
     investigating problems. NetShield appends the following
     information in the log file: the date and time of the
     attempt as well as the user, workstation, file, and target
     directory involved.
     
     Here is a sample entry in the log file:
     
          Wed Aug 31 17:09:14 1994
               Attempt to write file XXX.EXE to
               directory SYS:\SYSTEM\
               on server STORM by user SUPERVISOR, ID 1
               From Workstation  0000001C/0000c0cf0400  DENIED!
          
     From the Configure Network Security menu, choose Set Path
     for Log File. NetShield prompts you to specify the log file
     name and path. If the log file has not been configured, the
     default filename is NETSHLD.LOG.
     
     Type the volume, path, and name of the log file you want,
     then press ENTER. Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the log file you want to use.
     
     5.  Highlight the log file you want to use, then press
         ESCAPE. NetShield displays the volume, path, and filename
         you selected.
     
     6.  Press ENTER to accept this filename, or ESCAPE to
         abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, uses the log file you specified. If the file
     does not exist, NetShield creates it automatically.
     
Saving the Current Configuration

     Select this option to save the network monitoring
     configuration file to disk. NetShield prompts you to
     identify the name and path of the configuration file you
     want to save. By default, NetShield uses
     SYS:\SYSTEM\NETSHLD.CFG. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     NOTE: The network monitoring configuration file contains
     information about your network monitoring setup, not about
     your NetShield virus protection configuration.
     
     From the Configure Network Security menu, choose Save
     Current Configuration to a File. NetShield prompts you to
     identify the name and path of the configuration file you
     want to save. By default, NetShield uses
     SYS:\SYSTEM\NETSHLD.CFG. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     Type the volume, path, and name of the network monitoring
     configuration file you want, then press ENTER.
     Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the configuration file you
         want to use.
     
     5.  Highlight the configuration file you want to use, then
         press ESCAPE. NetShield displays the volume, path, and
         filename you selected.
     
     6.  Press ENTER to accept this filename, or ESCAPE to
         abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, writes configuration information to the
     configuration file you specified.
     
Restoring a Configuration from a File

     Select this option to load a network monitoring
     configuration file from disk.
     
     From the Configure Network Security menu, choose Save
     Restore Current Configuration from a File. NetShield prompts
     you to identify the name and path of the configuration file
     you want to save. By default, NetShield uses
     SYS:\SYSTEM\NETSHLD.CFG. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     Type the volume, path, and name of the configuration file
     you want, then press ENTER. Alternatively, to find the file:
     
     1.  Press INSERT to display a list of available volumes.
     
     2.  Highlight the volume you want, then press ENTER.
         NetShield displays a list of directories (directory names
         are enclosed in square brackets).
     
     3.  Highlight the directory you want, then press ENTER.
         NetShield displays a list of subdirectories, files, or both.
     
     4.  If necessary, continue selecting subdirectories until
         you select the one containing the configuration file you
         want to use.
     
     5.  Highlight the configuration file you want to use, then
         press ESCAPE. NetShield displays the volume, path, and
         filename you selected.
     
     6.  Press ENTER to accept this filename, or ESCAPE to
         abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, loads the configuration file you specified and
     uses it for subsequent monitoring.
     
Enabling Network Security

     Select this option to activate or disable NetShield's
     network monitoring feature.
     
     To change the current setting, on the Configure Network
     Monitoring menu, highlight Current Network Security Status,
     press ENTER, then choose <ENABLED> or <DISABLED> from the
     prompt.
     
     
