NVC - Norman Virus Control for OS/2 - READ.ME Version 4.90, 29. December 2000 Welcome to NVC for OS/2! ======================== This Read Me file contains information on last minute changes to NVC for OS/2. All the New Features and the Known Problems of this release are listed here. The file is divided into the following sections: - Before You Install NVC - Installing NVC for OS/2 - New or changed features in this release - Known problems in this release Before you install NVC ====================== The product requires OS/2 Version 2.0 or newer. Note when upgrading from former versions of NVC for OS/2 -------------------------------------------------------- There are no special precautions to take when upgrading this product from v4.30 or newer when using the installation program directly or via CID. For upgrading NVC installed as public applications on OS/2 Warp Server/LAN Server, see the section on "Installing NVCPM as a LAN Server Public application" When upgrading from versions prior to v4.30, select (*) Delete the installed product and re-install as this will allow you to select new components, and update your CONFIG.SYS correctly. Do NOT select (o) Upgrade the currently installed product as this will not add new product components. In case you selected the "upgrade" option, and later want to install the new components, re-run the installation and select "(*) Install additional components". Note when upgrading from other NORMAN products: ----------------------------------------------- Read this if you are installing over an existing NVC for DOS, Windows or OS/2: The product will happily coexist with other NORMAN products if the other products are of v4.30 or newer. When installing over older products, do as follows: Either, to keep the old files: Install in a different directory if you want to keep both the new NVC for OS/2 and the currently installed version. Or, to delete the old files: Delete all files in the existing installation directory [default is C:\NORMAN] manually before continuing this installation. Installing NVC for OS/2 ======================= Run INSTALL.EXE from the first distribution floppy. To remove the product, re-run the INSTALL.EXE from the floppy and select [Delete].. Detailed guidelines for installing to/from LAN Servers, making NVC into a LAN Server public application and more in the "Installation Guidelines" at the end of this document. New or changed features in v4.90 ================================ NVC32/NVCPM: Support for Cats Claw, NVC On-access scanner --------------------------------------------------------- NVCPM/NVC32 is changed to allow to scan and repair files without beeing intervened by the On-access scanner. CC/2 is installed using a separate installation procedure. New or changed features in v4.74 ================================ NVC32/NVCPM: Programs didn't unpack certain ZIP ar ARJ files ------------------------------------------------------------ An error introduced in 4.73 caused both NVC32 and NVCPM to crash when trying to unpack ARJ or ZIP archives with no embedded directory structure. This is now fixed. New or changed features in v4.73 ================================ NVC32/NVCPM: Programs didn't run on certain system configurations ----------------------------------------------------------------- An error introduced in 4.72 caused both NVC32 and NVCPM not to start if executed on systems equipped with one single floppy drive and hard-disks only. The programs didn't fail if executed on systems with a CDROM drive, mapped network drives, or other removable drive types installed. NVC32: New command line parameter /OPD - Once Per Day ----------------------------------------------------- /OPD allows NVC32 to perform a certain scanning task once per day. When the /OPD option is given, NVC32 will look for NVC32.OPD in its WORK directory. (This directory is normally "one-above", i.e C:\NORMAN if NVC32.EXE is run from C:\NORMAN\WIN32, but can be controlled by the /WORK:option.) If NVC32.OPD is found, and it contains valid data, the time stored in the file will be compared to the current time. If the stored time is after last midnight, which means today, and the current command line matches exactly the one stored in the NVC32.OPD file, the scan is _not_ executed. Scanning is performed only if no valid NVC32.OPD is found, the stored timestamp is from yesterday (or older) or the command line doesn't match. After the scan is completed, the current command line and the current time is stored in NVC32.OPD. This means that if a scan is aborted for some reason, the file isn't updated and the scan will be re-launched the next time it is tried. All NVC32 platform implementations are inter-operable and it doesn't matter from where NVC32 is launched (N:\NVC32.EXE will be equal to \\SERVER\NORMAN\NVC32.EXE if N: is mapped as \\SERVER\NORMAN) New or changed features in v4.72 ================================ NVC32/NVCPM: Error corrected: Traversing partitions on large disks ------------------------------------------------------------------ Disks larger than 8.4 GB and partitions larger than 4 GB are now interpreted correctly on systems that doesn't have physical-to-logical CHS translation in the BIOS. The fix is both in NVCPM and NVC32 and in the NSE_OS2.DLL versions >= 4.70.35. Also, out-of-sequence drive letters, an option of the OS/2 Warp Server 4.5 "Aurora" Logical Volume Manager, are now handled correctly. NVCPM: Error corrected: "Error 0x00300002" when running as LAN Server Public application ---------------------------------------------------------------------------------------- When running NVCPM as a LAN Server Application, NVCPM could sometimes either not start scanning for the 2nd time, or abort during scanning showing error Error 0x00300002. This is now fixed. More information about installing NVCPM as a LAN Server Application is found below. NVCPM: Error corrected: Disabling of all options when editing styles -------------------------------------------------------------------- When editing styles, all options except for those on the first page was disabled (greyed out). This error was introduced in 4.60 and is now corrected. NVC32: New command line parameter /HUM - Handle Uncertifed Macros. ------------------------------------------------------------------ Enables handling of files with uncertified macros. The "certifed macros" list, NVCMACRO.CRT must be present in the NSE directory, otherwise NVC32 will abort. This file is normally produced by CatsClaw's Certify Macros command (NVC for Windows). /HUM changes the behaviour of the options /D, /D- and /CL: Option |Normal behaviour |/HUM changes this into --------|-----------------------|----------------------------------------------- /D |Overwrite and delete |Overwrite and delete infected files and |infected files. |files containing uncertified macros. /D- |Delete infected files. |Delete infected files and filed containing | |uncertified macros. /MOV:dir|Move infected files. |Move infected files and files containing | |uncertified macros to a given directory. /CL |Repair infected files. |Repair viruses and remove uncertified macros | |from files in that order. If this fails, | |it will revert to specified /D or /MOV actions. NVC32: New command line parameter /FL - Flush log file ------------------------------------------------------ Using this parameter will force NVC32 to flush all disk buffers for each line written to the temporary log file. Without this option NVC32 utilizes the disk cache of the operating system as other programs. In cases of completely uncontrolled crashes, this might cause loosing the last block of information written to the log file. Note that if NVC32 ends with the text "Internal program error", the program has crashed, but gracefully enough to finish the log file properly. Use this option together with /LF and /LA to ensure complete log file data in situations when NVC32 terminates uncontrollably. The last file name written to the temporary log file will normally be the file causing the crash. The temporary log file is created in the directory pointed out by the environment TEMP or TMP under the name "~NVCxxxx.RPT" where xxxx represents a 4 digit arbitrary hexadecimal number. New or changed features in v4.71 ================================ NVCPM: Bug in rescheduling of overdue events fixed -------------------------------------------------- When rescheduling overdue events, NVCPM could in some situations set the rescheduled time to the (current time + period) instead of (original time + period) when the latter calculated a time in the past. Rescheduled times is now calculated as (original time + (N * period)) where N is the smallest number needed to calculate a time in the future. NVCPM/NVC32: Bug occuring when running multiple instances fixed. ---------------------------------------------------------------- Starting a 2nd instance of NVCPM is not possible, but starting an instance of NVC32 when NVCPM was running, or several instances of NVC32 was not possible. It would always terminate with an error message complaining about "Incompatible NSE version". The failure was introduced in 4.70. It is now corrected. ============================================================================= Chronological list error corrections and "New or Changed features" in older versions than 4.71 is found at the end of READ.ME ============================================================================= BootGuard/2: Gives protection against known and unknown boot sector viruses --------------------------------------------------------------------------- NVC for OS/2 does now include BG/2, an utility for saving, verifying and restoring boot sectors on OS/2 computers. Background ---------- Most boot sector viruses expect to find FAT partiotioned disks, and will in most cases leave the system unusable if your partitions are formatted with the HPFS or HPFS386 file systems. The ability to safekeep, verify and restore boot sectors will normally be an efficient cure in case this happens. BG/2 is ment as a tool for system administrators and technically qualified end users. Used correctly, BG/2 will not harm the integrity of your disks. However, as other software, BG/2 may fail in some very unlikely situations and cause irrepairable damage to the data on your disks. Therefore, NORMAN recommend that you always have proper backup routines for all data that you don't want to loose. And, remember to verify those backups so you know that they contain valid data. Getting started --------------- To get an overview of the functionality, execute the BG2 command without any parameters: BG2 BootGuard/2 will respond with the following: NORMAN Norman Boot Guard for OS/2 v1.00 Usage: BG2 [-v] {-c | -d | -r} Options: -c Compare disk boot sectors to data in file BG2.DAT. -d Dump disk boot sectors to file BG2.DAT. -r Restore disk boot sectors from file BG2.DAT. -v Verbose. Hexdump differences when used with -r or -c. -V More verbose. Hexdump all boot sectors found. Saving boot sectors ------------------- To save the boot sectors of an OS/2 computer, execute the following command: BG2 -d BootGuard/2 will respond with something like: NORMAN Norman Boot Guard for OS/2 v1.00 Partitions and boot sectors found: Physical disk 0: Master Boot Sector. Boot manager SBS. Disk partitions: 0 Drive C, Primary partition, HPFS, OS2TEST 1 Drive D, Logical disk, HPFS, OS2 2 Drive E, Logical disk, HPFS, SWAP 3 Drive F, Logical disk, HPFS, DATA Data saved in file BG2.DAT. BG2.DAT will, in addition to the boot sector data itself, store information about the disk geometry, about where each boot sector is located, and CRCs for all the data. All this information locks the file to this given configuration for this given computer. In case you need to restore the boot sectors, BG/2 will deny to restore data if the disk geometry is changed, if the disk is repartitioned, or if the location of the individual boot sectors are changed. All these vigorous rules will also prevent you from accidentially restore a BG2.DAT from another computer. A humanly readable header identifying the file is also added. To view this information, execute the following command: TYPE BG2.DAT File produced by Norman Boot Guard for OS/2 v1.00 On 27. August 1997 11:20:08 Contains boot sector data for: Physical disk 1: MBS, Boot manager, SBS for Drive C, D, E, F. Keep BG2.DAT in a safe place ---------------------------- Now, copy both BG2.EXE and BG2.DAT to a floppy, or a network drive. Label the floppy with information positively identifying the computer. Keep the floppy on a safe place, for example together with the emergency boot diskettes. If you do not have emergency boot diskettes, this is the time for creating them. To create Emergency boot diskettes, open the "System setup" folder and start "Create Utility Diskettes". Have 3 blank formatted 1.44MB floppies ready. Checking for changes in boot sectors ------------------------------------ Execute the following command to check for changes: BG2 -c BootGuard/2 will respond with something like: NORMAN Norman Boot Guard for OS/2 v1.00 Partitions and boot sectors found: Physical disk 0: Master Boot Sector. Boot manager SBS. Disk partitions: 0 Drive C, Primary partition, HPFS, WARP3 1 Drive D, Logical disk, HPFS, OS2 2 Drive E, Logical disk, HPFS, SWAP 3 Drive F, Logical disk, HPFS, DATA Comparing data... Physical disk 0, Drive C: SBS is different from stored data. * Volume label changed. To get more information about the changes, add the -v option: BG2 -c -v This option will print the differences as a HEX dump of the current boot sector and the stored boot sector. Hex-dumps of all boot sectors, stored and current, will be printed if you use the option -V (capital V) Restoring boot sectors ----------------------- 1. Boot the computer from the emergency start diskettes. 2. Insert the floppy with BG2.EXE and BG2.DAT and execute the following command: BG2 -r BG/2 denies any restore if you have added or deleted partitions since the last dump: BG2: Error restoring boot sectors. The file might be damaged or might belong to another computer. If the file is from this computer, the disks have been repartitioned. In either case, boot sector data cannot be restored. Other changes to the master boot sector of the disk, caused by a boot sector virus or by other means, will make BG/2 respond with something like: Physical disk 0: Master Boot Sector is different from stored data. * Jump address changed. * Boot code changed. Do you want to restore this boot sector (Y/N)? Type Y to continue, anything else to abort. If you typed Y, BG/2 will respond with: WARNING! Restoring a boot sector will overwrite the current boot sector on your hard disk. Do not proceed unless you know exactly what you are doing. Do you want to proceed (Y/N)? Type Y to proceed, anything else to abort. The master boot sector will now be restored. For changed system boot sectors, BG/2 will ask: Physical disk 0, Drive C: SBS is different from stored data. * Other areas changed. Do you want to restore this boot sector (Y/N)? Type Y to continue, anything else to abort. You will be asked to confirm the restore as for the master boot sector. NVCSYS NORMAN Smart Behavior Blocker for DOS -------------------------------------------- Behavior blocking is a process of dynamic code analysis. The sequence of actions in a program are monitored to determine if the actions are consistent with the behavior of viruses. If harmful, the code will not be permitted to actually execute and the user will be notified. Norman's Smart Behavior Blocker is "smart" in terms of using statistical analysis to determine the probabilities that particular behavior sequences are those of a virus rather than those of a user. If you allow the setup program to modify your startup files, then NVC.SYS is already loaded in CONFIG.SYS. However, you may have chosen to make modifications to CONFIG.SYS manually. In this case, you should have a better understanding of the issues regarding loading NVC.SYS in CONFIG.SYS. Please refer to the User's Guide for more information on NVC.SYS. Installation guidelines ======================= How to install NVC for OS/2 from a LAN Server --------------------------------------------- If you have a license to install NVC for OS/2 on several workstations, you can install it without using diskettes. Follow these steps: 1) Create a directory on the LAN server to store the NVC for OS/2 files. For example: MKDIR J:\NvcFiles 2) Copy each NVC for OS/2 diskette into this directory using the XCOPY command. For example: XCOPY A:*.* J:\NvcFiles 3) Install NVC for OS/2 on the local disk by executing INSTALL.EXE in the directory J:\NvcFiles. How to perform an unattended install of NVC for OS/2 ---------------------------------------------------- 1) Perform steps 1 and 2 in the previous section. 2) Install NVC for OS/2 to C:\NORMAN by typing the command. Type the entire command and its parameters on one line: INSTALL /a:i /X /R:J:\NvcFiles\NVCOS2.RSP /l1:X:\LOGPATH\ERRORS.LOG /l2:X:\LOGPATH\HISTORY.LOG The directory X:\LOGPATH for ERRORS.LOG and HISTORY.LOG will be created if they don't exist. Inspect the ERRORS.LOG file for errors. HISTORY.LOG will contain information about files transferred etc. Perform an unattended install of NVC for OS/2 at network login -------------------------------------------------------------- The INSTALL command (as described above) can also be executed from the CMD-file that is executed when the user logs in to the network. If it is to be used like this, a full path to INSTALL.EXE is necessary. As before, the entire command and all its parameters are to be typed on one line: J:\NvcFiles\INSTALL /a:i /X /S:J:\NvcFiles /R:J:\NvcFiles\NVCOS2.RSP /l1:X:\LOGPATH\ERRORS.LOG /l2:X:\LOGPATH\HISTORY.LOG Note the /S:J:\NvcFiles parameter. This is needed for INSTALL when the current directory is undetermined, as it will be when executed from a login CMD-file. Consult your network administrator's guide for details. Unattended update or delete of NVC for OS/2 ------------------------------------------- To update the product, copy all files from the updated distribution diskettes to J:\NvcFiles and execute this command. Type the entire command and its parameters on one line: INSTALL /a:u /X /R:J:\NvcFiles\NVCOS2.RSP /l1:X:\LOGPATH\ERRORS.LOG /l2:X:\LOGPATH\HISTORY.LOG The parameter /a:u tells INSTALL.EXE to update the product. Use /a:d to delete the product. Executing INSTALL /? will display more information about the command line parameters. Using a customized response file for unattended install ------------------------------------------------------- If you want to install to another target directory, update, or delete only a few of the components of NVC for OS/2, the file NVCOS2.RSP must be edited. 1) Deactive the components that you don't want INSTALL to handle. This task is performed by putting an asterisk in the first column of the COMP statements in question. 2) Change the FILE statement from C:\NORMAN to the desired target directory. Then execute INSTALL as described in the previous sections. Using NORMAN N_DIST for unattended install or update of NVC OS/2 ---------------------------------------------------------------- This section describes an alternative method for performing unattended install and update of NVC for OS/2. 1) Create a directory on the LAN Server to store the NVC for OS/2 files. For example: MKDIR J:\NvcFiles 2) Do NOT copy files manually but run the normal INSTALL as described in the start of this chapter. Change the install target directory to J:\NvcFiles 3) Copy the files N_DIST2.EXE and NVCOS2.NXD from the second product floppy to J:\NvcFiles\OS2. 4) Edit the NVCOS2.NXD to suit your needs. The only lines that need editing are shown below: // Set source directory on the file server set $Source='J:\NvcFiles' // Set target directory on the workstation set $Target='F:\NORMAN' // Set path to the OS2 install directory on the target workstation: set $Os2Path='C:\OS2' // Select components to transfer set $Inst_Os2PM = 'Yes' set $Inst_Os2VirBook = 'Yes' set $Inst_Os2CmdLine = 'Yes' set $Inst_ReadMe = 'Yes' set $Inst_BootGuard = 'Yes' set $Inst_NvcSys = 'Yes' 5) Save the file and execute the command: J:\NvcFiles\OS2\N_DIST2 J:\NvcFiles\OS2\NVCOS2.NXD Installing NVCPM as a LAN Server Public application --------------------------------------------------- The following section describes how to use the LAN Server "Network Applications" feature for distributing NVC for OS/2 over the network. See the IBM provided manual "OS/2 Warp Server", chapter 19, "Working with Network Applications" for general information. 1. Install NVC for OS/2 to a local drive on the server (i.e., F:\NORMAN) using the normal installation procedure. Do not install on a shared (network) drive if you want to use NVC on the server without being logged in. 2. Share the directory F:\NORMAN as NORMAN. Make sure that all users have access rights set to RX only for NORMAN. Also make sure that the access rights are applied to the underlying directory structures. This can be done by using the "LAN Server Administration" program or by selecting "Start Sharing" and "Manage Access" on the object menu of the Norman folder. Do not try to share the "Norman Virus Control" folder! 3. Start the "LAN Server Administration" program. Open the "Public Application Definitions" folder. Drag off a "OS/2 Template" to create an OS/2 public application. Change the settings to the following: Identity: NVCOS2 Description: NVC for OS/2 Invocation: Command: NVCPM.EXE Parameters: /WORK:C:\NORMAN /INI:C:\NORMAN /NSEPATH:\\Server\NORMAN\NSE Program location: Location: (*) On server Alias: NORMAN Remaining path to program: \OS2 Assigned drive: (*) None Work directory Location: (*) None Program mode (*) OS/2 PM If you are unsure whether the environment TEMP or TMP exists on the workstations, add /TEMP:C:\NORMAN to the end of the "Parameters:" settings. /NSEPATH:\\Server\NORMAN\NSE controls where the NVCPM will find the NSE_OS2.DLL and the DEF-files. Replace Server with the name of the actual server. If the share NORMAN is mapped as a drive letter, for example N: for all clients, you may replace \\Server\NORMAN\NSE with N:\NSE. See also item #6 below. Do not change any other settings. 4. For each user that is going to use NVC, do as follows: Still using the "LAN Server Administration" program, open the "User Accounts" folder. Open the settings for the desired user(s). Select the "Applications" page and then [Add] to add public applications. Select NVCOS2 from the list, then select [Add]. Select [Set] to save and close. 5. Make sure that the directory C:\NORMAN exists on each workstation where NVC is going to be used. NVC will start but give an error message when the user tries to change the Scanning options. NVC will not start if /TEMP:C:\NORMAN is given and no C:\NORMAN exists. Another way to do this is to let the /INI: /WORK: and /TEMP: point to a location known to exist, such as C:\OS2\APPS. 6. From v4.50, the scanner engine is separated from the NVCPM.EXE file as NSE_OS2.DLL. I this example, this DLL will be in F:\NORMAN\NSE, but can reside elsewhere due to usage in 3rd party products, such as NovaStor NovaBack. The DEF-files, NVCBIN.DEF and NVCMACRO.DEF reside in the same directory as the DLL. NVCPM (and NVC32) must be told where to find the DLL and the DEF files. A OS2SYS.INI key is used for this purpose: Application: "Norman Data Defense Systems" Key name : "NsePath" The key value should point where the DLL and DEF-files are installed. INSTALL.EXE used for "ordinary" installs and CID installs creates this key automatically. For network application installs, this key must be created manually, or by a REXX script executed from PROFILE.CMD: /* Set NsePath */ call rxfuncadd sysloadfuncs, rexxutil, sysloadfuncs call sysloadfuncs call SysIni 'SYSTEM','Norman Data Defense Systems','NsePath', 'F:\NORMAN\NSE' NOTICE! Using /NSEPATH:\\Server\NORMAN\NSE on the command line for the shared NVCPM will set the OS2SYS.INI key on the Workstations automatically. NVC for OS/2 will be present in the "Network Applications" folder on each user's workstation when the user logs on the next time. New or changed features in v4.70 ================================ NSE: The Norman Scanner Engine ------------------------------ The scanning engine has been changed to include new functionality. As of this version the engine can remove boot sector viruses. In previous versions the scanning engine has detected these viruses, but for cleaning them we used the DOS-based program NVCLEAN. This program is now removed from all NVC platforms. We consider this improvement important with regard to user friendliness, because all viruses are detected and handled (repaired, moved, deleted) from the same dialog(s). You can remove boot sector viruses from the Windows scanners as well as from the DOS command line scanner. NSE has increased significantly in size due to the built in 32 bits emulator and 32 bits heuristics. Detecting unknown Word 6/7 macro viruses: The 32-bit scanner can detect and remove unknown macro viruses using heuristic methods. When the scanner detects an unknown Word 6/7 macro virus, the virus name will be reported as UNKNOWN. If the 'Repair file if possible' option is ON, all macros in the document are removed. Through internal testing it has been established that the detection rate for unknown macro viruses is about 80%. Please feel free to send UNKNOWN macro viruses to Norman for further analysis. Scanning: All files are scanned per default. When you scan a directory, floppy, or hard drive, all files will be scanned, dependeless of file extensions. Use the NVC32 option /AF- or uncheck "[x] Scan all files" to reduce the number of files scanned to files of following extensions: *.APP *.COM *.DOT *.OVL *.SCR *.VBX *.WIZ *.XLM *.BAT *.CPL *.DRV *.OVR *.SMM *.VOM *.XLA *.XLP *.BIN *.DLL *.EXE *.PPN *.SYS *.VXD *.XLB *.XLS *.BOO *.DOC *.FON *.PPT *.VBS *.VXE *.XLC *.XTP *.386 *.ATT *.WBK *.CSC *.GMS Why 'Repair file if possible' is not ON by default Even though we believe automatic repair provides the best protection, we cannot set this option ON by default. The reason is that legislation in some countries prohibits changes to data files without the user's explicit consent. However, unless you have good reasons for not doing so, we recommend that you turn this option on. (Options|Scanning options) NCFTE: Editor for NVC32.CFG --------------------------- A command line utility to set security options is provided in the admin installation. The utility is named NCFTE.EXE. NVCLEAN: No longer part of the product -------------------------------------- NVCLEAN will be deleted from the x:\NORMAN\DOS directory during installation of NVC v4.70. All repair is no done by the Windows and command line scanners. (All platforms.) NVC32/NVCPM: All files are scanned per default. ----------------------------------------------- When you scan a directory, floppy, or hard drive, all files will be scanned by default, dependeless of file extensions. Use the NVC32 option /AF- or uncheck the NVCPM option "[x] Scan all files" to reduce the number of files scanned to files of following extensions: *.APP *.COM *.DOT *.OVL *.SCR *.VBX *.WIZ *.XLM *.BAT *.CPL *.DRV *.OVR *.SMM *.VOM *.XLA *.XLP *.BIN *.DLL *.EXE *.PPN *.SYS *.VXD *.XLB *.XLS *.BOO *.DOC *.FON *.PPT *.VBS *.VXE *.XLC *.XTP *.386 *.ATT *.WBK *.CSC *.GMS The list of file extensions is defined by the DEF-files, and may be changed and/or prolonged when updating the scanner engine. NVC32/NVCPM: Boot Sector Virus Repair ------------------------------------- All ItW boot sector viruses encountered on floppy disks, as well as hard disks will be indentified and removed. There is normally no need for a reboot after cleaning a hard disk. A boot sector restore diskette may be created when cleaning a hard disk. NVC32/NVCPM/BG2: FAT32 partitions recognized -------------------------------------------- FAT32 partitions created by Win95 OSR2 or Win98 and other partition types unknown to OS/2 are now handled correctly by NVC32, NVCPM and BG2 v1.10. NVCPM: New file; OFFICES.TXT ---------------------------- This file contains the names and addresses for all NORMAN offices worldwide. The contents of this file is displayed in the "Help/Product information/Norman" dialog. New or changed features in v4.60 ================================ NVC32: New NVC configuration file NVC32.CFG ------------------------------------------- The old configuration file NVC.CFG is replaced by the more versatile NVC32.CFG which contain the same license information as the NVC.CFG as well as new set of security options in a separate section. The new configuration concept consists actually of two files, containing a central and a local copy of the configuration data. This allows for distributing configuration data in the network by replicating sections from the central copy to the local copy either when the central copy is updated or when the requested section does not exist in the local copy. NVC32: New 32-bit command line scanner -------------------------------------- A new 32-bit command line scanner (NVC32.EXE, NMSG.DLL, NLOGTXT.DLL, NLOGSNMP.DLL, NLOG.DLL) replaces the 16-bit NVC.EXE found in previous versions. The command line interface is compatible with the old product with the following exceptions: Command line options not implemented: /U:n -- When an infection is found, wait a number n seconds before continuing. /E:ext -- Not implemented. NVC32 will scan all file extensions provided by NSE. /LC -- Show licence and NSE informantion. New command line options: /V -- Verbose mode. Display all file names while scanning. /TEMP:dir -- Override environment TMP or TEMP, i.e. where temporary files are created. If no /TEMP: given, and environment TMP or TEMP found, NVC32 will create a temporary directory relative to where NSE is installed. I.e if NSE is installed in C:\NORMAN\NSE, the default temporary directory will be C:\NORMAN\TEMP. /NVCCFG:dir -- Override environment NVCCFG, i.e. where the program looks for the configuration file NVC32.CFG. This file is mandatory for the program. If no NVCCFG environment is defined, NVC32 will look for NVC32.CFG one directory level above it is executing. I.e. if NVC32 is running in C:\NORMAN\OS2, it will look for NVC32.CFG in C:\NORMAN. If not found there, it will take a second look in the same directory as it is executing, i.e C:\NORMAN\OS2. /NVCADMCFG:dir -- Override environment NVCADMCFG, i.e. where the program looks for the central configuration file NVCADM32.CFG. This file is not mandatory, unless the local configuration data NVC32.CFG does not exist. If no NVCCFG environment or option is defined, NVC32 will look for NVCADM32.CFG one directory level above where it is executing. I.e. if NVC32 is running in C:\NORMAN\OS2, it will look for NVCADM32.CFG in C:\NORMAN. /WORK:dir -- Control where the report file by default is placed. If no /WORK: is given NVC32 will place the report file one directory level above where it is executing. Command line options that have been changed: /MOV:dir -- Controls where infected files should be moved. If no /MOV: is given the INFECTED directory will be located relative to the NSE; if the NSE is installed in C:\NORMAN\NSE, the infected directory will be C:\NORMAN\INFECTED. NVC32 utilizes the new configuration files NVC32.CFG/NVCADM32.CFG. NVCPM: Updated to use NVC32.CFG/NVCADM32.CFG. --------------------------------------------- NVCPM utilizes the new configuration files NVC32.CFG/NVCADM32.CFG. New command line options: /NVCCFG:dir -- Override environment NVCCFG, i.e. where the program looks for the configuration file NVC32.CFG. This file is mandatory for the program. If no NVCCFG environment is defined, NVCPM will look for NVC32.CFG one directory level above where it is executing. I.e. if NVCPM is running in C:\NORMAN\OS2, it will look for NVC32.CFG in C:\NORMAN. /NVCADMCFG:dir -- Override environment NVCADMCFG, i.e. where the program looks for the central configuration file NVCADM32.CFG. This file is not mandatory, unless the local configuration data NVC32.CFG does not exist. If no NVCCFG environment or option is defined, NVCPM will look for NVCADM32.CFG one directory level above where it is executing. I.e. if NVCPM is running in C:\NORMAN\OS2, it will look for NVC32.CFG in C:\NORMAN. Changed command line options: /TEMP:dir -- Override environment TMP or TEMP, i.e. where temporary files are created. If no /TEMP: given, and environment TMP or TEMP found, NVC32 will create a temporary directory relative to where NSE is installed. I.e if NSE is installed in C:\NORMAN\NSE, the default temporary directory will be C:\NORMAN\TEMP. /WORK:dir -- Control where the report file by default is placed. If no /WORK: is given NVCPM will place the report file one directory level above where it is executing. /MOV:dir -- Controls where infected files should be moved. If no /MOV: is given the INFECTED directory will be located relative to the NSE; if the NSE is installed in C:\NORMAN\NSE, the infected directory will be C:\NORMAN\INFECTED. Scanner Options (GUI) cal also be used to control where infected files should be moved. New or changed features in v4.50 ================================ NVCPM: Scanning engine as NSE_OS2.DLL, DEF-files replaced --------------------------------------------------------- From v4.50, the scanner engine is separated from the NVCPM.EXE file as NSE_OS2.DLL. This DLL is normally installed in x:\NORMAN\NSE, but can reside elsewhere due to usage in 3rd party products, such as NovaStor NovaBack. The DEF-files, NVCBIN.DEF and NVCMACRO.DEF reside in the same directory as the DLL. NVCPM uses a OS2SYS.INI key to locate the DLL and the DEF files. INSTALL.EXE used for "ordinary" installs and CID installs creates this key automatically. See above for more information on installations using the "Network application" feature of Warp Server. The N_DIST2 script NVSOS2.NXD, is changed due to this. NVCPM: Select directories and files command changed --------------------------------------------------- The "Select directories and files" command does now remember the selected directory when invoked repeatedly. New or changed features in v4.35 ================================ NVC/NVCPM: Scanning engine -------------------------- The scanner can detect as well as remove all macro viruses known to NVC, including macro viruses in Office 97. The scanner will only take action on exact identification of a virus. Therefore, macro virus remnants are not touched. Such remnants can cause no harm, and will also trigger false alarms. The scanning engine's internal routines are changed to improve the handling of polymorphic viruses. NVC/NVCPM: Configuration and definition files --------------------------------------------- The scanner is now supplied with two virus definition files. The previous NVC.DEF (version 4.20 and earlier) has been replaced by the following files: NVCBIN.DEF NVCMACRO.DEF The definition files requires NVC v4.30 or above. The definition files are frequently updated with new virus signatures and are available for downloading from our WEB site: http://www.norman.no/download.htm Downloads are only available for customers with a maintenance agreement. NVCPM: Check for media ---------------------- Click on the background in the main window to check for media in all diskette, CD and other removable drives. NVC/NVCPM: Added support for new file format of TCP_IP.CFG ---------------------------------------------------------- A change has been made to the SNMP extension, so that machine names of up to 50 characters may be specified in the 'SYSTEMS.TXT' file. Users of PC-NFS or LAN Workplace should continue using the old format. Users who has no use for long machine names do not have to recompile their 'SYSTEMS.TXT' files. Both NVC and NVCPM does support the new file format of the TCP_IP.CFG file as well as the the old format. NVC/NVCPM: Log file format changed ---------------------------------- The dates in the summary section of the log file is now on the following format: YYYY/MM/DD HH:MM:SS NVCLEAN: Changes to NVCLEAN --------------------------- NVCLEAN now supports boot virus cleaning for FAT32 (OSR2 under Windows 95). After a cleaning operation, NVCLEAN will quit without changing any files. NVCLEAN does not support macro virus removal any more. N_DIST: Changes and bug fixes ----------------------------- New predefined variable The predefined variable "$Startpath" has been added. This contains the path to the location from where N_Dist was started. Changed 'Run' command The "Run" command now detects 16-bit Windows applications and executes them via "NRMWINST", even when N_Dist is run in a DOS session prior to Windows startup. Bugs fixed "Setini" had a bug which sometimes resulted in section names being erroneously recognized. The most often encountered result of this was partial inserts in the "Load=" entry in the win.ini file. Added more dynamic memory handling with regards to variables. Large variables added together would sometimes result in trap situations because of buffer overflows. This has been significantly improved. "Insert end" inserted lines after a Ctrl-Z (eof) character in a file. The "Run" command will now resolve variable arguments correctly. New or changed features in v4.30 ================================ New components added -------------------- The modules NVCSYS, Smart Behaviour Blocker for DOS and BootGuard/2 have been added to the product. See below for details. NVC/NVCPM: New file extensions added ------------------------------------ The following extensions have been added: .FON .CPL .SCR. Thus, when you scan a directory, floppy, or hard drive, files with the following extensions are automatically scanned: .EXE .DLL .386 .XLS .COM .APP .XTP .XLC .SYS .VBX .DRV .XLM .OVL .BIN .DOC .FON .OVR .BAT .DOT .CPL .SCR NVCPM bug fix: Command option /MOV: ----------------------------------- The command line option /MOV: does now work as intended. The given path must exist. NVCPM Style Editor. Change on Style/Areas page: ----------------------------------------------- NVCPM does not any longer check if the specified path exists, when specifying a path for scanning: [x] Path : [C:\OS2 ] This allows you to make styles on one computer for usage on other computers. Also, more than one path can now be specified, divided by semicolons, as shown here: [x] Path : [C:\OS2;C:\Data;D:\Data ] NVCPM will check for viruses in C:\OS2, then C:\Data, and then D:\Data. Attempts on checking nonexisting paths will be logged in the report file. NVC/NVCPM bug fix: [x] Look for EXE header ------------------------------------------ Does now work as intended, both products does now follow this algorithm when scanning for viruses: 1. Find the next file in the directory 2. Is it one of the default file extensions? If so, scan the file. 3. Is if one of the user specified file extensions? If so, scan the file. 4. If "Look for EXE header" enabled, check if the file starts with an EXE header. If so, scan the file. 5. Is the option "Scan all files" set? If so, scan the file. 6. Go to 1 New or changed features in v4.20 ================================ Embedded repair of infected document files ------------------------------------------ NVCPM v4.20 does now have the capability to repair infected OLE2 document files produced by Microsoft Word 6, Word 7 and Excel 5. For automatic repair, enter the Scanning options settings and enable "[x] Repair files when possible". Whenever the repair fails, NVCPM will revert to the "When repair fails" actions. For manual repair, make sure that the "[ ] Repair .." is clear. When an infected document file is found, select the file in the "Infected areas" and select [Repair file]. New or changed features in v4.10 ================================ Unpacking nested archive files ------------------------------ NVCPM v4.00 failed to unpack archive files that contain an archive file with exactly the same name. That is, if TEST.ZIP was nested within TEST.ZIP, it wasn't unpacked correctly by v4.00. This is now fixed. View report blocked completion of new report file ------------------------------------------------- If you use the [View report] option when a new scan started, the report file isn't correctly completed. To prevent this problem, v4.10 closes down the E.EXE as started by the [View report] when the scanning is started. However, if you have opened the report file in some other way and not closed it, the problem still exists, as NVCPM is not allowed to write to the opened file. Unpacking encrypted .ZIP archive files -------------------------------------- Unpacking encrypted (i.e., password protected) .ZIP archives does not work. The background process running UNZIP.EXE will stop and ask for a password when an encrypted .ZIP file is encountered. NVCPM will now detect this situation and shut down UNZIP.EXE after 30 seconds. These incidents will be logged in the report file. Drag & Drop of files & folders ------------------------------ File and folder objects can now be dropped on the NVCPM main window or minimized icon for scanning. NVCPM does not accept drive objects, shadowed file or shadowed folder objects. Timed update of "Scanning for viruses" dialog --------------------------------------------- The "Scanning for viruses" dialog will now be updated every 2nd second, and when starting on a new directory. In v4.00, it was updated only when starting on a new directory, making NVCPM look "frozen" when scanning large directories on slow media, such as CD-ROMs. New NVCPM command line options ------------------------------ 1. /INI: Use this command to override or replace the environment NVCINI. Specify the path to NVC.INI only as in the following example: NVCPM.EXE /INI:C:\NORMAN NVCPM will now look for NVC.INI in C:\NORMAN and not in its startup directory. The startup directory is the directory from which NVCPM.EXE is started. The specified directory must exist. See also "Installing NVCPM as a LAN Server Public application" above. 2. /WORK: Use this option to control where, by default, NVCPM stores its report file and to set the parent of the INFECTED directory. The specified directory must exist. The specified directory will be used when the NORMAL style is created, and when the [Defaults] button is selected to restore the scanning options to its default values. Without /WORK, NVCPM will use its startup directory to store the report file, and go one level up (from the startup directory) to create the INFECTED directory. 3. /TEMP: Use this command to override or replace the environment TEMP or TMP. Specify the path to temporary files only as in the following example: NVCPM.EXE /TEMP:C:\NORMAN NVCPM will now put temporary files in C:\NORMAN\TEMP. The directory C:\NORMAN must exist. Normally NVCPM uses the path pointed out by the environments TEMP or TMP for temporary files. It will resort to its startup directory if no environments are defined. See also "Installing NVCPM as a LAN Server Public application" above. New or changed features in v4.00 ================================ Scanning pre-defined file extensions ------------------------------------- When you scan a directory, floppy, or hard drive, files with the following extensions are automatically scanned: .EXE .DLL .386 .XLS .COM .APP .XTP .XLC .SYS .VBX .DRV .XLM .OVL .BIN .DOC .OVR .BAT .DOT Scanning archive files, pre-defined file extensions --------------------------------------------------- If you specify "[x] Scan archive files" in the tabbed dialog "Scanning" (Options|Scanning options), archive files with the following extensions are automatically scanned: .ARJ Using internal unpacker. .ZIP Using internal unpacker. .LZH Using lh32.exe .ZOO Using zoo.exe The archive file extensions and the programs used to unpack are totally user configurable. Using customized icons ---------------------- If you have used '/STM' in a customized icon, NVCPM will recognize it as '/ST:'. Refer to the section "Specifying a Style on the Command Line" in the NVC for OS/2 User's Guide. Scanning boot records --------------------- NVCPM can scan all boot records found, including Boot Manager and Dual Boot. NVC for OS/2 command line scans all partitions on the first physical drive. Removing boot viruses from diskettes ------------------------------------ Removing boot viruses from diskettes is as simple as running NVCLEAN against the diskette. In order to prevent future re-infections, NVCLEAN will insert its special anti-boot-virus boot record on diskettes that it cleans. This is not a blind replacement, for NVCLEAN's "boot engine" determines the diskette type and capacity so that it can put in the relevant BIOS parameter block. Note: The BIOS parameter block is a part of the boot record. It tells DOS about the configuration of a disk such as the number of physical sectors, reserved sectors, etc. Putting the wrong information into the boot record can cause the data on the disk to appear as rubbish although the data are still intact. For this trick, NVCLEAN only recognizes the standard capacity media supported by DOS FORMAT: 160 KB, 180 KB, 320 KB, 360 KB, 720 KB, 1.2 MB, 1.44 MB, and 2.88 MB. Note: If your floppy's capacity is not one of these, do not let NVCLEAN repair the infected boot record as it could corrupt the diskette. If there is no boot virus in memory, putting a diskette with the special boot record in A: and then rebooting results in booting from the hard drive rather than A: IPX communications ------------------ Netware Client v2.12 for OS/2 must be installed in order to send IPX messages to FireBreak v3.60 and newer. If you don't have this version of the client software, it can be downloaded via anonymous FTP from from Novell (free of charge): ftp://ftp.novell.com/pub/update/nwos. NVCPM will send messages to all versions of FireBreak via IPX, but only FireBreak v3.60 and newer will accept them. Known problems in this release ============================== 1. Problems recovering the NVCPM window after a scheduled scan On some systems, when a scheduled scan is started when NVCPM is hidden or minimized, you may encounter problems when trying to restore the NVCPM window after the scan has been finished. Workaround #1 Use a specialized style for the scheduled scanning. Turn off the check mark in "[ ] No scanning dialog box". Make sure that reporting is on, and use the menu command View|Report to view the report when the scheduled scanning has been finished. Workaround #2 Type Ctrl+Esc to open the process list. Open the object menu on the NVCPM entry, and select "Tile" or "Cascade". This will restore NVCPM on the desktop, but you will need to resize the window afterwards. 2. Intermittent problems when starting NVCPM on OS/2 2.10 At intermittent times, NVCPM refuses to start on OS/2 v2.10. This situation is caused by a memory overwrite problem in OS/2 PM when creating the logging thread. The problem does not exist on OS/2 2.0, 2.11, Warp3 or Warp4.