![]() |
![]() |
![]() |
![]() |
![]() |
||
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() |
![]() README FIRST! Command AntiVirus for Windows (CSAV)
README FIRST! Command AntiVirus for Windows (CSAV) Command Software is proud to introduce Command AntiVirus Version 4.59 with our HoloCheck(tm) scanning technology. Our HoloCheck scanning technology detects tens of thousands of viruses and includes improved polymorphic virus detection. NOTE: After installing Command AntiVirus, we recommend that you perform a manual scan of your local drives to ensure that your system is virus-free. This is especially important if you have not been running anti-virus software prior to this installation. For a list of international distributors of Command AntiVirus, see the DISTRIB.TXT file. The file called FILEINFO.TXT is a list of file descriptions and files that have changed since the previous release. Please read the Multi-Platform Quick Start Guide that is included with the installation files. It provides installation instructions and an overview of Command AntiVirus for all platforms. The MQCKST.PDF file contains the Multi-Platform Quick Start Guide. This file can be read with the Adobe(r) Acrobat(r) Reader that is included on the Command AntiVirus CD. For instructions on how to install Acrobat Reader, see the README.TXT file that is located in the ADOBE folder on the CD. Acrobat Reader is not included with the downloadable versions of Command AntiVirus. You can download Acrobat Reader from Adobe Systems Incorporated through our web site at http://www.commandcom.com/html/tc/tc-viewutil.html. A Release Notes section is provided for each release. It contains the following topics: * Special Notes - contains important pre- and post-installation information that pertains to the release. * Product Enhancements - contains information about new virus signatures, scan engine improvements, and new features. * Fixes - contains updated information on previously reported problems that have been fixed. ________________________________________________________ RELEASE NOTES Notes on Command AntiVirus for Windows (CSAV) Version 4.59 05/30/00 SPECIAL NOTES * None for this release. PRODUCT ENHANCEMENTS * New virus signatures have been added in this release. * The following improvements have been made to the scan engine: - Improved HTML and ASCII scanning. - CSAV now detects W95/Bolzano family viruses. - Scanning of the following is now supported: - TAR archives - RAR archives - LHA archives - CAB archives (partially supported) - GNU GZIP (.GZ files) - Self-extracting RAR files - Self-extracting LHA files FIXES * Some users reported a problem with some documents falsely being reported as "could be misdisinfected virus." This has been fixed. ________ RELEASE NOTES Notes on Command AntiVirus for Windows (CSAV) version 4.58.3 12/29/99 PRODUCT ENHANCEMENTS Scan engine enhancements have been added to this component release. FIXES Performance issues were reported in relation to the default scanning of self-extracting files in Command AntiVirus 4.58. In CSAV 4.58.3, self-extracting files are no longer scanned by default. However, Dynamic Virus Protection (DVP) scans the contents of the self-extracting file when the files are extracted. In addition, the .EXE portion of the self-extracting file is scanned by default. NOTE: To scan the contents of self-extracting files in zipped form, we recommend that you perform an on-demand or scheduled scan of Packed Files during off-peak hours. To scan self-extracting and packed files select the Packed Files check box in the Targets to Scan dialog box. SPECIAL NOTES None for this release. ________ Notes on Command AntiVirus for Windows (CSAV) version 4.58.0 12/06/99 PRODUCT ENHANCEMENTS New virus signatures have been added in this release. This includes signatures for detecting more than 200 new trojans. The following improvements have been made to the scan engine: - CSAV now detects malicious or destructive Java code (Java Trojans). - The handling of script viruses is improved. This includes VBScript viruses and ASCII-based viruses. - CSAV now scans file attachments in Rich Text Format (.RTF) files. In the Command AntiVirus GUI, select the "Zip Files" option in the "Properties" dialog box. If scanning from the command line, use the /ARCHIVE switch. - CSAV now disinfects Office 2000 signed documents. - Scanning of the following is now supported: - OLE1 embedding (embedded files in WordPad and Microsoft Word 6) - WordPerfect 2000 (.WPD) files - Lotus worksheets (.WKS) files - LX (OS/2) files as well as the detection of all OS/2 viruses. - Some boot sector related disinfection problems have been fixed. The most notable fixes involve disinfecting the Urkel and the Frankenstein viruses. - PowerPoint scanning is improved. The disinfection process is revised. However, the disinfection of objects embedded in PowerPoint documents is still not possible. - CSAV features improved scanning in Windows 32-bit programs resulting in higher rates of detection and fewer false positives. - Memory scanning is improved. - Disinfection of infected .VBS files by deletion is now supported. CSAV now uses a new installation process. The dialog boxes that appear throughout the installation will be different than in previous versions of the CSAV. If you need help with the new installation process, see the "CSAV for Windows" chapter in the Multi-Platform Quick Start Guide. In the [Setup] section of the SETUP.INI file, if SILENT= is set to NO (the default), a normal interactive installation takes place. If it is set to YES, the installation will still display dialog boxes as well as the installation progress bar. However, the installation will not require any user interaction. Completely silent installations are now possible through the automatic update process. To enable silent installations, locate the [Automatic Update] section in the SETUP.INI file. In that section, change the COMMAND= line to COMMAND=-S and save your changes. The following file types are now hard-coded into CSAV's virus scans and are scanned by default: EXE, COM, SYS, VXD, DLL, DRV, SCR, 386, OV?, CPL, FON, TSK, ACM, ACV, TLB, TSP, OCX, VBX, VOM, VXE, OBJ, SHS, SMM, HLP, CLA, XL?, DOC, DOT, MDB, RTF, MPP, MPT, PPA, PPS, PPT, POT, WBK, PWZ, MSO, OBD, OBT, OBZ, OFT, MSG, EML, TD0, BAT, BTM, INI, INF, HT?, VBS, GMS, CSC, WPD, WK?, DVB, WBT, and CDR These file types are displayed in the Files to Scan dialog box and they cannot be deleted. You can exclude any file type from scans by entering its extension into the Files to Exclude dialog box. Although the extension still appears in the Files to Scan dialog box, files with that extension will not be scanned. NOTE: You can now add up to 20 user-defined file types in CSAV's Files to Scan dialog box. A new virus definition file, SIGN2.DEF, is now included with Command AntiVirus. This file provides virus signatures for a variety of scripting viruses and trojans. The retrieval of downloaded CSAV files through the automatic update process has been enhanced. If the BaseDir key in the CSSFILES.INI file already exists, CSAV will attempt to use the directory path that is specified. However, if the BaseDir key does not exist, CSAV will no longer create one. If the subdirectory specified by the BaseDir key in the previous CSSFILES.INI file exists, the files are deployed to that location. If it does not exist, CSAV creates and uses the following hard-coded platform-based directories: CSAV for Windows(r) NT(r) Server 3.51 0000 CSAV for Windows NT Workstation 3.51 0100 CSAV for Windows NT Server 4.0 0200 CSAV for Windows NT Workstation 4.0 0300 CSAV for Windows 3x 0400 CSAV for Windows 95 0500 The following is an example of the path names to the automatic update directory and its program-generated subdirectories for a full-product update of CSAV for Windows 3x: \\SERVER\SHARE\UPDATE\0400\CSS43E.2 FIXES The automatic update feature now updates the CSSFTP.EXE and F-AGENT.EXE files. Some command line scans using the /TODAY switch would not scan on the first boot of the following day. This was caused by CSAV's use of Greenwich Mean Time rather than local time. This has been fixed. SPECIAL NOTES The self-extracting file called SE_EICAR.EXE is no longer included with the installation files. You can download this file from our web site at: http://www.commandcom.com/html/utils.html When you run this file, a test file, EICAR.COM (from European Institute for Computer Anti-Virus Research), is extracted from it. ____________ Notes on Command AntiVirus for Windows (CSAV) version 4.57.1 09/13/99 PRODUCT ENHANCEMENTS New virus signatures have been added in this release. This includes the ability to detect and disinfect the Monopoly virus. A new file, NOMACRO.DEF, has been added to the installation files. This file is used in the creation of the Command AntiVirus rescue disks. NOMACRO.DEF will be updated when you download new virus definition files. FIXES Scan engine General Protection Faults that occurred when CSAV disinfected user macros have been fixed. Modifications have been made to the code behavior monitoring process to correct the occurrences of false positives. SPECIAL NOTES Command AntiVirus now uses certain functions provided by Microsoft OLE. As a result, CSAV now installs only if your system is using OLE. If the CSAV installation process determines that your system requires OLE, you are presented with the OLE 2.03 Setup Program dialog box. You MUST click the "Continue" button in that dialog box to complete CSAV's installation successfully. If your system already has all the necessary Microsoft components, you will not be prompted by CSAV to install OLE. Due to the size of the virus definition files, it is no longer possible to perform a pre-installation scan from Command AntiVirus Installation Disk #2. After installing Command AntiVirus, we recommend that you perform a manual scan of your local drives to ensure that your system is virus-free. The Command AntiVirus rescue disk process now involves two phases. The first phase focuses on recovery by detecting and removing any executable, boot sector, and MBR-infecting viruses that inhibit or prevent system startup. After successful recovery, the second phase focuses on scanning and disinfecting all remaining virus-infected files, for example, macro virus-infected files. To assure a successful rescue, you MUST perform both phases. To perform Phase One: 1. Turn off your computer for at least 15 seconds. 2. Place a virus-free, write-protected boot disk into drive A and reboot your computer. NOTE: If you are prompted to enter a new date and a new time, press ENTER for each one. 3. Replace the boot disk with CSAV Rescue Disk 1. 4. At the A prompt, type the following and press ENTER: f-prot /hard /disinf If any viruses are detected, allow CSAV to disinfect them. 5. Proceed to Phase Two. To perform Phase Two: 1. Remove CSAV Rescue Disk 1 from drive A. 2. Reboot your computer as normal. 3. Use Command AntiVirus to perform a scan of your local hard drives. This scan detects and disinfects any remaining virus-infected files on your computer. After completing the Phase Two scan, you can return to computing as normal. ______ Notes on Command AntiVirus for Windows (CSAV) version 4.57 07/12/99 PRODUCT ENHANCEMENTS New virus signatures have been added in this release. Command AntiVirus now includes expanded protection for the following: A. CorelDraw -- The newly discovered CorelDraw virus is now detected. The .CSC CorelDraw-related extension is now scanned by default. B. MacOffice -- Viruses in MacOffice documents can be detected and disinfected. However, as the Macintosh(tm) operating system is not directly supported by Command AntiVirus, detection is possible only when the infected Macintosh Office documents are scanned in a DOS or Windows-based environment. For example, if you have a floppy disk with infected MacOffice documents on it, you can disinfect these documents by using CSAV to scan the floppy disk. C. Microsoft Office 97 -- The .MPT, .WBK and .MSO extensions are now scanned by default. D. Office 2000 -- The heuristics scan engine has been modified so that it now detects some native Office 2000 viruses. E. PowerPoint 97 -- PowerPoint 97 viruses are now detected and disinfected. The .PP?, .POT, and .PWZ PowerPoint 97 file types are now scanned by default. An additional generic virus detector has been added. This detector allows Command AntiVirus to detect approximately 14,000 more "generic viruses." This brings the total number of viruses detected by Command AntiVirus to just over 39,500. The CSAV scanners have been optimized to provide better protection against "New Executable" file viruses and VxD viruses. Improvements have also been made to reduce the occurrence of false positives. If you open an infected Microsoft Office 97 document in Microsoft Office 2000, our HoloCheck scan engine will detect the infection. Documents converted to Office 2000 format from Office 97 format can be disinfected. Currently, disinfecting an Office 2000 document consists of removing all macros from the document. Installations (including silent installations) no longer display the CSAV splash screen. The Virus Information list is now generated from the CSAV definition files on your system. This allows you to view the names of all computer viruses that are handled by Command AntiVirus. To always have the latest Virus Information list, be sure to keep your definition files up-to-date. The About CSAV for Windows item in the Help menu now displays the release dates of the MACRO.DEF and SIGN.DEF virus definition files. This information also appears in the report window that displays when you start a virus scan. Files that do not have a file name extension are now scanned by default. FIXES None for this release. SPECIAL NOTES None for this release. ____ Notes on Command AntiVirus for Windows (CSAV) Version 4.54 SP2 (Service Pack 2) 03/11/99 PRODUCT ENHANCEMENTS New virus signatures have been added in this release. The following default extensions have been added: .VXD and .386. The following default extensions have been removed: .APP and .PGM. FIXES When scanning in disinfect mode, sometimes the message "Virus could not be removed" would appear. Since the file was not infected, the error message was incorrect. Notes on Command AntiVirus for Windows (CSAV) Version 4.54 SP1 (Service Pack 1) 02/03/99 PRODUCT ENHANCEMENTS New virus signatures have been added in this release. SCR (screen saver) and RTF (Rich Text Format) files are now scanned by default. SCR files are scanned because they are susceptible to some Windows 95/98 viruses. RTF files are scanned because infected DOC files that have had their extensions changed to "RTF" can still infect other Word documents and templates. CSAV now scans for ASCII-based viruses such as BAT viruses, JavaScript viruses and malicious applications, and VBScript viruses. CSAV also detects mIRC scripts containing malicious code. Better detection for Excel macro and field viruses has been added. The scanning of MDB files is improved. Disinfection for polymorphic viruses such as W97M/Class that are found in the wild is new and improved. Selective disinfection allows you to remove the macro virus and all traces of the disinfection process. In password-protected documents, CSAV removes the virus but leaves traces of the disinfection process behind. In both instances, the original document is preserved. FIXES None for this release. SPECIAL NOTES To update Command AntiVirus with this service pack, you must run the service pack's SETUP.EXE program. Note that only the components that require updating will be modified. If you plan to update to CSS Central version 1.04, update all client stations to Command AntiVirus version 4.54 prior to performing the CSS Central update. This allows you to avoid complications that can arise due to changes that were made to the communication port settings in CSS Central version 1.04. Notes on Command AntiVirus for Windows (CSAV) version 4.54 12/07/98 PRODUCT ENHANCEMENTS New virus signatures have been added for this release. The scan engine has been optimized for faster scanning. This includes faster scanning of a wider variety of compound files such as Microsoft Word and Excel files. Command AntiVirus for Windows now detects Java viruses and Access 97 viruses. Disinfection ability will be added in an upcoming release. Additional support for compressed executable files has been added. Specifically, compressed executables are scanned in memory. This allows for faster scans of compressed files. Modifications have been made to the CSAV communication sub-system. This allows for increased reliability in downloading Command AntiVirus update files from the Command Software Systems FTP site. FIXES When a manual (on-demand) scan was selected and the CANCEL button was clicked before the scan initiated, the button would disappear but the scan would continue. This is fixed. SPECIAL NOTES Microsoft Access (MDB) database files are now scanned by default. If you determine that real-time scans are noticeably slower, remove the .MDB extension from the Files To Include list. Then, create a scan task and periodically scan all the files in your Microsoft Access folders. Due to space requirements, the Command AntiVirus rescue disk is no longer bootable. To disinfect with this disk, boot from a clean DOS boot disk, insert the rescue disk and, at the command line, use the following command: f-prot /hard /disinf To provide flexible multi-language support, the following files are now included in the product: FPROTLNG.DLL -- now used instead of ENGLISH.TX0 DVP31LNG.DLL -- English language file for DVP CSAV for Windows no longer uses the ENGLISH.TX0 file. For information regarding the functionality of Command Software products with regard to the Year 2000 issue, please visit our web site at: http://www.commandcom.com/html/tech/ts-year2000.html ------- Notes on Command AntiVirus for Windows (CSAV) version 4.52 8/13/98 PRODUCT ENHANCEMENTS New virus signatures have been added in this release. FIXES Some issues with CSAV for Windows' Automatic Update feature have been addressed and corrected: 1. Occasional problems with Automatic Update not properly launching SETUP.EXE for the "Full Setup" option have been fixed. 2. Difficulty in updating the DVP31.EXE file has been corrected. 3. After a Full Setup, Automatic Update was not properly updating definition files (*.DEF). The updates now take place correctly. SPECIAL NOTES None for this release. Notes on Command AntiVirus for Windows (CSAV) version 4.51 06/10/98 PRODUCT ENHANCEMENTS Command AntiVirus boasts our HoloCheck(tm) scanning technology, providing the most up-to-date virus prevention. The most important benefits of this technology are: * Simplified updates. You can now update the SIGN.DEF file (the file that contains the most current virus signatures) without reinstalling all of the components. This method adds speed and efficiency to the new version of Command AntiVirus. * Superior polymorphic virus detection. CSAV now offers unparalleled protection and elimination of polymorphic viruses including the dreaded Morphine, Anxiety and Spanska. * Scanning of embedded (OLE) documents. Not only do we scan documents, but if an infected document is embedded in an Excel spreadsheet or PowerPoint document, Command AntiVirus will catch it and save you from becoming infected. * Support for nested zip files. New virus signatures have been added in this release. F-MACRO.EXE is no longer included as a separate utility since all of its features are now incorporated into the main scanner. The Automatic Update feature has been added in this release. Once the new version of Command AntiVirus is installed, you will be able to implement this powerful, yet easy-to-use capability to keep your Windows 3.1x workstations updated with the most recent product and signature file updates. Complete details for implementing this feature are available in the new Command AntiVirus for Windows manual, which is available on the CD or from our web site. Printed copies are available for purchase. SPECIAL NOTES The ability to add user-defined strings is not supported by the new design of CSAV. The architecture of our HoloCheck technology makes this feature obsolete without compromising protection. We recommend that you do not enable Scan All Network Drives from any of our workstation products as performance on busy servers may be adversely affected by the additional network traffic. Due to changes in the functionality of the scan engine, the tab for Memory Scanning under Options|Active Protection now only shows one option. When enabled, the first 640k of memory will be scanned. With this version of CSAV for DOS, VIRSTOP is no longer available. All references to VIRSTOP and its associated programs should be removed from batch files. Older versions of VIRSTOP are not compatible with CSAV version 4.51. Media such as Jazz drives are reported by different operating systems as either Fixed or Removable media. Because of this, they cannot be classified by Command AntiVirus as one or the other. Jazz drives will be scanned when Scan All Hard Drives is selected or by the creation of specific tasks. We have improved the performance of the on-access scanner so that MS Mail attachments are scanned on open. Previous versions of CSAV only detected infections in attachments on file close. Due to the introduction of CSS Central, SE_UTIL will be phased out. Command will support SE_UTIL through 12/1/98. After that date, customers can continue to use the utility though we will no longer update it. ************************************************************* RELEASE NOTES ___ Notes on Command AntiVirus for DOS/Windows (CSAV) v.4.00 01/28/98 ******************** PRODUCT ENHANCEMENTS New virus signatures have been added in this release. Command AntiVirus contains a completely new Dynamic Virus Protection (DVP) scheme. The new DVP is a virtual device driver that replaces the combined functionality of the F-AGENT.EXE, F-PROTW.CFG, A-PROT.EXE, and FPROTW.386 files. Prior to this release, configuring F-PROT Professional's DVP consisted of running DVPSET ADMIN and then making changes the desired changes in the "F-PROT DVP Settings" dialog box. That procedure is no longer necessary as Command AntiVirus 4.00's DVP settings are accessed through the Active Protection tab found in the Options menu. FIXES Difficulty in getting INSTALL to run from a network directory has been fixed. The problem involved receiving calls for disk 1 of 3 and then not allowing the installation to complete. When the /REPORT switch is used with FP.EXE, the F-MACRO report is automatically appended to the original report. Prior to this release, the original report was over-written. SPECIAL NOTES CSAV is an abbreviation for "Command AntiVirus" -- the new name of our anti-virus product line. Prior to the name change, the product line was referred to as "Command's F-PROT Professional." The Automatic Update feature that is documented in the Command AntiVirus for DOS and Windows Users Manual is not available in this version of CSAV. That feature will be included as a product enhancement in a future release. 32-bit file access may not work with VLM's, CLIENT32 and NETX. We will revert to 16-bit file access when necessary. Investigation on this issue is ongoing, but we felt the advantages of full 32-bit VxD, in terms of stability and speed, were more important to our customers. For Client32 users: In DOS, use VIRSTOP2.EXE instead of VIRSTOP.EXE. Copy VIRSTOP2.EXE from the installation disks to the F-PROT directory. If you reference VIRSTOP.EXE in your AUTOEXEC.BAT you will need to change the call to VIRSTOP2.EXE. The options for VIRSTOP2.EXE are limited. To view the list of options type VIRSTOP2 /? at a DOS prompt. If you are experiencing any difficulties, please contact Technical Support. When VSHARE.386 is disabled in SYSTEM.INI file and SHARE.EXE is launched from AUTOEXEC.BAT, an "Unable to Load Macro.def" error message could appear. This is a configuration and resource issue. VSHARE is the newer of the two programs and it is the preferred driver. If you must use SHARE for compatibility with older software, its parameters may need to be adjusted. For more details, please contact the vendor of the product that requires SHARE. ***** SELECTED NOTES FROM PREVIOUS RELEASES ***** Selected Notes from previous versions of Command's F-PROT Professional In an effort to reduce the size of the readme files we remove most of the notes from older versions as they become less relevant. We leave certain notes which are still pertinent. In order to run the FPWCFG.EXE program, you must have CTL3D.DLL in the current working directory with FPWCFG.EXE or the DLL must be in the Windows\System directory. CTL3D.DLL is copied to the CSAV directory upon installation. Please report any virus incidents to [email protected] Some helpful files are: SE_EICAR.EXE -- a program that mimics a virus in order to demonstrate how CSAV (formerly Command's F-PROT Professional) reacts to real viruses, and SE_UTIL.EXE a utility for multi-platform users. SE_UTIL.EXE contains its own readthis.bat file for viewing and instructions. These files are located on the installation diskettes. If you use File Assist from Norton Desktop for Windows, File | Scan Directory will not correctly switch drives when you type it into the File to Scan field. If you have a NetWare server that is infected with a master boot sector virus, do not use CSAV (formerly Command's F-PROT Professional) to disinfect immediately. Instead, boot to a clean system DOS disk and use FIXDISK.EXE to save an image. After getting the image, use CSAV to disinfect. If you can't access your NetWare partitions after disinfection, run FIXDISK.EXE again to undo the image that you just saved. Please call technical support at 800/423-9147 and arrange to send us the image for manual disinfection. This procedure is necessary due to the way NetWare overrides the stealthing function of viruses by not making changes to the original master boot sector. When this happens, CSAV will overwrite the partitions. PRODUCT SUPPORT Command Software Systems' technical support includes a variety of electronic services. You can contact us at: Command Software Systems, Inc. 1061 E. Indiantown Rd., Suite 500 Jupiter, FL 33477 Voice: 561/575-3200 8:00 a.m. to 8:00 p.m. Eastern Standard Time. Fax: 561/575-3026 Internet: [email protected] FTP: ftp.commandcom.com Web: http://www.commandcom.com In Europe contact: Command Software Systems, Inc. UK Branch Ground Floor Millbank Tower Millbank London SW1P 4QP If dialing from within the UK: Voice: 020 7 931-9301 Fax: 020 7 931-9302 If dialing from outside the UK: Voice: +44 20 7 931-9301 Fax: +44 20 7 931-9302 Internet: [email protected] [email protected] [email protected] In Pacific Rim, contact: Command Software Systems, PTY Pac Rim Unit 5, 18-20 Floriston Road Boronia, VIC 3155 Australia Voice: 1-300-65-0903 or 613-9762-2203 Fax: 1-300-65-0904 Internet: [email protected] Web: http://www.commandcom.com.au
|