===================================================================== NORMAN VIRUS CONTROL v5.70 ===================================================================== Copyright Norman ASA December 2003 NOTE 1: You should uninstall any other antivirus software (file scanners) before installing NVC. NOTE 2: When reinstalling NVC, you should always reboot your computer between uninstall and install. SYSTEM REQUIREMENTS This version supports installation of NVC v5 on Windows 95/98/Me, Windows NT/2000/XP/2003 machines. For Windows 95, Internet Explorer 4.0 or higher is required. WinSock2 must be installed. For Windows NT, version 4 with SP4 (or higher) and Internet Explorer 4.0 (or higher) are required. 1.0 Norman Internet Protection (NIP) 1.1 NIP has been completely redesigned in this version. The manuals (http://www.norman.com/manuals.shtml) cover this in more detail. Pay special attention to how NIP may invoke reboot situations during updates. 1.1.2 The previous version of Norman Internet Protection (NIP) was proxy- based. POP3 server and SMTP server in your e-mail account settings had to be set to 127.0.0.1 (localhost) for the purpose of NIP to scan in- and/or outgoing mail. For the most commonly used e-mail clients (Outlook and Outlook Express), NIP changed the configuration automatically, but in clients that don't use Internet Account Manager (IAM) or OMI Account Manager, you had to configure manually. Examples of such email clients are: Outlook XP, Outlook 2002, Opera 6/7, The Bat, Eudora and Pegasus. The new NIP integrated with NVC v5.7 is no longer proxy-based. If you have manually configured your e-mail client as described above, you will experience problems sending and receiving e-mail after the upgrade from NVC v5.6 to NVC v5.7. To solve the problem, you must undo the configuration changes that you did to your e-mail client. More specifically, you must edit your e-mail account settings to switch the POP3 and SMTP server addresses back from 127.0.0.1 to the actual server addresses. If you don't know these addresses, you should contact your Internet Service Provider (ISP) to get them. 1.2 NIP no longer supports IMAP. 2.0 NDesk 1.4 2.1 The Install Dialog now has a Save option which can be used to create a self-extracting installation file for non-NT machines. The fields from the dialog are entered into a bootstrap config file, which is stored with the bootstrap ZIP file into the self-extracting file which can subsequently be run from a login script. 2.2 The machine list on the Install Page can be printed. 3.0 The on-access scanner for WinNT/2000/XP/2003 3.1 In versions prior to 5.70 the on-access scanner would report "Unable to repair" if a file was quarantined but not cleaned in its original position. To be more precise in such situations, the message is changed to "File quarantined", signifying that the file was removed from its original position and put in the quarantine.(Affected all Windows platforms.) 3.2 As of NVC v5.70 the on-access scanner now coexists seamlessly with MimeSweeper, WebSweeper and Norman's gateway security products. In prior versions some directories had to be manually excluded to make this work properly. 3.3 Renamed on-access modules 3.3.1 These two modules are unchanged with regard to functionality. The intention of renaming them is to distinguish the difference between them with more precise descriptions 3.3.2 On-access scanner (Interactive) is renamed to: On-access scanner (Local users) 3.3.3 On-access scanner (Non-interactive) is renamed to: On-access scanner (Services and remote users) 3.4 A bug in the on-access scanner caused NDesk to report the scanner as active only when users were logged on. Fixed. 3.5 During heavy virus infections, a bug in the on-access scanner could cause that changes to the quarantine configuration were not correctly implemented. Fixed. 4.0 Utilities 4.1 In the "Utilities" component, you can now sort all columns (one at a time) by clicking the column heading. I.e. the familiar Windows functionality. 5.0 Norman Internet Update (NIU) 5.1 If NIU is scheduled with "wait for connection", the connection must have been established for minimum 15 seconds for NIU to accept it. 5.2 Bugfixes: 5.2.1 Fixed possible overflow in trace-window. 5.2.2 Fixed report of actual platform/OS In trace window. 5.2.3 If a scheduled update failed and Zanda made another attempt, a weird error message about 'norman\temp\niu' could occur. Fixed. 5.2.4 If NIU was started from a "Guest" account, for example, a cryptic error message about "rights" would occur. The new message is less cryptic. 5.2.5 If a new NIU instance was started very close to the completion of the previous instance, the strange error message "NrmCreateEventSemFailIfExists" could occur. Fixed. 5.2.6 Some http proxies do not close the TCP connection (as intended) after relaying information that the local file "files1.txt" is fresh enough. This resulted in a hanging NIU. Circumvented. 6.0 Zanda - the agent 6.1 Fixed bug that caused Zanda not to replicate task files in network installations. 6.2 In NVC v5.6 task files would not run properly on NT4. Fixed. 6.3 In earlier versions, you could experience problems when using environment variables in the LAN/WAN configuration. If the environment variables were not defined in environment, but only in the NVC configuration, Zanda was not able to resolve the rest of the path from the configuration file. In this version variables not defined in environment are resolved to nothing, meaning that Zanda is able to replicate files if the remaining LAN/WANpath(s) are valid. 7.0 Decompression library 7.1 New in this version is support for virus detection in CAB files (not removal). 8.0 Uninstall or repair NVC 8.1 In Windows' Control Panel|Add/Remove programs you will find an entry for NVC. By choosing this entry and clicking Add/Remove, you will be presented with options for uninstalling or repairing NVC. Delnvc5.exe in the folder ...\Norman\Nvc\Bin provides you with the same options. Always restart your computer after uninstalling NVC. ===================================================================== NORMAN VIRUS CONTROL v5.60 ===================================================================== Copyright Norman ASA June 2003 NOTE 1: You should uninstall any other antivirus software (file scanners) before installing NVC. NOTE 2: A file that is referred to as 'XXX.EXE' on the Windows and OS/2 platforms, is on Linux called 'xxx' - i.e. lowercase file name and no extension. SYSTEM REQUIREMENTS This version supports installation of NVC v5 on Windows 95/98/Me, Windows NT/2000/XP machines, Linux, OS/2 Warp 4, OS/2 Warp Server, WorkSpace On-demand, and eComStation. For Windows 95, Internet Explorer 4.0 or higher is required. WinSock2 must be installed. For Windows NT, version 4 with SP4 (or higher) and Internet Explorer 4.0 (or higher) are required. For OS/2 we recommend Warp 4 fp 15 (or higher) and Java 1.1.8. For Linux, glibc 2.2 is required. 1.0 On-access scanner 1.1 Now supports Windows 2003 server. 1.2 Improved ability to find and eliminate viruses infecting unprotected shares on servers. Viruses like W32/Pinfi acts this way. This was also supported in versions prior to v5.60, but is now improved to cover all known infection tecniques. 1.3 Finds and eliminates viruses that are stored on USB devices like flash disks. When inserting a flash disk or other USB media that acts as a file system, the On-access scanner will dynamically check these files for viruses. 1.4 Bug fixes related to: - running Terminal Services - general On-access scanning with network scan enabled 2.0 Norman Internet Update (NIU) 2.1 When NIU is configured with several validation servers If the first (randomly) selected server fails, all the others are silently tried before any error message appears. 2.2 When NIU is configured to update a distribution server in a LAN If the current logged on user don't have the necessary rights to update, then NIU will try to log on to the remote server using the credentials given in the LAN/WAN tab in NVCCF. 2.3 Bug fixes 2.3.1 Estimated remaining download time was inaccurate for large upgrades, for example full update, and the line was as slow as 9600 bps, for example. Fixed. 2.3.2 If NIU was scheduled for 'Daily on dial-up (wait for connection)', NIU often believed that there was an Internet connection, where none was present. Fixed. 2.3.3 Fix for sceduling error in Zanda: Waits for a random amount of time (0 - 15 minutes) before starting, if: - Scheduled 'On direct connection at specified times', and - The time is exactly on or 1 minutes past an hour, i.e. 08:00 or 08:01. This fix is temporary. 2.3.4 If two NIU sessions were started (almost) simultaneously, for example by double-clicking a shortcut in the QuickLaunch bar, then both were erroneously run. Fixed. 2.3.5 If NIU session stopped abruptly, the text "Static" would sometimes appear in the main window. Removed. 2.4 Other NIU amendments 2.4.1 Removed support for one-time authentication keys. Such keys will not be deployed. 2.4.2 If the file 'niucf.ndf' is missing, NIU starts 'niucf.exe' if confirmed by a present user. 2.4.3 The two most common conclusion messages are now in the main NIU window (with a 5 second timer before automatic close), rather than in a separate message box. These will appear when there is nothing new to download, and when download completed ok. 2.4.4 If the incremental def.file NVC11001 is the only download candidate, it will be unconditionally downloaded, without prompting. 2.4.5 Removed the version designation in the caption bar of the main window due to popular demand: users confused it with the NVC version. The NIU version designation is retained in the NiuTrace.log file. 2.4.6 If run scheduled "On direct connection at specified times", then any download will be performed, unasked and silent. 2.4.7 Any NiuTrace logfile is now put in 'Norman\Logs'. The filename has a timestamp embedded; for example 'NiuTrace_030509_1404.log'. 2.4.7 Several message text amendments: - If no downloads are available: the text "Your installation is OK" changed to "Your installation is up to date." - When a download completes ok: the text "Download complete." changed to "Update will complete a few minutes after download." - More relevant error messages when a proxy grumbles. 3.0 NYMSE 3.1 In the Config editor's "Installation settings" it may be confusing for some users that a component which is not installed (on the "Install" tab), it will be grayed out on the "Start" tab. It might even be selected for automatic start-up. This is not a problem, although it may look that way. 3.2 Non-installed components will no longer appear under "Utilities". 3.3 Files labeled as 'Copied deferred', i.e. awaiting reboot, will cause Nymse to wait for the reboot before checking license and def file dates. Otherwise warnings may appear for def files that already are updated. 3.4 Drastically reduced the number of NdlgErrors dialogs for more extensive use of eLogger to minimize annoyance during error situations. 4.0 The agent Zanda 4.1 Zanda commands (for use in logon scripts, for example): 4.1.0 These commands were implemented for v5.50, but not generally known: 4.1.1 Zanda -updatenow or Zanda /updatenow Instructs Zanda to immediately to address the distribution server to look for new zip-, configuration-, and task files. These commands did not work on Win 9x/Me in v5.50. 4.1.2 Zanda -setenv:= or Zanda /setenv:= for example: Zanda -setenv:Nvcserver=alladin If the "Distribution server name" is set to $Nvcserver in the config editor, it will be replaced by "alladin". The values are stored and will apply also after a restart. 4.1.3 Zanda -setenv:= or Zanda /setenv:= for example: Zanda -setenv:Nvcserver= Deletes the variable. 4.2 Bug fixes 4.2.1 After an unsuccessful logon to a distribution server Zanda v5.50 would try again after one minute. This was not correct. The correct interval between such attempts is 1/3 of the shortest interval defined in the config editor (LAN/WAN tab, "When to look for updates on the LAN/WAN", "At user-defined intervals", "Settings"). 4.2.2 On scheduled Internet update, the connection was established with no regard to the tolerance specified in the + /- field. The consequence was that our servers were overloaded on each exact hour. This problem is solved by establishing a connection at a randomly selected time within the specified interval. 5.0 Types of viruses detected by the sandbox (Please refer to white papers on www.norman.com, NVC manuals and other written publications on this functionality.) When the sandbox detects a virus, the name of the virus can be one of the following: W32/EMailWorm A worm spreading over e-mail W32/NetworkWorm A worm spreading over network shares W32/FileInfector A virus infecting regular executables W32/P2PWorm A worm spreading over P2P networks W32/Malware A generic detection of what we consider malware If the sandbox detects something unknown, we haven’t seen it before or else we have added regular detection of it. We would appreciate it if you submit this sample to analysis@norman.no. The sandbox should always give a short analysis, proving why it’s a worm or virus. The analysis can be found in the log file or in NVC's message console. 6.0 The new decompression library The changes to the decompression library are not very visible, so it might be useful to list most distinguished features: - Increased performance and lower memory usage. - Supports most archive formats (except .CAB and some versions of RAR and ACE). - Better handling of e-mail formats and encoding types. - Supports archives up to 4,2GB. ===================================================================== NORMAN VIRUS CONTROL v5.50 ===================================================================== Copyright Norman ASA November 2002 NOTE 1: You should uninstall any other antivirus software (file scanners) before installing NVC. NOTE 2: A file that is referred to as 'XXX.EXE' on the Windows and OS/2 platforms, is on Linux called 'xxx' - i.e. lowercase file name and no extension. SYSTEM REQUIREMENTS This version supports installation of NVC v5 on Windows 95/98/Me, Windows NT/2000/XP machines, Linux, OS/2 Warp 4, OS/2 Warp Server, WorkSpace On-demand, and eComStation. For Windows 95, Internet Explorer 4.0 or higher is required. WinSock2 must be installed. For Windows NT, version 4 with SP4 (or higher) and Internet Explorer 4.0 (or higher) are required. For OS/2 we recommend Warp 4 fp 15 (or higher) and Java 1.1.8. For Linux, glibc 2.2 is required. 1.0 The scanning engine 1.1 Internal file systems have been added to enable scanning of embedded objects in OLE2 files, for example. 1.2 Added file IDs that recognize more file formats. As a result, the engine doesn't scan more files than necessary. 1.3 General updating and optimalization of the emulator and virtual memory system, that affects speed as well as detection. 1.4 Changed ASCII scanning, which is now much faster. 1.5 The engine is now prepared for the introduction of a full- fledged Sandbox functionality. Presently, the engine employs the Sandbox technique to a limited extent only. 1.6 The engine is also primed for incremental updating of virus definition files. The implementation of this feature is awaiting adjustments in other NVC modules. 2.0 Error messages 2.1 If you run DelNVC5.exe and select Repair, the Norman 'N' (NYMSE) in the system tray will stop temporarily. When NVC is repaired after a few minutes, the 'N' reappears. 3.0 On-demand scanner 3.1 The following archive file formats are not yet supported: .ACE .RAR Possible infections within these format will be detected, but NVC cannot repair infected files within these formats. As a result, the archive must be opened and the intected file(s) removed, or the entire archive must be deleted manually. 4.0 Command line scanner (NVCC.EXE)- Bug fixes 4.1 Parameter /CL:0 made the program return without doing any scan. 4.2 Printout of file names preceeded by "\|-/" now works as intended without overflowing line end or leaving characters on the screen. 4.3 NVCC will not report any "Sharing violations" for files within the C:\NORMAN tree(or wherever NVC5 is installed) on screen or in status/return codes. 4.4 NLOG5.DLL: The logger _could_ crash on file names and paths exceeding 260 characters when option /L:2 was used. File name buffers are now dynamically allocated. 5.0 Norman Internet Update (NIU) 5.1 Amendments and bug fixes 5.1.0 Tidied/simplified the HTTP protocol header conversation between NIU client and NIU validation server. This should make things easier for some proxies. 5.1.1 NIU will no longer beep when the most common information and inquiry message boxes appears. 5.1.2 The NIU temporary files (e.g. NiuTrace.log) are now put in the directory norman/temp/niu (where 'norman' is the installation directory). 5.1.3 Implemented 'resume aborted downloads' on a per file basis: Example: If the first 12 out of 14 files downloaded successfully, these 12 are not downloaded again in the next try. 5.1.4 Will prevent updating to empty LAN/WAN software path, if configured to do so. 5.2 Other NIU 5.2.0 Implemented support for one-time authentication keys. (Such keys are yet to be deployed.) 5.2.1 Implemented HTTP redirect: The server may detect that the object is at another site. 5.2.2 If several NIU validation servers are configured, and the first (randomly) selected is unavailable, then the next one is tried, in a circular way, throughout the entire server list. 6.0 On-access scanner 6.1 NetWare registry settings Unfortunately, Windows 2000 has a tendency to change a key Novell Client registry setting from the recommended Novell Client setting (NetwareRedirector) back to the MS Client for NetWare (NetwareWorkstation) client setting. Some sites have experienced this value change while others have not. The reason for this change remains unknown, but the effect is a noticeable slower browsing speed. Be sure to force this setting out to the client workstations if the incorrect value appears: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ NetwareWorkstation\NetworkProvider\DeviceName and change the string from: \Device\NetwareWorkstation to \Device\NetwareRedirector Note: If you have the Novell IntranetWare client installed, you must also edit: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ NetwareWorkstation\NetworkProvider\DeviceName and change the string from: \Device\NetwareWorkstation to \Device\NetwareRedirector ===================================================================== NORMAN VIRUS CONTROL v5.40 ===================================================================== Copyright Norman ASA August 2002 NOTE: You should uninstall any other antivirus software (file scanners) before installing NVC. SYSTEM REQUIREMENTS This version supports installation of NVC v5 on Windows 95/98/Me, Windows NT/2000/XP machines, Linux, OS/2 Warp 4, OS/2 Warp Server, WorkSpace On-demand, and eComStation. For Windows 95, Internet Explorer 4.0 or higher is required. WinSock2 must be installed. For Windows NT, version 4 with SP4 (or higher) and Internet Explorer 4.0 (or higher) are required. For OS/2 we recommend Warp 4 fp 15 (or higher) and Java 1.1.8. For Linux, glibc 2.2 is required. 1.0 The scanning engine. NOTE: The initial release of NVC 5.40 will not contain the updates described in 1.1 - 1.4. An engine containing these updates will be released shortly. 1.1 Internal file systems have been added to enable scanning of embedded objects in OLE2 files, for example. 1.2 Added file IDs that recognize more file formats. As a result, the engine doesn't scan more files than necessary. 1.3 General updating and optimalization of the emulator and virtual memory system, that affects speed as well as detection. 1.4 Changed ASCII scanning, which is now much faster. 2.0 Norman Internet Protection (NIP) 2.1 NIP is a new module designed to intercept incoming and outgoing mail and news, stripping or blocking all infected attachments for undesired content. NIP is located in the Configuration editor and documented in the Reference Guide. Note that you must install and start NIP manually from the Configuration Editor if you upgrade from a previous version of NVC 5.x 2.2 If your news server requires authentication, the NNTP proxy in NIP will not work. Support for this is expected to be added shortly. To disable the NNTP proxy, open the Configuration editor, select the module Norman Internet Protection and deselect the "Enable NNTP proxy" option. 3.0 Norman Internet Update (NIU) 3.1 NIU bug - fixes and amendments 3.1.1 Removed the possibility to revert to the http HEAD method of fetching product file timestamps during NIU stage 2. Timestamps can now only be fetched by getting the file 'files1.txt'. 3.1.2 If a scheduled NIU is started when an old session is running, the old one is killed only if it is obviously hanging. 3.1.3 If more than one NIU validation server is given in the configuration, one of the specified servers is randomly selected. 3.1.4 Removed the use of the debug file 'NufFetch.log'. 3.1.5 If a http request fails: NIU now waits 3 seconds before the next try. 3.1.6 At /uninstall: any 'NIU.SEM' file is removed. 4.0 NDesk / PushWiz 4.1 NDesk is the preferred distribution tool, and PushWiz is removed from the product CD. However, if you for some reason insist on using PushWiz, check the Administrator's Guide for details how to download this tool from Norman's web site. 5.0 On-access scanner - fixes and amendments 5.1 In previous versions the on-access scanner sometimes mis- interpreted messages from the file system. That is: If the on-access scanner tried to scan a file that had previously been reserved for exclusive use by another application, the file system would (correctly) return a file-sharing violation error to the on-access scanner. The on-access scanner would however exclude this particular file from further scanning, believing that it was checked and non-infected. Since the on-access scanner was unable to scan the file in the first place, there was no guarantee that the file was not infected. In version 5.4 this error is fixed. 5.2 In version 5.4 we have re-designed the start-up procedure of the on-access scanner in order to make it safer and smoother. In previous versions the on-access scanner might be re-started (behind the scene) because of a configuration change or a user logon. This shortcoming is now removed. 5.3 The default settings have changed for interactive as well as non- interactive on-access scanning. Please refer to the Reference Guide for details. 5.4 Fast user switching (Windows XP) In previous versions the individual components were installed regardless of the logged on user. NVC is now redesigned, with the result that certain components run in the logged on user's context. As a result of this redesign, NVC now supports several logged on users on Windows XP workstations. The support for fast user switching in Windows XP has instigated changed start-up routines for the on-access scanner. When NVC is distributed in a network you MUST log off/on or reboot any NT/2000/ XP machines in order to start the module that handles user messages (virus warnings etc). The scanner is active even if the machine is not logged off/on, but the on-access scanner will not appear on the Active components list, and pop-up alarms at virus infections will not appear. 6.0 On-demand scanner 6.1 Run task files from the command line You can now start the on-demand scanner and run task files from the command line. This feature is useful in networks where such scanning can take place hidden for the user. 6.2 The new default path for log files is: c:\norman\logs On Linux, the default path is: /var/log/nvc, or if run by an unprivileged user: $HOME/.nvc/log/ 7.0 Command line scanning options 7.1 Please refer to the Reference Guide or run nvcc.exe for a list of available command line options. Some new scanning options have been added, while others are removed. 8.0 NDesk 8.1 New options and symbols The Auto refresh option allows you to configure NDesk to refresh at certain intervals decided by the user. In addition, 5 new status symbols are added. Please refer to the Administrator's Guide. 9.0 NVC for Domino 9.1 Installing 9.1.0 To install NVC for Domino, you need: Any Windows NT 4.0 sp4 or higher, or Windows 2000 platform. Lotus Domino (r) Server version 4.6 or higher, or 5.x. Norman NVC5 installation CD or pre-installed on the server platform. 9.1.1 Step-by-step installation 1. Install NVC5 on the Domino server. 2. Use NIU (Norman Internet Update) to bring NVC5 up to date. 3. Run 'NVCdinst.exe /install' or use the install-shield shell. 4. Configure NVC for Domino using the NVC5 configuration editor. 5. Restart the Domino server if it is already running. 9.1.2 Uninstalling Run 'NVCdinst.exe /uninstall' 10.0 General 10.1 The new decompression library supports more format for scanning within archive files. The following formats are now supported (in addition to ZIP and ARJ): RAR, ACE, ARC, GZIP, TAR and BZIP2. However, the new decompression library does not support RAR files that is generated with the new WinRar 3.0. 10.2 Archives bigger than 32 Mb Scanning of big archives may lead to a "Out of memory" situation for your machine. To avoid a situation that requires too much system resources, archive files bigger than 32 Mb are not scanned by an ordinary on-demand scan or a command line scan. The maximum size and dept of archive files to scan is not configurable in this version. 10.3 Removal in archives containing malware NVC 5.40 will detect malware inside archives, but NVC 5.40 is not able to remove malware that resides inside archive files. Functionality and configuration options for this will be added in an update. This issue does not affect NVC for Exchange, NVC for Domino, and Norman Internet Protection. These will remove malware inside archives when configured to do so ===================================================================== NORMAN VIRUS CONTROL v5.30 ===================================================================== Copyright Norman ASA April 2002 SYSTEM REQUIREMENTS This version supports installation of NVC v5 on Windows 95/98/Me, Windows NT/2000/XP machines, OS/2 Warp 4, OS/2 Warp Server, WorkSpace On-demand, and eComStation. For Windows 95, Internet Explorer 4.0 or higher is required. WinSock2 must be installed. For Windows NT, version 4 with SP4 (or higher) and Internet Explorer 4.0 (or higher) are required. For OS/2 we recommend Warp 4 fp 15 (or higher) and Java 1.1.8. 1.0 NDesk 1.1 The list of machines and IP addresses may be displayed incorrectly when you run a network search from a Windows XP machine. Running NDesk on Windows XP is not recommended unless 1. a HOSTS file is present covering all machines on your LAN, or 2. you have a local DNS server which has all machines on your LAN registered. Without HOSTS/DNS, Windows resolves host names using NetBIOS requests on port 137. On Windows XP this does not work properly. Microsoft has opened a defect report on this (Microsoft Knowledge Base article number Q317936) and is expected to address the problem in Windows XP Service Pack 1. The problem is not present on Windows 2000 or Windows NT4, and we therefore recommend these operating systems to be used with NDesk. 1.2 NDesk must be run in an account in the Domain Administrator's group in order to be able to open the Service Control Manager on remote machines. By default, the Domain Administrators group is included in the remote machine's Local Administrators group. 1.3 NOTE that when distributing from a Windows 2000 server, the account that is defined in NDesk MUST have the necessary privileges to log on locally. 1.4 NDesk is only available in English in NVC v5.30. 1.5 NDesk is a feature under 'Administration Tools' which is not 'regular' NVC5 module, rather an add-on. 'Administration Tools' will not be updated or installed by Norman Internet Update (NIU). To get hold of NDesk, you must install NVC v5.30 from the CD-ROM, or a web installation package using a corporate license key. 2.0 NIU 2.1 Implements client side proxy authentication scheme Windows NT challenge/response (aka NTLM). Note that: 2.2 In addition to user and password (taken from Config editor's Internet tab), and local hostname (fetched dynamically from Windows), NTLM needs a fourth parameter: domain. By default, NIU will use domain = hostname. This is often sufficient. If not, you can specify domain the new "Domain (for Windows NT challenge/response)" field. 2.3 NTLM is only supported by NIU when the NTLM authentication server is in the *first* proxy/firewall etc. along the connection path from the NIU client to a NIU server. 2.4 NIU bug fixes & amendments 2.4.1 Bugfix in scheduled "waiting for RAS connection": Will not poll RAS too early, to prevent erroneous error message. 2.4.2 Verified that NIU runs ok (scheduled) with no logged on user (no desktop). 2.4.3 Utilizes mechanisms in the HTTP protocol to prevent proxies from returning outdated cached data. 2.4.4 Bugfix in algorithm to check files time stamp equality around DST <-> Normal time. 2.4.5 "NT Terminal Server" is now a valid OS platform when validating. NVC 5.30 contains its own set of components for Windows NT4/2000 terminal servers. If the terminal server is the distribution source for other NVC installations, you must select “NVC for terminal servers” in the tabs Products and Platforms of NIUCF for updating the terminal server components. If it's just a local terminal server installation, the updates will be downloaded automatically, without performing any additional configuration in NIUCF. 2.4.6 Several amendments in information- and error messages. For example: - The completion text "Finished" changed to "Download complete". - The term "Authentication serial number" changed to "Authetication key". 2.5 Other NIU information 2.5.1 Possible new error message if the authentication key is bounded to a specific ISP: "Your Authentication serial number may not be used from your current IP address.". 2.5.2 NIU client may now receive some customer information from the NIU validation server associated with the authentication key: Customer name, Expiry date, No. of licenses. This information will be stored in NVCCF.NDF. 3.0 Additional messenger protocols: E-mail, SMS, SNMP 3.1 Even though documentation and help claim that all modules are pre- selected for installation by default, you must select the entry "Additional messenger protocols" in the config editor (Installation settings|Install) to install this module. You will need a corporate or site licence in order to configure and use this module. I.e. the module is not available for single users. When you have selected to install new modules, click on Save then exit the Configuration Editor. Allow a few minutes for Zanda to install the new module, then restart the Configuration Editor and look for "E-mail, SMS, SNMP". 4.0 NVC splash screen 4.1 It is now possible to permanently disable the Norman splash screen in startup. In previous versions you could remove the '/SPLASH' option in the 'Norman ZANDA' entry in registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Example: Norman Zanda = C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH However, the splash screen would reappear whenever a Zanda component was updated. It's now possible to permanently remove the splash screen by replacing '/SPLASH' with '/NOSPLASH'. Example: Norman Zanda = C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /NOSPLASH Zanda will not replace a '/NOSPLASH' entry. Note that if neither '/SPLASH' nor '/NOSPLASH' is entered, '/SPLASH' will be reinserted. 5.0 Log file path for the on-demand scanner The path for the new on-demand scanner log file is c:\norman\logs. 6.0 Activating the Norman tray icon Sometimes nothing happens when you try to select an option from the ’N’ tray icon menu. This could happen on Windows 95/98/Me installations when NVC is first installed or updated. Until this problem has been solved permanently, log off and log on again or restart your computer. ===================================================================== NORMAN VIRUS CONTROL v5.20 ===================================================================== 1.0 About NVC v5.20 Most of the changes from the previous version are not visible. These are changes that affect the agent and the scanning engine. These key components are fine tuned and bug fixed. 2.0 New language versions New languages included in this release are: French Spanish Czech Slovakian Finnish 3.0 Floppy check on shutdown The initial v5.0 contained a functionality where NVC checked the floppy disk drive for the presence of an inserted disk at shutdown. If found, NVC performed a boot sector check and warned about the risk of booting from a floppy. This feature has been removed due to conflicts with the OS's shutdown routines. 4.0 NVC on Windows NT/2000 4.1 Scanning files protected by security options The on-demand scanner and scheduler can now access all files regardless of the files' security options, provided that you have the appropriate privileges (admin and/or backup operator). 4.2 Files that eluded on-access scanning On some machines, the on-access scanner did not scan all files as intended. This bug is fixed. 4.3 The On-access component 4.3.1 The BSOD problem reported on several occasions following the previous release was most likely caused by too stack-intensive operations within the filter driver. This is re-written in the current version of the driver (5.0.18), which is less stack-intensive. We have not been able to reproduce any BSOD with the 5.0.18 update. 4.3.2 Group Policy editor within MS Active directory: In versions prior to 5.0.18 admins were sometimes denied access to the Group Policy editor when used with the NVC On-access scanner enabled. This is fixed in 5.0.18: Reparse points that is requested from AD is excluded within the filter driver. 4.3.3 The exclude list handling has been rewritten and should be much more stable in 5.0.18. We have verified that the problem with the Swiss textel application has been fixed with this rewrite. 4.3.4 With some adapters/display drivers on W2K problems accessing the properties of the desktop has been reported. (Right-click the desktop, select properties). This is fixed in 5.0.18. 4.4 NVC on Windows Terminal Server NVC works in this environment. Please refer to the Reference Guide for details. 4.5 Boot sector repair NVC detected infected boot sectors in v5.0, but on NT boot sector repair did not work. Fixed. 5.0 Norman Internet Update (NIU) NIU has undergone some changes and the most prominent enhancements are: 5.1.1 It is possible and legal to run NIU even though the configuration in Configuration Editor|Installation settings|Update mode is not set for one of the three 'Update from the internet' (NIU) options: o If 'Manually from CD-ROM' is selected, then NIU behaves as if 'On-demand only' was chosen. o If 'Automatically from server' is selected, then NIU behaves as if 'On-demand only' was chosen, but with the following modifications: 1. If the 'Software' path in the section 'Where to look for updates' (see the LAN/WAN tab) is not visible from the NIU machine, then NIU updates locally, i.e. as before. This solves the 'on-the-road'-problem: A laptop that is usually updated by the agent on the office LAN, may now be updated by NIU while travelling, without re-configurating NVC. 2. If the mentioned path is visible, and the user has sufficient access rights to this path, then updating is done to this directory; with product-profile fetched from \nvc\profila.txt. The default path is typically: \distrib\download.) If this is on a server, i.e. on the form \\server\share, then NIU runs on a workstation in a LAN in effect upgrades a server where the agent is running. This \\server\share may be a Novell server. [This enables an administrator to upgrade a central NVC server from his office workstation.] 3. If the mentioned path is visible, but the user does not have the necessary access rights to this path, then NIU stops with an appropriate error message. 5.1.2 New possible error message Configuration error: Requested component files are either nonexisting or inconsistent with your authentication key. This message may appear if NIU runs on a Win NT/2000 server with a single-user authentication key. 5.1.3 If run on a NVC server, i.e. updating to a .\distrib\download\, then the file "profila.txt" is no longer used. Instead, the configuration in "niucf.ndf" is used, provided that the program "niucf.exe" has been run. 5.2.0 Http protocol usage amendments: 5.2.1 The http HEAD command to get file timestamps is no longer in use. Instead, a separate file containing timestamps is downloaded from the NIU product server. This alleviates some http proxy problems. 5.2.2 The http GET command towards the NIU validation server utilizes "no-cache" fields, thereby preventing proxies to respond with stale validations. 5.2.3 The connection is closed when the appropriate number of bytes is received, rather than waiting for the server to close the connection. This alleviates some proxy problems. 5.2.4 Bug fix: When using proxy server, NIU used port 80 even though configuration said something else. 5.2.5 On exit after http error: The last received http response head can be viewed by clicking a "Details" button. 5.3 NIU now supports proxies demanding username/password authentication. 5.4 If run with the '-trace' option, the trace is also logged to the file 'NiuTrace.log' in the %TEMP% directory. 5.5 NIU's start and (successfully) stop timestamps are saved in 'NiuState.ndf'. (For scheduling of NIU.) 5.6 Utilizes the "Host: " field in http requests. Some proxies need this field to work well. 5.7 For Daylight Saving Time transitions: Productfiles' timestamp equality (with a +/- 10 second slack) is checked also for 1 hour before, and 1 hour after a given timestamp. 5.8 Fixed a MS RAS problem that gave "RasEnumConnections errored! rc=610" message. 5.9 The agent now verifies ZIP files and deletes possible corrupted files. Verification takes place at the earliest stage possible, i.e. shortly after the files are copied from the server onto a temporary file. The files are checked again as a first step during installation. If errors are found, the agent will make another attempt to fetch the files from the server or wait for the next execution of NIU. 6.0 Improvements common to all on-demand scanners 6.1 All On-demand scanners will now detect and decode most MIME compliant text files (mail files) Embedded file attacments on UUENCODE, Quoted Printable and Base64 format will be found and scanned. If these attachments are compressed files, they are in turn decompressed and scanned to any level of depth. Infections found in attachments within MIME compliant files will not be repaired. 6.2 NVC32.EXE v4.92 -- NVC 4.x compliant command line scanner Minor bug fixes and improvements in scanning of compressed files. From v4.90 on, NVC32.EXE does not require the NVC 4.x configuration and licence file NVC32.CFG. 6.3 NVCOD.EXE v5.10 -- GUI On-demand scanner Minor bug fixes and improvements in scanning of compressed files. Improved reporting in situations when a compressed file cannot be scanned. 6.4.0 NVCC.EXE v5.10 -- New NVC 5 compliant command line scanner 6.4.1 This program is based on the same On-demand scanner kernel as NVCOD combined with a downscaled command line interface from NVC32. The differences between NVC32 and NVCOD are: - NVCC employs NVC5 configuration for what to scan for, what to exclude, and how to quarantine files. - NVCC employs NVC5 Messaging system for all logging purposes. - NVCC employs NVC5 Quarantine settings for storing infected files instead of the "x:\NORMAN\INFECTED" folder. - All command line options deciding which file types to scan, quarantining files, and creating a log file are removed. 6.4.2 The following NVC32 command line options are NOT supported by NVCC: /AF- Scan files by file extension. /AF Scan all files (default ON). /D- Delete infected files (default OFF). /D Overwrite and delete infected files (default OFF). /FL Flush temporary log file for every event logged. /LA Log all scanned files (default OFF). /LF: Log to specified report file. /LF Log to standard report file NORMAN.RPT. Logging is by default OFF. /LG Append log to existing report file. Default is overwrite. /LQ Create report file only when infections found. /LS Log all scanned directories. /MOV: Move infected files to specified directory. /MOV Move infected files to default INFECTED directory. /NVCADMCFG: Override environment NVCADMCFG. /NVCCFG: Override environment NVCCFG. /NW No expire message (default OFF). /SF Scan files by file extension. /WORK: Specify where NORMAN.RPT and the INFECTED directory is created. /X Look for EXE-header (default OFF). /Y Display detailed virus names (default OFF). To display all available command line options, type: NVC32 /? and NVCC /? 6.4.3 Note that the GUI On-demand scanner also can be used as a command line scanner: NVCOD Starts NVCOD scanning specified file(s) and path(s). NVCOD @task-file.sdf Starts NVCOD with the specified NVC5 task file. In order to utilize the NVC5 messaging system and quarantine, batch jobs using NVC32 should be rewritten to use NVCC. 7.0 Cascading distribution points From one server, you can now make any other server in the network that is updated from this NVC server into a NVC distribution point. While NVC v5.0 distributed NVC to other servers without making them NVC distribution points, you can now create subdirectories (see 'How it works' below) on the server you install to rather than physically access the servers you want to act as NVC distribution points. The basic structure for distributing configuration and task files remains the same: norman\distrib\download, where the zip files reside, and norman\distrib\nvc\config, where all configuration files (.ndf) are placed. The same applies to ...\task and the .sdf files that reside here. The new feature in NVC v5.2 will copy the entire content of the subdirectory you create (see below) onto any server you wish. 7.1 How it works 1. On the current NVC distribution server, create the subdirectory 'servername1.s' (where 'servername1' is the actual servername) under norman\distrib\nvc\config. 2. The subdirectory 'servername1.s' should contain a 'default.ndf' configuration file, in addition to possible machine specific configuration files for PCs connected to this server. For example 'machine1.ndf', 'machine2.ndf', etc. 3. Once 'servername1.s' is created on the current distribution server, the NVC agent detects the new '.s' subdirectory and downloads the entire content of the norman\distrib\nvc\config\servername1.s directory onto servername1. 4. In this process, the NVC agent instructs to act as a NVC distribution point. 5. When 'machine1' logs on, it will check for the 'machine1.ndf' on . 6. 'Machine1' acts as it's supposed to do: picks the config file 'machine1.ndf', or, if not present, selects the 'default.ndf'. 7. You can also include servers further down in the hiearchy. Under the 'servername1.s' subdirectory, create 'servername2.s' with the necessary information etc. 8. This process is not reversible from the the top server, only from the newly established NVC distribution point server. 9. For task files: follow the same procedure and create '.s' sub- directories in norman\distrib\nvc\task. =====================================================================