     U  S  I  N  G     N  E  T  S  H  I  E  L  D   2.1
     
     Copyright 1994, 1995 by McAfee, Inc. All rights reserved. 
     No part of this publication may be reproduced, transmitted, 
     transcribed, stored in a retrieval system, or translated 
     into any language in any form by any means without 
     the written permission of McAfee, Inc., 2710 Walsh Avenue, 
     Santa Clara, CA 95051-0963.
     
     McAfee is a registered trademark of McAfee, Inc.
     VirusScan, VShield, and NetShield are trademarks of
     McAfee, Inc. All other products or services mentioned
     in this document are identified by the trademarks or
     service marks of their respective companies or
     organizations.
     

CHAPTER 1 WELCOME TO NETSHIELD

     Thank you for purchasing McAfee Inc.'s NetShield(TM) software,
     a powerful and advanced system designed to detect computer
     viruses on a NetWare server. NetShield monitors server input
     and output, and protects against virus infections from 
     workstations, bridges, and modems.
     
     NetShield is a NetWare Loadable Module (NLM). This allows it
     to integrate easily into your NetWare environment and
     function independently of any workstation, guaranteeing that
     your network is always protected.
     
NETSHIELD TASKS

     It is important that you install and configure NetShield
     correctly for your particular network. As you set up
     NetShield, you'll complete the tasks necessary to maintain a
     virus-free network. Use this task list as a roadmap for
     applying the information in this reference to your network.
     
     Task 1: Installation. You'll install NetShield on every
     server at your site. Download the NetShield files and copy
     them to the SYS:SYSTEM directory on your server. For NetWare
     3.11 or 3.12 installations, you also need to download and
     install Novell patches. Refer to Chapter 2, "Installation
     and Setup," for details.
     
       NOTE: If you use a bootable floppy diskette to start
       your server, make sure that the boot diskette is clean of
       any viruses. The documentation for VirusScan, a McAfee
       virus scanning product that can be used on a workstation,
       describes a procedure for creating a clean bootable diskette.
     
     Task 2: Configuration. Set NetShield to run scans at regular 
     intervals, using the "periodic" scanning settings. Turn on
     Cyclic Redundancy Checking (CRC) if you have a stable file
     environment. CRC checking verifies that numeric check sums
     stay consistent for files. If files are changed often, then
     an error in the check sums will be reported. Finally, set 
     NetShield to scan all files transferred to the server, 
     using the "on-access" scanning settings. Refer to
     "Configuration Recommendations" in Chapter 3, "Using
     NetShield," for details. 

     Task 3: Scanning. Once you've configured NetShield, it will
     automatically scan in the background. The NetShield NLM will
     be running as long as your NetWare server is running.
     
     Task 4: Reporting. NetShield can inform you when a virus is
     found, both by broadcasting a network message to selected
     users and by recording the information in a log file. It can
     then move or delete the infected file. We recommend that you
     set up NetShield to log infections in a file, notify the
     network supervisor, and move infected files into a
     "quarantine" directory for later inspection. Refer to
     "Configuring Virus Reporting" in Chapter 3, "Using
     NetShield," for details.
     
     Task 5: Updating. As new viruses are found, McAfee will
     release new virus signature files for you to install. When
     you receive an update, or download one from the McAfee BBS,
     update one server and enable cross-server updating so that
     the new list is copied to the other servers over the
     network.
     
     Task 6: Virus elimination. Once you've identified and
     isolated an infected file, eliminate the virus using other
     McAfee products such as VirusScan and VShield. Scan does
     periodic scanning of a single PC and removes viruses from a
     single PC, while VShield does on-access scanning of a single
     PC.
     
SYSTEM REQUIREMENTS

     The NetShield program requires a Novell NetWare 386 v3.11,
     3.12, or 4.1 file server with at least 718Kb of free server
     RAM. It should utilize no more than 10% of server CPU time.
     Additional patches are needed for NetWare 3.11 or 3.12
     installations (refer to Chapter 2, "Installation and Setup,"
     for details.)
     
     NetShield is not compatible with version 3.10 of Novell 
     NetWare 386.
     
HOW TO USE THIS MANUAL

     This manual will help you get NetShield running quickly and
     properly.
     
     o  Chapter 1, "Welcome to NetShield," describes the
        NetShield program, general tasks for using NetShield,
        and system requirements.
     
     o  Chapter 2, "Installation and Setup," describes how to
        install, load, and maintain your NetShield software.
     
     o  Chapter 3, "Using NetShield," contains reference
        information laid out in a format that matches the
        NetShield menus. If you need help navigating the menus,
        look for the guides at the start of each of these
        chapters.
     
HOW TO CONTACT MCAFEE

     To contact McAfee for sales and product support:
     
     Phone      (408) 988-3832
                Monday through Friday
                6:00 am to 5:00 pm Pacific Standard Time
     
     Fax        (408) 970-9727
     
     Online 24-hour access
     (see "Online Access" later in this section)
                o  MAfee BBS
                o  CompuServe
                o  Internet
     
BEFORE YOU CALL

     For fast and accurate help, please have the following
     information ready when you contact McAfee:
     
     o  Program name and version number.
     o  Type and brand of computer, hard disk, and any peripherals.
     o  Version of DOS you are using.
     o  Version of NetWare you are using.
     o  Printouts of your AUTOEXEC.NCF and STARTUP.NCF files.
     o  A description of the exact problem you are having. Please
        be as specific as possible. If you cannot be at your
        computer when you call, a printout of the screen will be
        helpful.
     
     If you are overseas, you can contact a McAfee authorized
     agent. Agents are located in more than 50 countries around
     the world and provide local sales and support for our
     software.
     
ON-LINE ACCESS TO UPDATES AND TECHNICAL SUPPORT

     McAfee updates its software monthly to add new virus
     detectors, new options, and fix reported bugs. To distribute
     these new versions, we run a multi-line bulletin board
     system, a forum on CompuServe, and an Internet node.
     
     McAfee bulletin board system (BBS)
     
     Our multiline BBS is accessible 24 hours a day, 365 days a
     year, except for scheduled downtime and maintenance. All
     lines run high-performance modems operating from 1,200 bps
     to 28,800 bps with line settings of 8 data bits, no parity,
     and 1 stop bit. Both technical support and software updates
     are available on the bulletin board. The McAfee BBS phone
     number is (408) 988-4004.
     
     McAfee Forum on CompuServe
     
     We sponsor the McAfee Virus Help Forum on CompuServe. 
     To reach it, type GO MCAFEE at any CompuServe prompt.
     
     Internet access
     
     The latest versions of McAfee's anti-virus software are
     available by anonymous ftp (file transfer protocol) over the
     Internet from the site ftp.mcafee.com. If your domain resolver
     does not support names, use the IP address 192.187.128.3.
     Enter anonymous or ftp as your user ID and your own e-mail
     address as the password. Programs are located in the
     pub/antivirus directory. If you have questions, please send
     e-mail to support@mcafee.com.
     
     You can also find McAfee's anti-virus software at the SimTel
     Software Repository at Oak.Oakland.EDU in the
     simtel/msdos/virus directory and its associated mirror sites:
     o  wuarchive.wustl.edu (US)
     o  ftp.switch.ch (Switzerland)
     o  ftp.funet.fi (Finland)
     o  src.doc.ic.ac (UK)
     o  archie.au (Australia)

OTHER SOURCES OF INFORMATION

     The McAfee BBS and CompuServe Virus Help Forum are excellent 
     sources of information on virus protection. Batch files and 
     utilities to help you use VirusScan software are often 
     available, along with helpful advice.
     
     Independent publishers, colleges, training centers, and 
     vendors also offer information and training about virus 
     protection and computer security.

     We especially recommend the following books:

     o  Ferbrache, David. A Pathology of Computer Viruses. 
        London: Springer-Verlag, 1992. (ISBN 0-387-19610-2)

     o  Hoffman, Lance J. Rogue Programs: Viruses, Worms,
        and Trojan Horses. Van Nostrand Reinhold, 1990. 
        (ISBN 0-442-00454-0)

     o  Jacobson, Robert V. The PC Virus Control Handbook, 
        2nd Ed. San Francisco: Miller Freeman Publications, 
        1990. (ISBN 0-87930-194-0)
       
     o  Jacobson, Robert V. Using McAfee Associates Software for 
        Safe Computing. New York: International Security Technology, 
        1992. (ISBN 0-9627374-1-0)

     In addition, the following sources can provide useful information 
     about viruses:
     
     o  National Computer Security Association (NCSA), 
        10 South Courthouse Avenue, Carlisle, PA 17013
     o  CompuServe VIRUSFORUM
     o  Internet comp.virus newsgroup

CHAPTER 2 INSTALLATION AND SETUP

     Installing NetShield is a straightforward process. You
     simply download the NetShield 2.1 files, copy them to the
     SYS:SYSTEM directory on your server, modify the AUTOEXEC.NCF
     file to load NetShield automatically upon server startup,
     then load NetShield. If you are running Novell v3.11 or
     3.12, you also need to install NetWare patches obtained from
     Novell or McAfee. This chapter describes these tasks in detail.
     
     NOTE: If you are upgrading from an earlier version of
     NetShield, be sure to back up the files in your NetShield
     directory before proceeding.
     
STEP 1: DOWNLOAD THE NETSHIELD SOFTWARE

     Obtain the latest NetShield software from the McAfee BBS,
     CompuServe, or the Internet. Refer to "Contacting McAfee" in
     Chapter 1, "Welcome to NetShield," for information about
     accessing these services.
     
     Downloading Files
     
     Download and uncompress the latest NetShield compressed
     (.ZIP) files. It contains the following files:
     
     Filename       Description
     NETSHLD.NLM    NetShield 2.1 NLM file
     NAMES.DAT      Virus Scanner data file
     SCAN.DAT       Virus Scanner data file
     VIR$CFG.DAT    NetShield 2.1 base configuration file
     NETSHLD2.TXT   NetShield 2.1 documentation
     
     Copying files
     
     Copy these files to the SYS:SYSTEM directory on your NetWare
     server. You can choose a different location on your server,
     but we recommend this directory. If you choose a different
     directory, you must add this directory to the search path
     using the NetWare SEARCHADD command. For more information,
     see your NetWare documentation.
     
     Unless otherwise specified, NetShield creates, loads, and 
     saves configuration files, log files, and reports in the 
     directory where the NETSHLD.NLM file is located.
     
     NOTE: You must be logged in with create and delete rights to
     the directory on the target server volume.
    
     Validating NETSHLD.NLM
     
     When you download a program file from any source other than 
     the McAfee bulletin board or other McAfee service, it is 
     important to verify that it is authentic, unaltered, and 
     uninfected. McAfee anti-virus software includes a program 
     called Validate that helps you do this. When you receive a new
     version of VirusScan, run Validate on all of the program files.
     To do this for VirusScan, start from the system prompt (C> or 
     [C:\]):

     1. Change to the directory to which you have downloaded 
        the files. For example, if you have stored the files in 
        C:\MCAFEE\DOWNLD:
              
              C> c:
              C> cd \mcafee\downld
     
     2. Type the command:
              
              C> validate netshld.nlm
     
     3. Compare the results with the information in the README.1ST 
        file or other text file for the program you validated. 

     If the validation results match what is in the file, it is 
     highly unlikely that the program has been modified.

STEP 2: DOWNLOAD NETWARE PATCHES (NETWARE 3.11 OR 3.12 SITES ONLY)

     NetShield requires the following NetWare patch files for
     NetWare 3.11 and 3.12. Use the following recommended versions
     (in parentheses):
     
     A3112.NLM (4.10A)          
     AFTER311.NLM (4.10A)       
     CLIB.NLM (3.12h)
     MATHLIB.NLM (3.12h)       
     MATHLIBC.NLM (3.11h)       
     NWSNUT.NLM (4.11)
     
     Novell supplies these patches in the LIBUP4.EXE file. To
     obtain this file:
     
     o  From Novell, see the Novell NetWire on CompuServe, the
        ftp.novell.com anonymous ftp site on the Internet, or
        other Novell on-line services.
     
     o  From McAfee, download it from the McAfee BBS under File
        Area "P" (for Patches), or from the mcafee.com FTP site in
        the pub/patches directory.

     Copy these files to the SYS:SYSTEM directory on your NetWare
     3.11 or 3.12 server.
     
     NOTE: Do not install these patches on a NetWare 4.x server.
     
STEP 3: CUSTOMIZING THE AUTOEXEC.NCF FILE

     We recommend that you change your server's AUTOEXEC.NCF file
     so that NetShield loads automatically whenever the server
     starts up.
     
     To edit this file, use the NetWare LOAD INSTALL command (for
     more information, refer to your Novell documentation). Add
     the following command line to this file:
     
     LOAD NETSHLD DEFAULT
     
     For a description NetShield load options, refer to the next
     section, "Loading NetShield."
     
     Save your changes, then restart your server for these
     changes to take effect.
     
STEP 4: LOADING NETSHIELD

     Now that you have installed NetShield, you can load it using
     various stored settings. You can use the default NetShield
     settings, the settings stored in the standard configuration
     file (VIR$CFG.DAT), or those stored in a custom
     configuration file. NetShield creates VIR$CFG.DAT
     automatically when you load the program for the first time.
     
     Load NetShield using one of the following options:
     
     o  To run NetShield with the default settings and no
        configuration file, use this command:
          
          LOAD NETSHLD
          
     o  To run NetShield with the default configuration file,
        VIR$CFG.DAT, from the SYS:SYSTEM directory, use this command:
          
          LOAD NETSHLD DEFAULT
          
     o  To run NetShield with a user-specified configuration file
        from the directory you specify, use the following command:
          
          LOAD NETSHLD [path \ filename]
          
        If the configuration file does not reside in the same
        directory as NetShield, you must specify the complete
        path, including the volume name. You can enter these
        commands at the NetWare server console prompt or the
        remote login prompt. Alternatively, you can have them
        execute automatically in the AUTOEXEC.NCF file.
     
        NOTE: Do not load NetShield 2.1 with a version 1.x
        configuration file. NetShield Version 1.x configuration
        files are not compatible with NetShield Version 2.1.
     
STEP 5: VIEWING NETSHIELD'S OPENING SCREEN

     When you first load NetShield, you will see a screen similar
     to the following example:
     
       NetShield Version 2.1                NetWare Loadable Module
     
          McAfee, Inc. NetShield Virus Protection For File Server
                                    SERVER1
                              Mon Feb 20, 1995
  
                             NetShield Main Menu Options
  
                             Immediate Scan
                             Configure Scanning Mode
                             Configure Virus Detection
                             Configure NetShield NLM
                             Configure Virus Reporting
                             Configure Network Security
     
          Press F10 To View Scanning Statistics
     
     The Main menu is the highest-level menu in the hierarchy.
     The NetShield menu system uses conventional NetWare keys for
     menu navigation. You highlight, select, and exit menus as
     you would any NetWare utility, such as SYSCON. For general
     instructions about navigating NetWare menus, refer to your
     Novell documentation.
     
     You can press F10 at any time to display the Status window,
     which shows the current status of many of the NetShield
     configuration settings. The following example shows the
     initial NetShield default settings.
     
       NetShield Version 2.1                NetWare Loadable Module
     
         Volume Scanning:      DISABLED    NetShield Delay Factor:  3
         On Access Scanning:   DISABLED    CPU Utilization:   0 percent
         Periodic Scanning:    DISABLED    Detection Action: Ignore
         Logging:              DISABLED
         CRC Checking:         DISABLED    Mon Sep 19  15:01:45 1994
         User Alarms:          DISABLED
         Console Messages:     DISABLED
         Network Monitoring:   DISABLED    Access Time Remaining  0 Minutes
     
         Volume Scanning Statistics
          Scanning:
          Detected:
         Periodic Scanning Statistics
          Scanning:
          Detected:
         On Access Scanning Statistics
          Inbound:
          Detected:
          Outbound:
          Detected:
     
         Press F10 To View Menus
     
     Press F10 again to return to the current menu. Most scanning
     options are disabled or configured to minimum settings. For
     more information about the features listed in NetShield's
     Status window, refer to Chapter 3, "Using NetShield."
     
EXITING NETSHIELD

     You can unload NetShield from server memory to free up
     server resources. Exiting NetShield halts any current scans
     in process.
     
     To exit NetShield, press ESCAPE from the Main menu.
     NetShield displays a confirmation prompt. Press Y to confirm
     that you want to exit NetShield.
     
     Exiting NetShield in this manner has the same effect as
     entering the following command at the NetWare server console
     prompt:
          unload netshld
          
     Either way, if NetShield is configured with an unload
     password, you must supply the password to exit. Otherwise,
     typing this command will fail, and the only alternative is
     to switch to NetShield and exit from the Main menu. For more
     information, refer to "Setting the Unload Password" in
     Chapter 3, "Using NetShield."
     
UPDATING NETSHIELD REGULARLY

     Unfortunately, new viruses (and variants of old ones) appear
     and circulate often in the personal computer community.
     Fortunately, McAfee updates the antivirus data files
     regularly, usually monthly, but sooner if many new viruses
     have appeared. Each new version may detect as many as 60-100
     new viruses or more, and may add new features. For
     instructions on downloading McAfee updates, refer to
     "Contacting McAfee" in Chapter 1, "Welcome to NetShield.."
     To find out what is new in a downloaded release, review the
     accompanying README.1ST text file.
     

CHAPTER 3 USING NETSHIELD

     Once you have installed and loaded NetShield, you can begin
     using it to protect your network from viral infection. This
     chapter describes each feature in detail and shows you how
     to use NetShield most effectively in your network
     environment.
     
     NetShield detects known viruses by searching the system for
     known characteristics (sequences of code) unique to each
     computer virus and reporting their presence if found. For
     viruses that encrypt or cipher their code so that every
     infection is different, NetShield uses detection algorithms
     that work by statistical analysis, heuristics, and code
     disassembly.
     
     NetShield can also check for new or unknown viruses by
     comparing files against previously recorded validation data.
     For more information, refer to "Setting CRC Validation" in
     this chapter. If a file has been modified, it will no longer
     match the validation data, and NetShield will report that
     the file may have become infected.
     
     NetShield can scan your system in the following ways:
     
     o  Immediate scanning performs a scan of your system, on
        demand, using current scan settings. For more information,
        refer to "Running an Immediate Scan" in this chapter.
     
     o  On Access scanning prevents infected files from being
        copied to or from server volumes. For more information,
        refer to "Using On Access Scanning" in this chapter.
     
     o  Periodic scanning schedules scanning for a specific day
        and time. For more information, refer to "Using Periodic
        Scanning" in this chapter.
     
     In each case, you can determine which network volumes
     NetShield scans. You can use any or all of these scanning
     methods in combination.
     
IF YOU DETECT A VIRUS

     We strongly recommend that you get experienced help in
     dealing with viruses if you are unfamiliar with anti-virus
     software and methods. This is especially true for "critical"
     viruses, because improper removal of these viruses can
     result in the loss of all data and use of the infected
     disks.
     
     If you are at all unsure about how to proceed once you have
     found a virus, contact McAfee for assistance. For instructions,
     see "How to Contact McAfee" in Chapter 1.
     
     
CONFIGURATION RECOMMENDATIONS

     We recommend that you customize NetShield with the settings
     that best fit the needs of your network environment, then
     save settings in a configuration file so that you can load
     them easily in the future. For more information, refer to
     "Setting Configuration File Options" in this chapter.
     
     If it finds or suspects a virus, NetShield can perform
     certain actions automatically, depending on how you have
     configured NetShield:
     
     o  NetShield can delete, move, or ignore an infected file.
        We recommend that you move infected files to a quarantine
        directory for later inspection. For more information,
        refer to "Setting the Infected File Action" in this chapter.
     
     o  NetShield can notify selected users and the system
        console of a possible infection. We recommend that you
        enable this feature so that system administrators are
        informed as soon as viruses are detected. For more
        information, refer to "Setting the User Contact Action" 
        in this chapter.
     
     o  NetShield can record a virus incident in a log file. We
        recommend that you enable this feature so that you can use
        the information to investigate any viral infections that
        arise. For more information, refer to "Setting the Log
        File" in this chapter. You can view or print the contents
        of this log for future reference.
     
     For network environments requiring strict security, consider
     using the following features:
     
     o  NetShield can require a password before it can be
        unloaded on the server. For more information, refer to
        "Setting the Unload Password" in this chapter.
     
     o  NetShield can prevent users from writing to selected
        network directories, such as system directories containing
        application executable files. For more information, refer
        to "Configuring Network Security" in this chapter.
     
     To optimize server performance, consider adjusting the
     execution priority. For more information, refer to "Setting
     the Delay Factor" in this chapter.
     
RUNNING AN IMMEDIATE SCAN

     NetShield can run a scan on-demand using immediate scanning.
     NetShield scans the server volumes you select.
     
     From the NetShield Main menu, choose Immediate Scan.
     NetShield displays the Immediate Scan menu  with the
     following options:
     
     o  Start Scan
     o  Stop Scan
     o  Edit Volume
     
     The rest of this section describes these options in detail.
     
SELECTING VOLUMES TO SCAN

     Before you start checking for viruses on your network, you
     must first select one or more volumes to scan. You can
     modify the list of volumes that NetShield scans for viruses.
     
     From the NetShield Main menu, choose Immediate Scan | Edit
     Volume. NetShield displays a list of currently selected
     volumes.
     
     o  To add a volume to the list, press INSERT. NetShield
        displays a list of available volumes. Highlight the volume
        you want to add, then press ENTER (to select multiple
        volumes, highlight each one and press F5 to mark it, then
        press ENTER). NetShield adds the selected volume(s) to the
        list of volumes to scan.
     
     o  To remove a volume from the list of selected volumes,
        highlight it, then press DELETE. The selected volume is no
        longer displayed in the list of volumes to scan.
        
     Once you have selected the volumes you want to scan, you can
     begin scanning your system.
     
RUNNING AN IMMEDIATE SCAN

     You can tell NetShield to start scanning immediately, based
     on your current scan settings.
     
     From the NetShield Main menu, choose Immediate Scan | Start Scan.
     NetShield starts scanning your system. To see scanning
     statistics, press F10: NetShield displays the name of each
     file it scans, as well as the name of the last virus found
     (if any).
     
     NOTE: If NetShield finds a virus, refer to "If you detect a
     virus" earlier in this chapter for more information.
     
INTERRUPTING A SCAN IN PROGRESS

     NetShield scans your system until all selected items
     (volumes, directories, files) have been checked for viruses.
     If necessary, however, you can interrupt an immediate scan
     in progress.
     
     From the NetShield Main menu, choose Immediate Scan | Stop
     Scan. NetShield displays a confirmation prompt.
     
     NOTE: When you interrupt scanning, you prevent NetShield
     from completely checking the selected volumes on your system
     for viruses. To ensure that your system is virus-free, you
     must run a complete, uninterrupted scan.
     
CONFIGURING THE SCANNING MODE

     In addition to immediate scanning, NetShield provides the
     following scanning modes:
     
     o  On Access Scanning prevents infected files from being
        copied to or from server volumes.
     
     o  Periodic Scanning schedules scanning for a specific day
        and time.
     
     From the NetShield Main menu, choose Configure Scanning
     Mode. NetShield displays the Scanning Mode Configuration
     menu with the following options:
     
     o  On Access Scanning
     o  Periodic Scanning
     
     The rest of this section describes these scanning modes in detail.
     
USING ON ACCESS SCANNING

     If On Access scanning is enabled, NetShield can protect your
     server against viruses by preventing infected files from
     being copied to or from server volumes. If a filemask is
     used in the copy operation (for example, *.EXE), NetShield
     prevents only infected files from being copied. Use on
     access scanning to prevent spreading viruses in the interim
     between regular scans.
     
     NOTE: If NetShield finds a virus, refer to "If you detect a
     virus" earlier in this chapter for more information.
     
     To use on access scanning, from the NetShield Main menu,
     choose Configure Scanning Mode | On Access Scanning.
     NetShield displays the On Access Scanning menu with the
     following options:
     
     o  Inbound Files Only
     o  Outbound Files Only
     o  Inbound and Outbound Files
     o  Disable On Access Scanning
     
     Select the option you want.
     
     Inbound Files Only
     
     Select this option to prevent copying infected files to the
     selected server volume. When a copy operation is attempted,
     NetShield checks the file on the target volume and, if
     infected, deletes, moves, or ignores the file according to
     the current action setting. For more information, refer to
     "Setting the Infected File Action" later in this chapter.
     
     We recommended this option for most environments because it
     protects the server but avoids running extra scans every
     time files are copied from the server volume.
     
     Outbound Files Only
     
     Select this option to prevent copying infected files from
     selected server volumes to other server or workstation
     volumes. When a copy operation is attempted, NetShield
     checks the file on the source volume and, if infected,
     deletes, removes, or ignores the file according to the
     current action setting. For more information, refer to
     "Setting the Infected File Action" later in this chapter.
     
     This option does not protect the server volume against
     infected files copied to it, and is recommended only in
     cases where the server volume is read-only and might contain
     infected files.
     
     Inbound and Outbound Files
     
     Select this option to prevent copying infected files to or
     from selected server volumes. This option combines the two
     previous options and offers the highest degree of protection
     for both servers and workstations. It may, however, result
     in extra scans if the server volume is highly unlikely to
     contain infected files.
     
     Viewing Statistics for On Access Scanning
     
     When you open the On Access Scanning menu, NetShield
     displays information similar to the following example:
     
                NetShield On Access Virus Detection Summary
     
       Last Inbound File Scanned:
       Last Outbound File Scanned:
       Last Inbound Virus Detected:
       Last Outbound Virus Detected:
       Total Files Scanned: 360        Total Infected Files Found: 271
       Current On Access Scan Mode:    Both Inbound and Outbound Files
     
     Disabling On Access Scanning
     
     Select this option to disable on access scanning altogether
     or to interrupt an on access scan in progress. Thereafter,
     NetShield will not check files as they are copied to or from
     the server volume.
     
USING PERIODIC SCANNING

     You can schedule NetShield to automatically scan server
     volumes at a future date and time. Thereafter, NetShield
     runs the scan at the scheduled time if the server is running
     and NetShield is loaded and running. In this way, you can
     scan your network unattended, during periods of low network
     traffic, and thereby ensure that scanning occurs on a
     regular basis. For each scheduled scan, you can specify when
     to scan, what to scan, and which scan options to use.
     
     NOTE: If NetShield finds a virus, refer to "If you detect a
     virus" earlier in this chapter for more information.
     
     From the NetShield Main menu, choose Configure Scanning Mode
     | Periodic Scanning. NetShield displays the Periodic
     Scanning menu with the following options:
     
     o  Scanning
       o  Day of Week
       o  Day of Month
       o  Time of Day
     o  Select Volumes to Scan
     o  Load Scan Settings from File
     o  Save Scan Settings to File
     
     Select the option you want.
     
     Selecting the Scanning Frequency
     
     You can schedule scanning on a daily, weekly, or monthly
     basis. For the best network performance, schedule scanning
     during periods of low network traffic, such as at 2:00 am or
     on weekends.
     
     To enable scanning, highlight Scanning <DISABLED> and press
     ENTER. NetShield displays the Select Scanning Frequency menu
     with the following options. Select the scanning frequency
     you want and enter the required information:
     
     o  Daily: Enter the time of day (0:01 to 23:59, in 24-hour format).
     
     o  Weekly: Enter the day of the week (Sunday to Saturday)
        and the time of day (0:01 to 23:59).
     
     o  Monthly: Enter the day of the month (1-31) and the time
        of day (0:01 to 23:59). If you enter 31, NetShield will
        scan on the last day of the month, even if it has fewer
        than 31 days.
     
     Thereafter, NetShield runs the scan at the scheduled date and time.
     
     Selecting Volumes for Periodic Scanning
     
     You can select the network volumes you want to scan in
     periodic scanning. These apply to the periodic scan only,
     and do not change the currently selected volumes for
     immediate or on access scanning. For more information, refer
     to "Selecting Volumes to Scan" earlier in this chapter.
     
     Highlight Select Volumes To Scan and press ENTER. NetShield
     displays a list of currently selected volumes.
     
     o  To add a volume to the list, press INSERT. NetShield
        displays a list of available volumes. Highlight the volume
        you want to add, then press ENTER (to select multiple
        volumes, highlight each one and press F5 to mark it, then
        press ENTER). NetShield adds the selected volume(s) to the
        list of volumes to scan.
     
     o  To remove a volume from the list, highlight it, press DELETE,
        then choose Yes when prompted to confirm deletion.
        NetShield removes the selected volume from the list of
        volumes to scan.
     
     NetShield will scan the selected volumes in subsequent
     scheduled scans, including any changes you have just made.
     
     Saving a Configuration File for Periodic Scanning
     
     You can store NetShield scan settings that apply only to the
     periodic scan in a special configuration file. By default,
     NetShield uses SYS:\SYSTEM\PER$CFG.DAT. We recommend that
     you use the default path so that configuration files are
     easy to locate.
     
     Configuration files for periodic scanning differ from
     configuration files created according to the instructions in
     "Setting Configuration File Options" later in this chapter.
     They contain only the scheduled scanning date and time, plus
     the volumes selected for periodic scanning.
     
     From the Periodic Scanning menu, highlight Save Scan
     Settings to File and press ENTER. NetShield prompts you to
     identify the configuration file you want to save. Type the
     volume, path, and name of the configuration file you want,
     then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until you select 
        the one containing the configuration file you want to use.
     
     5. Highlight the configuration file you want to use, then
        press ESCAPE. NetShield displays the volume, path, and
        filename you selected.
     
     6. Press ENTER to accept this path and filename, or ESCAPE
        to abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, saves the configuration file you specified.
     
     Loading a Configuration File for Periodic Scanning
     
     You can load a periodic scanning configuration file created
     using the instructions in the previous section, "Saving a
     Configuration File for Periodic Scanning." By default,
     NetShield uses SYS:\SYSTEM\PER$CFG.DAT.
     
     From the Periodic Scanning menu, highlight Load Scan
     Settings from File and press ENTER. NetShield prompts you to
     identify the configuration file you want to load. Type the
     volume, path, and name of the configuration file you want,
     then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
        
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the configuration file you
        want to use.
     
     5. Highlight the configuration file you want to use, then
        press ESCAPE. NetShield displays the volume, path, and
        filename you selected.
     
     6. Press ENTER to accept this path and filename, or ESCAPE
        to abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, loads the configuration file you specified and
     uses it for subsequent scheduled scans.
     
     Disabling Periodic Scanning
     
     You can disable periodic scanning to halt a period scan in
     progress or to prevent future scheduled scans.
     
     To disable periodic scanning, highlight Scanning, then press
     ENTER. NetShield displays the Scanning Frequency list.
     Highlight <DISABLED>, then press ENTER.
     
CONFIGURING VIRUS DETECTION

     You can configure NetShield to take certain actions
     automatically if it finds an infected file when scanning
     your network. NetShield can:
     
     o  Delete, remove, or ignore infected files.
     
     o  Notify selected users and generate a message to the
        NetWare system console that a virus has been found.
     
     To configure NetShield in this way, from the NetShield Main
     menu, choose Configure Virus Detection. NetShield displays
     the Virus Detect Configuration menu with the following
     options:
     
     o  Infected File Action
     o  User Contact Action
     
     The rest of this section describes these options in detail.
     
SETTING THE INFECTED FILE ACTION

     You can tell NetShield what to do with infected files found
     during a scan. NetShield can delete them to prevent further
     infection, move them to a quarantine directory for
     inspection or uploading to McAfee, or do nothing but report
     the infection in a log file.
     
     From the NetShield Main menu, choose Configure Virus
     Detection | Infected File Action. NetShield displays the
     Select Action from List menu with the following options:
     
     o  Delete & Overwrite Infected File
     o  Move Infected File
     o  Ignore Infected file
     
     Select the action you want from the list.
     
     Deleting and Overwriting Infected Files
     
     Select this option to delete infected files found during a
     scan so that they cannot be recovered except from backups.
     NetShield erases any infected files and writes random
     characters to the disk space formerly occupied by the
     infected file. As a result, this file is completely
     eradicated from your network and is not recoverable by you
     or other users, except from backups. This is the most secure
     option, but it can prevent you from recovering an infected
     file you might want to save for further inspection.
     
     Moving Infected Files
     
     Select this option to move infected files found during a
     scan to a different directory so that you can inspect them
     yourself and, if you want, upload them to McAfee for expert
     inspection. To avoid a situation in which users could
     inadvertently load an infected file and spread the virus,
     the directory you specify should be a "quarantine directory"
     to which only system administrators have access.
     
     To specify a directory, type the volume and path of the
     directory you want, then press ENTER. Alternatively, to find
     the directory:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you highlight the one you want to use for infected files.
     
     5. Highlight the directory you want to use, then press
        ESCAPE. NetShield displays the volume, path, and filename
        you selected.
     
     6. Press ENTER to select this directory.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, uses the directory you selected. If the
     directory you specify does not exist, NetShield creates it
     for you automatically.
     
     Ignoring Infected Files
     
     Select this option to ignore infected files found during a
     scan. NetShield leaves any infected files intact on your
     system, which could result in further viral infection. We
     therefore recommend that you check the log files for
     infected files immediately after scanning and, if found,
     take steps to protect your system.
     
     WARNING: This option is less secure than other options.
     Infected files might still be copied to the server and
     viruses might spread even when NetShield is active.
     
SETTING THE USER CONTACT ACTION

     You can configure NetShield to send a broadcast message, 
     MHS message, or pager notification to one or more users 
     if infected files were found during a scan. That way, you 
     and others can know immediately when viruses have been detected 
     on your network. NetShield can also generate console messages 
     to the NetWare server console.
     
     From the NetShield Main menu, choose Configure Virus
     Detection | User Contact Action. NetShield displays the User
     Contact Actions menu.
     
     o  Edit MHS Configuration
     o  Edit Pager Configuration
     o  Edit User Contact List
     o  Enable User Alarms
     o  Enable Console Messages
     
     Select the options you want.
     
     Editing the MHS Configuration
     
     Select this option to have NetShield, if a virus is detected, 
     notify users automatically via e-mail. NetShield gets messages 
     to network administrators and support personnel using Novell's 
     Message Handling Service (MHS), which can route e-mail messages 
     throughout your network and via mail gateways to external 
     mail services.
     
     Note: To use this feature, you must have Novell Basic or Global 
     MHS installed and running on your network, and you must have a 
     list of possible recipients defined within your MHS setup.

     If NetShield detects a virus during volume scanning, NetShield 
     sends mail notifications once to selected users after scanning 
     is concluded. If on access scanning is enabled (see "Using On 
     Access Scanning" earlier in this chapter), however, NetShield 
     sends a notification as soon as a virus is detected. For example, 
     if a user copies 20 infected files, NetShield notifies active 
     users with 20 different messages in rapid succession. 
     
     To prevent a backlog of redundant messages, you can set a 
     Minimum Notification Interval (MNI), in minutes, that NetShield 
     will wait before sending a new notification. For example, if 
     the MNI is set to 5 and all 20 infected files are copied 
     within 5 minutes, NetShield sends only one message. If it takes 
     16 minutes to copy all 20 files, NetShield sends 3 rounds of 
     messages.

     From the User Contact Actions menu, choose Edit MHS Configuration. 
     NetShield displays the MHS Configuration menu with the following 
     options:

     o  Edit Master MHS User List
     o  Edit Active MHS User List
     o  Edit MHS Server Configuration
     o  Send Test Mail to Active List Members
     o  MHS Alert Status

     Select the options you want.

     Editing the Master MHS User List

     You can create a master list of likely recipients of NetShield 
     notifications, such as network administrators or support staff. 
     You use this list to select active MHS recipients, as described in 
     "Editing the Active MHS User List" later in this section.

     To specify users in the master list, highlight Edit Master MHS 
     List and press ENTER. NetShield displays a list of possible 
     MHS recipients.

     o  To add a user to the list, press INSERT. NetShield displays 
        a list of available users. Highlight the user you want to add, 
        then press ENTER. NetShield adds the selected user to the 
        master MHS user list.

        NetShield obtains the recipient's name and mail address. 
        Specify a Minimum Notification Interval for the user, if you 
        want, or leave it unchanged to use the default interval defined 
        in "Editing the MHS Configuration" later in this section.
     
     o  To remove a user from the list, highlight it, then press DELETE. 
        NetShield deletes the selected user from the master MHS user list.
     
     Editing the Active MHS User List

     From the master list of MHS users, you can select the users 
     that NetShield will notify automatically if a virus is detected. 
     
     To specify the users to notify, highlight Edit Active MHS User 
     List and press ENTER. NetShield displays a list of users to 
     notify (this list is initially empty).
     
     o  To add a user to the list, press INSERT. NetShield displays 
        the master MHS user list. Highlight the user you want to add, 
        then press ENTER. NetShield adds the selected user to the list 
        of users to notify.

     o  To remove a user from the list, highlight it, then press DELETE. 
        NetShield deletes the selected user from the list of users to 
        notify.
     
     NetShield will notify the users on this list, not on the master 
     MHS list.

     Editing the MHS Configuration
     
     You must supply NetShield with certain information needed to 
     communicate via MHS. Choose Edit the MHS Configuration and 
     enter the following information.

     o  MHS Server Name, which is the name of the server running 
        the MHS service.
     
     o  MHS Server User Name, which is a valid user name for the MHS 
        server. NetShield uses this when connecting to the MHS server.
     
     o  MHS Server Password associated with the MHS Server User Name 
        entered above.
     
     o  Minimum Mail Interval for NetShield to use when it is not 
        specified for an active user.
     
     Press ENTER to save your changes, or ESC to exit without saving them.

     Sending Test Mail to Active List Members
     
     To verify your current MHS settings, we recommend that you 
     send test mail to users on the active list. Choose Send Test Mail 
     to Active List Members, and NetShield will send a message to every 
     user on the list.

     Setting the MHS Alert Status
     
     Select this option to activate or disable the MHS alert feature. 
     To change the current setting, highlight MHS Alert Status, 
     press ENTER, then choose <ENABLED> or <DISABLED> from the prompt.

     Editing the Pager Configuration

     Select this option to have NetShield, if a virus is detected, 
     notify users immediately via pagers. NetShield dials standard 
     pager numbers and sends your message to selected network 
     administrators and support personnel. 
     
     Note: To use this feature, you must have a Hayes-compatible 
     modem installed, running, and accessible on your NetShield server.

     If NetShield detects a virus during volume scanning, NetShield 
     sends page notifications once to selected users after scanning 
     is concluded. If on access scanning is enabled (see "Using On 
     Access Scanning" earlier in this chapter), however, NetShield 
     sends a notification as soon as a virus is detected. 
     
     For example, if a user copies 20 infected files, NetShield 
     notifies active users with 20 different pages in rapid succession. 
     
     To prevent a backlog of redundant pager notifications, you can 
     set a Minimum Notification Interval (MNI), in minutes, that 
     NetShield will wait before sending a new notification. For example, 
     if the MNI is set to 5 and all 20 infected files are copied within 
     5 minutes, NetShield sends only one pager notification. If it 
     takes 16 minutes to copy all 20 files, NetShield sends 3 rounds 
     of pager notifications.

     If NetShield cannot get a dial tone for the configured modem, 
     it waits 3 minutes and retries. After 3 unsuccessful attempts, 
     NetShield displays an error message on screen and, if enabled, 
     displays it on the server console and writes it to the log file.

     From the User Contact Actions menu, choose Edit Pager Configuration. 
     NetShield displays the Pager Configuration menu with the 
     following options:
     
     o Edit Master Pager User List
     o Edit Active Pager User List
     o Edit Pager Configuration
     o Test Selected Pagers
     o Pager Alert Status

     Select the options you want.
     
     Editing the Master Pager User List
     
     You can create a master list of likely recipients of NetShield 
     notifications, such as network administrators or support staff. 
     You use this list to select active pager recipients, as described 
     in "Editing the Active Pager List" later in this section.

     To specify users in the master list, highlight Edit Master Pager 
     List and press ENTER. NetShield displays a list of possible pager 
     recipients (this list is initially empty).

     o  To add a user to the list, press INSERT. NetShield displays 
        Enter Pager Record menu. Enter the name of the person to page, 
        their Minimum Notification Interval (optional), and a dial 
        string, which has the following format:

        o  Dial Prefix, such as 9 to get an outside line (required 
           for some phone systems)
        
        o  Area Code
        
        o  Phone Number (without hyphens, periods, or parentheses)
        
        o  Delay, using commas, which sets a 2-second delay per comma.
           (required by some pager services, and varying from service 
           to service)
        
        o  Personal Identification Number (PIN) (required by some
           pager services)
        
        o  Message (up to 40 characters)
        
        Here is an example dial string: 
        
        9,1,8007597243,,,9999999#,,,222#,#

        This string dials 9 to get an outside line, dials an 
        800 number, pauses for 6 seconds, enters a PIN (of 9999999), 
        pauses another 6 seconds, enters a message of "222" that 
        terminates with the pound sign (#, which is required for 
        some pager services, waits 2 seconds, and terminates 
        the call with the pound sign (again, required for some 
        pager services).

        Press ENTER to save your changes, or ESC to exit without 
        saving them.

     o  To remove a user from the list, highlight it, then press DELETE. 
        NetShield deletes the selected user from the master pager list.

     Editing the Active Pager User List
     
     From the master list of pagers, you can select the users that 
     NetShield will notify automatically if a virus is detected. 
     
     To specify the users to notify, highlight Edit Active Pager User 
     List and press ENTER. NetShield displays a list of users to 
     notify (this list is initially empty).
     
     o  To add a user to the list, press INSERT. NetShield displays 
        the master pager list. Highlight the user you want to add, 
        then press ENTER. NetShield adds the selected user to the 
        list of users to notify.
     
     o  To remove a user from the list, highlight it, then press 
        DELETE. NetShield deletes the selected user from the list 
        of users to notify.
     
     NetShield will notify the users on this list, not on the master 
     pagers list.

     Editing the Pager Configuration

     You must supply NetShield with certain information needed to 
     communicate with pagers via modem. Choose Edit the Pager 
     Configuration and enter the following information:

     o  Communications Board Number, as defined by the AOICOMX.NLM
        utility, which determines the board number of the modem 
        installed on your NetShield server machine.

     o  Port Number, as defined by the AIOCOMX.NLM utility, which 
        determines the port number of the modem installed on your 
        NetShield server machine.

     o  Minimum Notification Interval for NetShield to use when 
        it is not specified for an active user.

     Press ENTER to save your changes, or ESC to exit without saving them.

     Sending a Test Page to Active List Members

     To verify your current pager settings, we recommend that you send 
     a test page to users on the active list. Choose Send Test Page 
     to Active List Members, and NetShield will send a message to 
     every pager on the list.

     Setting the Pager Alert Status

     Select this option to activate or disable the pager alert feature. 
     To change the current setting, highlight Pager Alert Status, 
     press ENTER, then choose <ENABLED> or <DISABLED> from the prompt.

     Editing the User Contact List
     
     You can have NetShield notify certain users via a broadcast message 
     if viruses have been found. To specify the users to notify, 
     highlight Edit User Contact List and press ENTER. NetShield 
     displays a list of users to notify.

     o  To add a user to the list, press INSERT. NetShield displays 
        a list of available network users. Highlight the user you 
        want to add, then press ENTER. NetShield adds the selected 
        user to the list of users to notify.

     o  To remove a user from the list, highlight it, then press DELETE. 
        NetShield deletes the selected user from the list of users to 
        notify.
     
     NetShield will notify the users on this list if viruses are found 
     in future scans, including any changes you have just made.
     
     Editing the User Contact List
     
     You can have NetShield notify certain users if viruses have
     been found. To specify the users to notify, highlight Edit
     User Contact List and press ENTER. NetShield displays a list
     of users to notify.
     
     o  To add a user to the list, press INSERT. NetShield
        displays a list of available network users. Highlight the
        user you want to add, then press ENTER. NetShield adds the
        selected user to the list of users to notify.
     
     o  To remove a user from the list, highlight it, then press
        DELETE. NetShield deletes the selected user from the list
        of users to notify.
     
     NetShield will notify the users on this list if viruses are
     found in future scans, including any changes you have just made.
     
     Enabling User Alarms
     
     You can tell NetShield whether to inform selected users that
     infected files were found during a scan. You might want to
     disable this capability if, for security reasons, you do not
     want users to know that viruses have been found. However, if
     you disable this feature, be sure to inspect the log file
     immediately after each scan so that you know whether your
     network has been infected.
     
     To change the current setting, highlight Enable User Alarms,
     type Y (for Yes) or N (for No), then press ENTER
     
     Enabling Console Messages
     
     You can tell NetShield whether to display messages about
     infected files on the NetWare system console. This provides
     an alternative method for alerting system administrators and
     maintains an audit trail for further investigation into
     virus incidents. For more information about NetWare server
     console messages, refer to your NetWare documentation.
     
     To change the current setting, highlight Enable Console
     Messages, type Y (for Yes) or N (for No), then press ENTER
     
CONFIGURING NETSHIELD NLM

     You can configure NetShield to:
     
     o  Save and load configuration files containing frequently-
        used NetShield settings.
     o  Exclude directories from scanning.
     o  Regulate server performance by assigning CPU processing
        priority to NetShield.
     o  Perform CRC validation to detect new or unknown viruses.
     o  Perform cross-server updating of NetShield data files
     o  Protect NetShield from unauthorized unloading by
        assigning a password.
     
     From the NetShield Main menu, choose Configure NetShield
     NLM. NetShield displays the NetShield NLM Configuration menu
     with the following options:
     
     o  Configuration File Options
     o  Configure Excluded Directories
     o  NetShield Delay Factor
     o  CRC Configuration Options
     o  Password Configuration
     o  Edit Cross-Server Updating
     
     The rest of this section describes these options in detail.
     
SETTING CONFIGURATION FILE OPTIONS

     You can store current NetShield configuration information in
     a disk file that you can later load as needed. You can also
     obtain a copy of the current configuration settings by
     printing a report or saving them to an ASCII text file.
     
     A NetShield configuration file stores configuration
     information in a proprietary binary format and contains
     settings information such as the selected volumes to scan,
     periodic scan settings, logging, CRC checking, and other
     NetShield settings (you can print a list of current
     settings). Passwords are encrypted.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | Configuration File Options. NetShield displays the
     Configuration File Management Options menu with the
     following options:
     
     o  Load Configuration Settings From File
     o  Save Configuration Settings To File
     o  Write Configuration Report To File
     o  Print Current Configuration Settings
     
     Select the options you want.
     
     Loading Configuration Settings from a File
     
     Select this option to load a configuration file from disk.
     NetShield prompts you to identify the configuration file you
     want to load. By default, NetShield uses
     SYS:\SYSTEM\VIR$CFG.DAT. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     Type the volume, path, and name of the configuration file
     you want, then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the configuration file you
        want to use.
     
     5. Highlight the configuration file you want to use, then
        press ESCAPE. NetShield displays the volume, path, and
        filename you selected.
     
     6. Press ENTER to accept this filename, or ESCAPE to
        abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, loads the configuration file you specified and
     uses it for subsequent scans.
     
     Saving Configuration Settings to a File
     
     Select this option to save a configuration file to disk.
     NetShield prompts you to identify the name and path of the
     configuration file you want to save. By default, NetShield
     uses SYS:\SYSTEM\VIR$CFG.DAT. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     Type the volume, path, and name of the configuration file
     you want, then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the configuration file you
        want to use.
     
     5. Highlight the configuration file you want to use, then
        press ESCAPE. NetShield displays the volume, path, and
        filename you selected.
     
     6. Press ENTER to accept this filename, or ESCAPE to
        abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, writes configuration information to the file you
     specified.
     
     Writing the Configuration Report to a File
     
     Select this option to save the configuration report in an
     ASCII text file. NetShield prompts you to identify the name
     and path of the report file you want to create. By default,
     NetShield uses SYS:\SYSTEM\VIR$CFG.RPT. We recommend that
     you use the default path so that report files are easy to
     locate.
     
     Type the volume, path, and name of the report file you want,
     then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the configuration file you
        want to use.
     
     5. Highlight the configuration file you want to use, then
        press ESCAPE. NetShield displays the volume, path, and
        filename you selected.
     
     6. Press ENTER to accept this filename, or ESCAPE to
        abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, writes configuration information to the report
     file you specified. If the report file exists, NetShield
     overwrites it.
     
     Printing Current Configuration Settings
     
     Select this option to send a report of the current
     configuration settings to a network printer queue. NetShield
     displays a list of available print queues. Highlight the
     queue you want, then press ENTER to select it. NetShield
     sends the report to the queue you selected.
     
CONFIGURING EXCLUDED DIRECTORIES

     You can exclude selected directories from scanning if you
     want to reduce scanning time and you are confident that such
     directories are unlikely to be infected by a virus. For
     example, because most viruses infect executable files, you
     might want to exclude directories that contain only data
     files.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | Configure Excluded Directories. NetShield displays the
     Configure Excluded Directories menu with the following
     options:
     
     o  Edit List of Excluded Directories
     o  Apply Exclusion List to All Scans
     
     The rest of this section describes these options in detail.
     
     Selecting Directories to Exclude
     
     Select this option to change the list of directories to
     exclude from scanning. To specify a directory to exclude,
     type the volume and path of the directory you want, then
     press ENTER. Alternatively, to find a directory:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you highlight the one you want to use for infected files.
     
     5. Highlight the directory you want to use, then press
        ESCAPE. NetShield displays the volume, path, and filename
        you selected.
     
     6. Press ENTER to select this directory.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, adds the selected directory to the list of
     excluded directories.
     
     To remove a directory from the list, highlight it, then
     press DELETE. NetShield deletes the selected directory from
     the list of directories to exclude.
     
     If the exclusion list is enabled (for more information,
     refer to the next section), NetShield will exclude
     directories from scanning using this list, including any
     changes you have just made.
     
     Applying the Exclusion List to All Scans
     
     Select this option to ignore, during scanning, the
     directories in the exclusion list. To change the current
     setting, highlight Apply Exclusion List to All Scans, press
     ENTER, then choose <ENABLED> or <DISABLED> from the prompt.
     
SETTING THE DELAY FACTOR

     You can regulate server performance during scanning by
     controlling the amount of CPU time that NetShield uses to
     conduct the scan. The lower the delay, the more CPU time is
     devoted to carrying out the scan operation.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | NetShield Delay Factor. NetShield prompts you to enter a
     priority. The default delay factor is 3. Type a number
     between 1 and 100, inclusive, then press ENTER.
     
     o  If you choose a delay setting of 1, which is the most CPU-
        intensive, 40-50% CPU usage is added and approximately one
        file is scanned per second. We recommend using higher
        settings during periods of low network traffic.
     
     o  If you choose a delay setting of 100, which is the least
        CPU-intensive, 1-2% CPU usage is added and one file is
        scanned approximately every 10 seconds. We recommend using
        lower settings during periods of high network traffic.
     
     NetShield uses the delay factor you specified.
     
SETTING CRC CONFIGURATION OPTIONS

     If your environment is highly vulnerable to viruses, or you
     require additional security against them, you can use
     NetShield's CRC (Cyclic Redundancy Check) checking option to
     detect infection by new and unknown viruses. NetShield can
     assign validation codes to files, then use those codes to
     detect file changes and warn that infection by an unknown
     virus may have occurred. NetShield stores validation
     information in an encrypted database file.
     
     The use of CRC validation codes requires an ongoing effort
     to store and maintain the codes. For example, if you install
     new programs or upgrade old ones, you should remove all the
     validation codes, then add them again to restore them. If
     you install new software, or upgrade your DOS or NetWare
     version, remember to update your recovery file.
     
     Because the validation codes will change whenever a file is
     updated, we recommend using CRC checks only in stable
     environments where few software updates are performed. In
     addition, consider excluding any directories containing data
     files that are frequently updated. To exclude directories
     from scanning, refer to "Configuring Excluded Directories"
     earlier in this chapter.
     
     Warning: Some programs are self-modifying or self-checking  
     (most programs that do this will tell you to turn off your 
     anti-virus software before running them). Such software 
     deliberately changes its own program file, often to protect 
     against viruses or illegal copying, and is therefore difficult 
     to validate in conventional ways. 
     
     If you use NetShield's CRC validation checking, these programs 
     can trigger a false alarms, and NetShield may report a virus 
     in a file that is not infected. To prevent this from occurring, 
     be sure to exclude directories containing these files, as described 
     in "Configuring Excluded Directories" earlier in this chapter.

     From the NetShield Main menu, choose Configure NetShield NLM
     | CRC Configuration Options. NetShield displays the CRC
     Configuration Options menu with the following options.
     
     o  Add CRC Code To External File
     o  Verify CRC Code From External File
     o  Remove CRC Code From External File
     o  Edit External File Name
     
     Select the options you want.
     
     NOTE: You can enable only one of the options (Add, Verify,
     and Remove) at a time during a scan. If you enable one
     option, NetShield automatically disables any other enabled option.
     
     Adding CRC Code to an External File
     
     Select this option to tell NetShield to add CRC validation
     codes to the external database file during the next scan.
     Any previous validation codes should be removed from the
     selected database file before proceeding. We recommend
     disabling this option once the validation codes have been
     added.
     
     To change the current setting, highlight Add CRC Code To
     External File, press ENTER, then choose <ENABLED> or
     <DISABLED> from the prompt.
     
     Verifying CRC Code from an External File
     
     Once you have added CRC validation codes to the database,
     select this option to tell NetShield to check for validation
     codes in subsequent scans and, if files have changed, to
     warn that infection by an unknown virus may have occurred.
     
     To change the current setting, highlight Verify CRC Code
     From External File, press ENTER, then choose <ENABLED> or
     <DISABLED> from the prompt.
     
     Removing CRC Code from an External File
     
     Once you have added CRC validation codes to the database,
     select this option to tell NetShield to remove them during
     the next scan from the selected database file. You normally
     do this if you have added or upgraded software on your
     network and need to re-add validation codes.
     
     To change the current setting, highlight Remove CRC Code
     From External File, press ENTER, then choose <ENABLED> or
     <DISABLED> from the prompt.
     
     Selecting the Name of the External File
     
     By default, the database file used to store CRC validation
     codes is named VIR$CRC.DAT, which is stored in the same
     directory as the NETSHLD.NLM file. You can change the name
     and location of the database file as needed.
     
     Type the volume, path, and name of the validation database
     file you want, then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the validation database file
        you want to use.
     
     5. Highlight the database validation file you want to use,
        then press ESCAPE. NetShield displays the volume, path,
        and filename you selected.
     
     6. Press ENTER to accept this filename, or ESCAPE to
        abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, uses the validation database file you specified.
     
SETTING THE UNLOAD PASSWORD

     You can assign a password to NetShield to ensure that only
     authorized users can unload NetShield once it has been
     loaded. The password is not case-sensitive, can be up to 40
     characters long, and can be any mix of alphanumeric and
     punctuation characters. The default NLM password is:
     NETSHIELD. The password is encrypted.
     
     From the NetShield Main menu, choose Configure NetShield NLM
     | Password Configuration. NetShield displays the Password
     Configuration menu with the following options:
     
     o  Change Existing Password
     o  Password Enable Status
     
     The rest of this section describes these options in detail.
     
     Changing the Existing Password
     
     Select this option to add a change the unload password.
     Enter the current password, if any, then enter the new
     password (or leave it blank to remove the password). Be sure
     to write down your new password and store it in a secure
     location.
     
     Enabling the Unload Password
     
     Select this option to force users to enter the unload
     password before exiting NetShield. To change the current
     setting, highlight Password Enable Status, press ENTER, then
     choose <ENABLED> or <DISABLED> from the prompt.
     
USING CROSS-SERVER UPDATING

     McAfee releases updates of the NetShield data files
     (SCAN.DAT and NAMES.DAT) regularly, usually monthly, to
     detect new viruses and variants of old ones. When you
     download updates of NetShield data files from McAfee, you
     can use NetShield's cross-server updating feature to
     automatically upgrade NetShield data files everywhere
     NetShield is installed on your network. Cross-server
     updating saves you the effort of performing this task
     manually for each server.
     
     For cross-server updating to work for all NetShield servers
     on your network, you must enable it for each NetShield
     installation. Once enabled, NetShield periodically sends a
     message to other servers, via NetWare's Service Advertising
     Protocol (SAP), that requests each server to indicate its
     version of the data files. NetShield retrieves these
     messages from other servers and, if another NetShield
     installation has a more recent version of the data files,
     obtains these files immediately from the other installation.
     In this way, you can update the date files on one server and
     have them propagate automatically to all servers.
     
     To change the current cross-server update settings, from the
     NetShield Main menu, choose Configure NetShield NLM | Edit
     Cross-Server Updating. NetShield displays the Edit Cross-
     Server Updating menu with the following options:
     
     o  Set Frequency
     o  Cross-Server Update Status
     
     To set the frequency with which NetShield will query other
     NetShield installations for their data file versions, choose
     Set Frequency and enter the time interval, in minutes (up to
     25 minutes). For example, if you entered 10, NetShield would
     query other servers every ten minutes.
     
     To activate or disable cross-server updating, choose Cross-
     Server Update Status, then choose <ENABLED> or <DISABLED>
     from the prompt.
     
     For more information about NetShield updates, refer to
     "Updating NetShield Regularly" in Chapter 2, "Installation
     and Setup."
     
CONFIGURING VIRUS REPORTING

     NetShield can keep a log of scans and infections found. You
     can view this log on screen, print it, or discard it. We
     recommend that you use NetShield's logging feature so that
     you have an audit trail to assist in your investigation of
     virus incidents.
     
     From the NetShield Main menu, choose Configure Virus
     Reporting. NetShield displays the Virus Reporting Options
     menu with the following options.
     
     o  Configure Log File Settings
     o  Select Log File Reports
     
     The rest of this section describes these options in detail.
     
SETTING UP THE LOG FILE

     NetShield can record the results of scanning (immediate, on-access,
     and periodic scans) in a log file that you can later use for 
     auditing your system and investigating problems. NetShield 
     appends log information in the log file, including the date 
     and time the scan was run and, if viruses are detected, an 
     entry for each file suspected to contain a virus (name, location, 
     and virus name).
     
     From the NetShield Main menu, choose Configure Virus
     Reporting | Configure Log File Settings. NetShield displays
     the Log File Configuration Options menu with the following options:
     
     o  Enter Log File Path
     o  Enable Logging To Log File
     
     Entering the Log File Path
     
     Select this option to specify the name and location of the
     log file. If the log file has not been configured, the
     default filename is VIR$LOG.DAT.
     
     Type the volume, path, and name of the log file you want,
     then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the log file you want to use.
     
     5. Highlight the log file you want to use, then press
        ESCAPE. NetShield displays the volume, path, and filename
        you selected.
     
     6. Press ENTER to accept this filename, or ESCAPE to
        abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, uses the log file you specified. If the file
     does not exist, NetShield creates it automatically. If the
     file exists, NetShield prompts you to overwrite the file or
     append new information to it.
     
     Enabling Logging to a Log File
     
     We recommend that logging is enabled whenever you scan so
     that you have an audit trail of infections found. If necessary,
     you can disable logging by selecting this option.
     
     To change the current setting, highlight Enable Logging to a
     Log File, press ENTER, then choose <ENABLED> or <DISABLED>
     from the prompt.
     
SELECTING LOG FILE REPORTS

     If logging is enabled, NetShield can display, print, or
     discard the contents of the currently selected log file.
     
     From the NetShield Main menu, choose Configure Virus
     Reporting | Select Log File Reports. NetShield displays the
     Select Log File Reports menu with the following options:
     
     o  View Contents of Log File
     o  Print Contents of Log File
     
     Select the options you want.
     
     Viewing the Log
     
     Select this option to display the current log file and
     peruse its contents in a scrollable window.
     
     Use these keys to navigate the scrollable window:
     
     o  HOME moves the cursor to the beginning of the line.
     o  END moves the cursor to the end of the line.
     o  PGUP and PGDN to view the log file one screen at a time.
     o  ESCAPE to exit the scrollable window.
     
     Printing the Log
     
     Select this option to print the current log file for future
     reference. NetShield displays a list of available print queues.
     Highlight the queue you want, then press ENTER to select it. 
     NetShield sends the log report to the queue you selected and 
     displays a message verifying that the report was sent.
     
CONFIGURING NETWORK SECURITY

     For highly secure networks, NetShield can detect and log any
     attempts to write to read-only directories, such as
     directories containing application executables. This log
     provides additional information about possible sources of
     viral infection on your network.
     
     You can also suspend read-only protection for authorized
     users to make changes to monitored directories, such as
     installing or upgrading software. Password protection
     ensures centralized control over access to these
     directories.
     
     To use network security, you configure NetShield by
     selecting the directories, file extensions, and users to
     monitor, then you activate network security monitoring.
     
ENTERING A PASSWORD

     Network security is password-protected to ensure that only
     authorized users have access. The default password is:
     
          login admin
          
     You should change this password when you run NetShield for
     the first time. For instructions, refer to "Changing the
     Network Security Password" later in this section.
     
     From the NetShield Main menu, choose Configure Network
     Security. NetShield prompts you to enter a password. Type
     the password (which is not case-sensitive), then press
     ENTER. NetShield displays the Configure Network Security
     menu with the following options:
     
     o  Edit Network Security Configuration
     o  Set Path for Log File
     o  Save Current Configuration To A File
     o  Restore Current Configuration From A File
     o  Current Network Security Status
     
     The rest of this section describes these options in detail.
     
EDITING THE NETWORK SECURITY CONFIGURATION

     You can configure NetShield to:
     
     o  Monitor disk write attempts for files with specific extensions.
     o  Monitor specific directories for write attempts.
     o  Exclude files from monitoring
     o  Monitor selected administrators for write attempts.
     o  Permit only selected users to write to monitored directories.
     
     You can also save and load configuration settings in a file.
     For more information, refer to "Saving the Current
     Configuration" and "Loading a Configuration" later in this
     chapter.
     
     From the NetShield Main menu, choose Configure Network
     Security | Edit Network Security Configuration. NetShield
     displays the Network Security Configuration Options menu
     with the following options:
     
     o  Create File and Extension Master List
     o  Select Entries To Monitor From Master List
     o  Select Files to be Excluded from Monitoring
     o  Select Directories To Monitor for All Users
     o  Change Monitored Users
     o  Change Temporary Authorization
     o  Change Network Security Password
     
     Select the options you want.
     
     Creating a Master List of Files and File Extensions
     
     Select this option to manage the master list of files and
     file extensions to monitor. For example, you might want
     NetShield to monitor all executable files by adding the COM,
     EXE, SYS, BIN, OVL, or DLL extensions to the list. You will
     use this master list in the next section, "Selecting Entries
     to Monitor."
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Create File and Extension
     Master List. NetShield displays the current master list.
     
     o  To add an extension to the list, press INSERT, type a
        period (required) and a new extension (up to 3 letters),
        then press ENTER. NetShield adds the new extension to the
        master list. If you want NetShield to monitor this
        extension, however, you must add it to another list. For
        more information, refer to the next section "Selecting
        Entries to Monitor."
     
     o  To add a file to the list, press INSERT, type the full
        file name (name, period, and extension), then press ENTER.
        NetShield adds the new file to the master list. If you
        want NetShield to monitor this file, however, you must add
        it to another list. For more information, refer to the
        next section "Selecting Entries to Monitor."
     
     o  To remove a file or files extension from the list,
        highlight it, then press DELETE. NetShield deletes the
        selected entry.
     
     Once you have selected the extensions you want for the
     master list, you must then select the extensions you want
     NetShield to monitor while scanning.
     
     Selecting Entries to Monitor
     
     From the master list of files and file extensions, you can
     select the list of entries that NetShield will monitor for
     unauthorized write attempts. At a minimum, consider
     specifying standard executable file extensions (EXE, COM,
     SYS, BIN, OVL, and DLL). When a file is copied to a
     monitored directory, NetShield determines whether the copied
     file or its extension exists in the list of monitored
     entries and, if so, NetShield creates a entry in the log file.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Select Entries To Monitor
     From Master List. NetShield displays the current list of
     monitored files and file extensions.
     
     o  To add an entry to the list, press INSERT. NetShield displays 
        the master list of available files and file extensions. 
        Highlight the entry you want, then press ENTER. NetShield adds 
        the new entry to the list of entries to monitor.
     
     o  To remove an entry from the list, highlight it, then
        press DELETE. NetShield deletes the selected entry from
        the list of entries to monitor. However, deleting it from
        this list does not remove it from the master list.
     
     NetShield will monitor files with the selected name or
     extension in the list, including any changes you have just made.
     
     Selecting Files to be Excluded from Monitoring
     
     You can exclude certain files and file extensions from
     monitoring, such as a backup file that is frequently updated.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Select Files To Be Excluded
     From Monitoring. NetShield displays the current list of
     excluded files.
     
     To specify a file or file extension to exclude from
     monitoring, type its name, path, and extension, then press
     ENTER. Alternatively, to find a file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you highlight the one you want to exclude.
     
     5. Highlight the file you want to exclude, then press
        ESCAPE. NetShield displays the volume, path, and filename
        you selected.
     
     6. Press ENTER to select this directory.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, adds the selected directory to the list of
     directories to monitor.
     
     To remove a directory from the list, highlight it, then
     press DELETE. NetShield deletes the selected directory from
     the list of directories to monitor.
     
     NetShield will exclude from monitoring the files and file
     extensions you selected.
     
     Selecting Directories to Monitor for All Users
     
     You can select the directories that NetShield will protect
     and monitor for unauthorized write attempts. For example,
     you might want to monitor directories that contain
     application executables.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Select Directories To
     Monitor for All Users. NetShield displays the current list
     of monitored directories.
     
     To specify a directory to include, type the volume and path
     of the directory you want, then press ENTER. Alternatively,
     to find a directory:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you highlight the one you want to use for monitored files.
     
     5. Highlight the directory you want to use, then press
        ESCAPE. NetShield displays the volume, path, and filename
        you selected.
     
     6. Press ENTER to select this directory.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, adds the selected directory to the list of
     directories to monitor.
     
     To remove a directory from the list, highlight it, then
     press DELETE. NetShield deletes the selected directory from
     the list of directories to monitor.
     
     NetShield will monitor directories using this list,
     including any changes you have just made.
     
     Changing Monitored Users
     
     You can select the administrators that NetShield will
     restrict for write attempts to all volumes and directories.
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Monitored Users.
     
     NetShield displays the list of currently restricted users.
     
     o  To add a user to the list, press INSERT. NetShield
        displays a list of available users, as shown in the
        following example:
     
          <SystemAdministrators>
          {UsersNotInAnyGroups}
          [EVERYONE]
          [WORDPROCESSING]
          
      Highlight a group, then press ENTER. NetShield displays a
      list of users for that group. Highlight a user you want to
      restrict, then press ENTER. NetShield adds the selected
      user to the list of restricted users.
     
     o  To remove a user from the list, highlight it, then press
        DELETE. NetShield deletes the selected user name from the
        list of restricted users.
     
     NetShield will monitor only users and groups in this list,
     including any changes you have just made.
     
     Authorizing Temporary Access to Monitored Directories
     
     You can suspend, for a brief time, read-only protection on
     monitored directories so that authorized users can make
     changes. For example, you might want to allow one or more
     administrators to install or upgrade software in a monitored
     directory.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Temporary
     Authorization. NetShield displays the Change Temporary
     Authorization menu with the following options:
     
     o  Change Temporary Authorization List
     o  Enable Administrative Access
     
     Select the options you want.
     
     Specifying Temporary Authorized Administrators
     
     Select this option to allow certain administrators to write
     to monitored directories during temporary authorization. You
     select from the list of monitored users. For more
     information, refer to the previous section, "Changing
     Monitored Users."
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Temporary
     Authorization | Change Temporary Authorization List.
     NetShield displays the list of currently monitored users.
     
     o  To add a monitored user to the temporary authorization
        list, press INSERT. NetShield displays a list of monitored
        users. Highlight a user, then press ENTER. NetShield adds
        the selected user to the list of temporarily authorized
        administrators.
     
     o  To remove a user from the list, highlight it, then press
        DELETE. NetShield deletes the selected user name from the
        list of temporarily authorized administrators.
     
     NetShield will permit access to protected directories only
     to users in this list, including any changes you have just
     made.
     
     Enabling Administrative Access
     
     Select this option to allow authorized administrators to
     write to a protected directory while network security
     monitoring is enabled. You might want to do this, for
     example, to install or upgrade software stored in a
     monitored directory.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Temporary
     Authorization | Enable Administrative Access. NetShield
     prompts you to enter the number of minutes you want to
     enable access.
     
     o  To enable access, type a number between 1 and 180,
        inclusive, then press ENTER. NetShield displays the time
        remaining for authorized administrators to update
        monitored directories.
     
        NOTE: If the administrative access time runs out while
        changes are being made to monitored directories, NetShield
        completes the current write operation, if any, then
        prevents additional changes.
     
     o  To disable access, enter 0, the default access time.
     
     Changing the Network Security Password
     
     You can assign a password to NetShield to ensure that only
     authorized users can access network security. The password
     is not case-sensitive, can be up to forty (40) characters
     long, and can be any mix of alphanumeric and punctuation
     characters. The password is encrypted.
     
     From the Configure Network Security menu, choose Edit
     Network Security Configuration | Change Network Security
     Password. Enter the current password, if any, then enter the
     new password. Be sure to write down your new password and
     store it in a secure location.
     
SETTING UP THE LOG FILE

     NetShield can record the results of network security
     monitoring in a log file that you can later use for auditing
     your system and investigating problems. NetShield appends
     the following information in the log file: the date and time
     of the attempt as well as the user, workstation, file, and
     target directory involved.
     
     Here is a sample entry in the log file:
     
          Wed Aug 31 17:09:14 1994
               Attempt to write file XXX.EXE to
               directory SYS:\SYSTEM\
               on server STORM by user SUPERVISOR, ID 1
               From Workstation  0000001C/0000c0cf0400  DENIED!
          
     From the Configure Network Security menu, choose Set Path
     for Log File. NetShield prompts you to specify the log file
     name and path. If the log file has not been configured, the
     default filename is NETSHLD.LOG.
     
     Type the volume, path, and name of the log file you want,
     then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the log file you want to use.
     
     5. Highlight the log file you want to use, then press
        ESCAPE. NetShield displays the volume, path, and filename
        you selected.
     
     6. Press ENTER to accept this filename, or ESCAPE to
        abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, uses the log file you specified. If the file
     does not exist, NetShield creates it automatically.
     
SAVING THE CURRENT CONFIGURATION

     Select this option to save the network security
     configuration file to disk. NetShield prompts you to
     identify the name and path of the configuration file you
     want to save. By default, NetShield uses SYS:\SYSTEM\NETSHLD.CFG.
     We recommend that you use the default path so that the 
     configuration files are easy to locate if you need to 
     investigate a problem.
     
     NOTE: The network security configuration file contains
     information about your network security setup, not about
     your NetShield virus protection configuration.
     
     From the Configure Network Security menu, choose Save
     Current Configuration to a File. NetShield prompts you to
     identify the name and path of the configuration file you
     want to save. By default, NetShield uses
     SYS:\SYSTEM\NETSHLD.CFG. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     Type the volume, path, and name of the network security file
     you want, then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the configuration file you
        want to use.
     
     5. Highlight the configuration file you want to use, then
        press ESCAPE. NetShield displays the volume, path, and
        filename you selected.
     
     6. Press ENTER to accept this filename, or ESCAPE to
        abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, writes configuration information to the
     configuration file you specified.
     
RESTORING A CONFIGURATION FROM A FILE

     Select this option to load a network security configuration
     file from disk.
     
     From the Configure Network Security menu, choose Save
     Restore Current Configuration from a File. NetShield prompts
     you to identify the name and path of the configuration file
     you want to save. By default, NetShield uses
     SYS:\SYSTEM\NETSHLD.CFG. We recommend that you use the
     default path so that the configuration files are easy to
     locate if you need to investigate a problem.
     
     Type the volume, path, and name of the configuration file
     you want, then press ENTER. Alternatively, to find the file:
     
     1. Press INSERT to display a list of available volumes.
     
     2. Highlight the volume you want, then press ENTER.
        NetShield displays a list of directories (directory names
        are enclosed in square brackets).
     
     3. Highlight the directory you want, then press ENTER.
        NetShield displays a list of subdirectories, files, or both.
     
     4. If necessary, continue selecting subdirectories until
        you select the one containing the configuration file you
        want to use.
     
     5. Highlight the configuration file you want to use, then
        press ESCAPE. NetShield displays the volume, path, and
        filename you selected.
     
     6. Press ENTER to accept this filename, or ESCAPE to
        abandon the operation.
     
     NetShield prompts you to accept your changes and, if you
     answer Yes, loads the configuration file you specified and
     uses it for subsequent monitoring.
     
ENABLING NETWORK SECURITY

     Select this option to activate or disable NetShield's
     network security feature.
     
     To change the current setting, on the Configure Network
     Security menu, highlight Current Network Security Status,
     press ENTER, then choose <ENABLED> or <DISABLED> from the prompt.

[End of file]
