February 16, 2002
John Bijnens is a CAM/CAM engineer in the KHLim - Dep. IWT which is some kind of technical university in Belgium. He gives training in Pro/E and also writes CNC postprocessors (all development is done on OS/2.)
If you have a comment about the content of this article, please feel free to vent in the OS/2 eZine discussion forums.
There is also a Printer Friendly version of this page.
|
Previous Article |
|
Next Article |
Norman and Weasel
In the KHLim, the educational institute I work for, we decided about a year ago to switch from Norton Antivirus to Norman Virus Control (NVC). Norman recently released a
brand new version NVC version 5 for OS/2 bringing it to the same level as the Windows versions. More information about this can be found at
Norman's Website.
A version of Norman Virus Control is also bundled with eComStation.
About three months ago we had a massive infection of Windows PC's in our institute with all kinds of computer viruses. Most of these infections were the result of careless
opening of email attachments by the users, and of course the use of a vulnerable email client like Outlook. As the project group I work for uses
Windows NT and Windows 98 systems as well as OS/2 systems, I was getting worried that these Windows PC's could also get infected and decided to find a way to have all the emails we receive scanned for viruses by
the mailserver. This article will discuss how this can be done.
Installation
NVC V5 can be installed on OS/2 Warp 4, OS/2 Warp Server, Workspace On-Demand and of course eComStation. Java 1.1.8 is required to run the Configuration editor, the Task editor and the Utilities modules.Command line version nvcc.exe
Using the command nvcc.exe you can check files and directories from the command line. It is this command that we'll use to create our virus filter for our mail server.If you want to scan the file myparty.com you can use the command
nvcc.exe /CP /C /N /U myparty.com
/CP : scan compressed program files
/C : scan archive files (zip, ...)
/N : suppress the default memory scan
/U : do not stop when infections are found
Using the command nvcc /? you get an overview of all the possible options.
Quarantine
You can have infected files moved to a so called quarantine area, where they are stored in a safe manner for later examination. Assuming that NVC was installed on drive C, the default directory that is used as quarantine area isC:\NORMAN\NVC\Qarantin
If you want you can specify your own directory using the NVC Configuration program. Don't forget to check the options 'Backup files to quarantine before repair' and/or 'Move unrepairable files to quarantine.
You can manage the files in the quarantine area with the aid of the Utilities program. If you select an infected file by clicking on it with the left mouse button and then pushing the right mouse button, you'll get a popup menu that lets you restore or delete the file.
Automated updating of virus signatures
I don't use the automated update function on my OS/2 server as in some cases, e.g. when some engine dll's are updated, a reboot is necessary and want that only to happen if I'm doing it myself.Automatic messaging in case of an infection
This option is only available if you have done a network installation. It makes it possible to generate a message that's sent to another machine running NVC when e.g. an infection has been detected. For more precise information I refer again to the Administration's guide. 
While this would be useful if I had many mail servers to monitor, I haven't used this message system myself.
Creation of Log Files
NVC can create log files of every scan it performs. You can configure how many log files you want and where you want to store them by using the NVC Configuration program which can be found in the folder 'Norman Virus Control' and selecting the option 'On demand scanning', tab 'Log file'. Assuming you have installed NVC on drive C the log files are by default stored inC:\NORMAN\NVC
How to have Weasel automatically check all incoming mail
If you use the excellent mail server Weasel by Peter Moylan you can have all incoming email automatically checked for viruses before they are delivered using NVC. Below I'll describe how we do this here at work.Goal :
- All infected emails have to placed into the mail box of an account with the name Contaminated. This is so we can track where the email comes from and warn the sender if possible. We can't automate this process because in many cases the virus has altered the reply address.
- If the email is infected, the mail server that sends the email to us has to be notified that the email has been rejected.
How to accomplish this :
- First of all create a user Contaminated using the Weasel setup program.
- Then specify a filter with in our case the name 'filter.cmd'
- filter.cmd
/* filter script */ PARSE ARG messagefile namefile 'c:\norman\nvc\bin\nvcc.exe /CP /C /N /U 'messagefile IF RC = 1 THEN DO lastbackslash = LASTPOS( '\',messagefile ) lengthname = LENGTH( messagefile ) filename = RIGHT( messagefile, lengthname - lastbackslash ) PARSE VAR filename name '.' extension 'copy 'messagefile' e:\Weasel\MailRoot\contaminated\'name'.MSG' EXIT 3 END ELSE EXIT 0
messagefile : a variable that contains the complete path and name of the file that contains the email thas has been received by weasel. This variable is passed by Weasel to the filter script.
If the file has a virus we do the following.
- We strip the path from this file so that only the filename is left.
- Then the extension is stripped off and a new extension .MSG is added to the name. This is done so that Weasel can recognize the file as a valid email message.
- Now the file is copied into the directory where the emails of the account contaminated are stored and a code 3 is returned, meaning that Weasel has to notify the originating mail server that the email has been rejected.
And now it is up to you to give NVC for OS/2 a try.
And if you like it, and I'm sure you will, buy this product to support the developers who are still actively writing for OS/2 and eCS.
Additional information
OS/2 eZine article on WeaselWeasel Website
Norman Virus Control for OS/2
Norman Virus Control Documentation
Download a demo version of NVC
|
Previous Article |
|
Next Article |