home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
CD Direkt 1995 #3
/
_.ISO
/
cdd
/
avirus
/
tbav_6_3
/
addendum.doc
next >
Wrap
Text File
|
1994-12-04
|
7KB
|
191 lines
Addendum.Doc
============
You will find the following information in this file:
1) Documentation of TbLanMsg
2) Renaming Anti-Vir.Dat
3) The TbScanX Application Program Interface
1) Documentation of TbLanMsg
============================
TbLanMsg is a program that forwards TBAV messages to other machines.
Its purpose is to notify helpdesks or supervisors automatically of a
possible virus. If one of the resident TBAV utilities detects a virus,
an on-line message will be send to the specified machine. Also TbScan
sends a message to the specified machine or user if it detects a virus.
TbLanMsg currently only works on Lantastic networks. Versions for other
networks will be available soon!
Usage:
TbLanMsg should be installed on any workstation from where TBAV messages
should be broadcasted in case of a virus alert. There is no limit on
the number of workstations connected. The receiving machine (i.e. the
supervisor or helpdesk) does not has to load any TBAV software, the
LANtastic (R) redirector is sufficient.
Just like the other TBAV utilities TbLanMsg can be loaded in the
Config.Sys or AutoExec.Bat file, after the TbDriver invokation.
TbLanMsg becomes activated once the Lantastic (R) redirector
(REDIR.EXE) has been installed. It is NOT required that the workstation
or supervisor have been logged on to the network. TbLanMsg is always
able to send its messages, even when all servers are down!
Command line options:
help ? =display a helpscreen
remove r =remove TbLanMsg from memory
on e =enable TbLanMsg
off d =disable TbLanMsg
test t =send test message
Options available at initial startup:
user = <username> u =user to send messages to
dest = <machine> m =machine to send messages to
Test (t)
This option can be used to transmit a test message. If you use option
'test' at the initial invocation of TbLanMsg, it will notify the
supervisor/helpdesk that TbLanMsg has been activated.
User (u)
If you use this option, the TBAV messages will be sent to the user
specified. The receiving user has to be logged on somewhere on the
network, otherwise the destination machine is is unknown. Option
'dest' is recommeded, as in this case the receiving user does not
has to be logged on in order to receive the messages.
Note: The use of one of the options 'user' or 'dest' is highly
recommended, otherwise TbLanMsg will send its messages to ALL users!
If you specify both options the TBAV messages will be send to the
specified machine only if the specified user has been logged on.
Dest (m)
If you use this option, the TBAV messages will be send to the machine
specified. You have to specify the name of the machine of the user who
should RECEIVE the TBAV messages. (The LANtastic (R) 'NET SHOW'
command will show you the name of the machine). TbLanMsg will not check
whether the entered name exists because it might be possible that that
machine is to be powered up later.
Note: The use of one of the options 'user' or 'dest' is highly
recommended, otherwise TbLanMsg will send its messages to ALL users!
If you specify both options the TBAV messages will be send to the
specified machine only if the specified user has been logged on.
Example:
Suppose you have four machines: WORK1, WORK2, HELPDESK and SERVER. If
one of the TBAV utilities detects a virus, a message has to be send to
machine HELPDESK.
Machine WORK1:
TbDriver.Exe
TbScanX.Exe
TbCheck.Exe
TbLanMsg.Exe dest=HELPDESK
AEX
Ailanbio
Redir.Exe WORK1 /Logins=2
Machine WORK2:
TbDriver.Exe
TbCheck.Exe
TbMem.Exe
TbLanMsg.Exe dest=HELPDESK
TbFile.Exe
AEX
Ailanbio
Redir.Exe WORK2 /Logins=2
Machine HELPDESK:
AEX
Ailanbio
Redir.Exe HELPDESK /Logins=2
Machine SERVER:
(Server is powered down)
Of course all users may connect to servers and log on, but it is not
required. The configuration above is sufficient to send all TBAV
messages to the helpdesk. Of course the helpdesk and server may also
load the TBAV utilities, but it is not required.
2) Renaming Anti-Vir.Dat
========================
Most of the TBAV utilities use a 'fingerprint' file named Anti-Vir.Dat.
These files are generated by TbSetup. Some users are afraid that a virus
might anticipate and delete the Anti-Vir.Dat files, and have requested
to make the name configurable.
To our opinion, renaming the Anti-Vir.Dat filename isn't the ultimate
solution: since the TBAV utilities have to find out the name somehow, a
virus could use the same method too and find out the Anti-Vir.Dat
filename too. Secondly, it would be confusing for novice users,
especially after a boot from a diskette, as the TBAV utilities will by
default assume that the fingerprint files are named Anti-Vir.Dat.
Third, if you use TbCheck, it will warn you automatically when the
Anti-Vir.Dat file is deleted, so there is actually no need to hide the
reference files.
However, if you feel you really must use a different name for security
reasons, you can do so by changing the keyword "AvFile" in the [TBAV]
section of the TBAV.INI file. All TBAV utilities will use the specified
name automatically. The support for this keyword is limited, so the
keyword can not be set from within the TBAV menu. Use an ASCII editor to
enter this keyword in the [TBAV] section.
Although all TBAV utilities will correctly use the specified filename,
they will continue to use the name 'Anti-Vir.Dat in the error messages
and on the screen, for consistency with the user manual.
NOTE! If you boot from a diskette once in a while to scan your system,
make sure that you have a TBAV.INI file on your diskette with the same
filename specification!
3) The TbScanX Application Program Interface
============================================
Before you can use any of the TbScanX API functions, make sure you have
enabled the API services by specifying 'API' on the TbScanX invocation
line!
The interface consists of some multiplex calls (int 2Fh). Register AH
should contain CAh. Register AL contains the function request number.
AL=0 InstallationCheck
BX='TB'
Return value:
AL=FFh TbScanX installed
BX='tb'
AL=4 ScanFile
DS:DX Name of the program file to be scanned.
Return value:
No Carry flag set No signature found in file.
Carry: Signature found in buffer!
ES:BX ASCIIZ-name of virus (null terminated)
Registers altered:
AX,BX,CX,DX,SI,DI,BP,ES